TLS Error and not working lmtp
Hi!
I have some troubles with the virtual plugin. I run a self-compiled dovecot 2.2.33.2 from debian testing. I patched this version with the QRESYNC-Patch from a few weeks ago. But i always get an errormessage, when i try to open an email from a virtual mailbox.
So i cloned the actual git-Repo and compiled dovecot and pigonehole-sieve.
The problem with the virtual plugin seems gone away. But there are some other problems. I use ssl=required and with dovecot from debian TLS/SSL and STARTTLS works fine. With the selfcompiled from git, i get this error:
dovecot[1284]: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<D6bC4Rlg8ut/AAAB>
The key and crt are exactly the same files as before.
The second problem is, lmtp is not working. I use exactly the same config for the debians dovecot and dovecot from git. But in the gitversion the error in exim is:
Failed to connect to socket /var/run/dovecot/lmtp for dovecot_lmtp transport: Connection refused
My config is:
# dovecot -n # 2.3.devel (b1aac3a1d): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.devel (624e1769) # OS: Linux 4.13.0-trunk-amd64 x86_64 Debian 9.3 btrfs auth_debug = yes auth_mechanisms = plain login cram-md5 digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes first_valid_uid = 1000 imap_capability = +XDOVECOT imap_client_workarounds = tb-extra-mailbox-sep lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = *, ::1 login_trusted_networks = 127.0.0.1/8 192.168.0.0/24 192.168.1.0/24 172.17.0.0/24 172.18.0.0/24 mail_debug = yes mail_gid = vmail mail_home = /var/mail/%u mail_location = maildir:/var/mail/%u/Maildir:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/Maildir/%u:INDEXPVT=/var/lib/dovecot/db/indexes/Maildir/%u:CONTROL=/var/lib/dovecot/db/control/Maildir/%u mail_plugins = zlib quota acl listescape mail_log notify virtual mail_privileged_group = vmail mail_server_admin = mailto:jakob@xundeenergie.at mail_shared_explicit_inbox = yes mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mmap_disable = yes namespace { hidden = no inbox = no list = children location = maildir:/var/mail/mailarchiv/%u/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/mailarchiv/%u:INDEXPVT=/var/lib/dovecot/db/indexes/mailarchiv/%u mailbox incoming { auto = create } mailbox outgoing { auto = create } prefix = Mailarchiv/ separator = / subscriptions = no type = private } namespace { list = children location = maildir:/var/mail/public/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/public/%u:INDEXPVT=/var/lib/dovecot/db/indexes/public/%u prefix = Roseggergasse/ separator = / subscriptions = no type = public } namespace Geteilt { hidden = no inbox = no list = children location = maildir:/var/mail/%%u/Maildir:LAYOUT=fs:INDEXPVT=/var/lib/dovecot/db/indexes/shared/%u/%%u:INDEX=/var/lib/dovecot/db/indexes/shared/%u/%%u prefix = Geteilt/%%n/ separator = / subscriptions = no type = shared } namespace Real { hidden = yes list = no location = virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u prefix = Real/ separator = / subscriptions = no } namespace Synoptic { hidden = no list = children location = virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u mailbox INBOX/Archives { auto = no special_use = \Archive } mailbox INBOX/Drafts { auto = no special_use = \Drafts } mailbox INBOX/Entwürfe { auto = no special_use = \Drafts } mailbox INBOX/Junk { auto = no special_use = \Junk } mailbox INBOX/Sent { auto = no special_use = \Sent } mailbox INBOX/Spam { auto = no special_use = \Junk } prefix = Synoptic/ separator = / subscriptions = no } namespace inbox { hidden = no inbox = yes location = mailbox Archiv { auto = no special_use = \Archive } mailbox Archive { auto = no special_use = \Archive } mailbox Archives { auto = no special_use = \Archive } mailbox "Deleted Messages" { auto = no special_use = \Trash } mailbox Drafts { auto = no special_use = \Drafts } mailbox Entwürfe { auto = no special_use = \Drafts } mailbox "Gelöschte Elemente" { auto = no special_use = \Trash } mailbox "Gelöschte Objekte" { auto = no special_use = \Trash } mailbox Gesendet { auto = no special_use = \Sent } mailbox "Gesendete Elemente" { auto = no special_use = \Sent } mailbox "Gesendete Objekte" { auto = no special_use = \Sent } mailbox Important { auto = no } mailbox Junk { auto = subscribe autoexpunge = 30 days special_use = \Junk } mailbox Mistkübel { auto = no special_use = \Trash } mailbox Papierkorb { auto = no special_use = \Trash } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = no special_use = \Junk } mailbox Synoptic/Alle { auto = no comment = All my messages special_use = \All } mailbox Trash { auto = no special_use = \Trash } mailbox Wichtig { auto = create } prefix = INBOX/ separator = / subscriptions = no type = private } namespace subscriptions { hidden = yes list = no location = prefix = subscriptions = yes } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users driver = passwd-file } plugin { acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db mail_home = /var/mail/%u setting_name = sieve, managedsieve sieve = file:/var/mail/%u/sieve/;active=/var/mail/%u/sieve/%u.sieve } postmaster_address = postmaster@localhost protocols = imap pop3 lmtp imap lmtp sieve pop3 sieve service anvil { unix_listener anvil-auth-penalty { mode = 00 } } service auth { unix_listener auth-client { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 1 service_count = 1 } service imap { executable = imap postlogin process_limit = 1024 vsz_limit = 400 M } service lmtp { executable = lmtp -L user = vmail vsz_limit = 400 M } service postlogin { executable = script-login -d rawlog } ssl = required ssl_cert = </usr/local/etc/dovecot/dovecot.crt ssl_key = # hidden, use -P to show it userdb { args = username_format=%u /usr/local/etc/dovecot/users default_fields = home=/var/mail/%u driver = passwd-file } verbose_proctitle = yes verbose_ssl = yes protocol lmtp { auth_username_format = %n mail_plugins = zlib quota acl listescape mail_log notify virtual quota sieve acl } protocol lda { mail_plugins = zlib quota acl listescape mail_log notify virtual quota sieve acl } protocol imap { mail_max_userip_connections = 10 mail_plugins = zlib quota acl listescape mail_log notify virtual imap_quota imap_acl }
Any ideas
jakob
On 12.12.2017 02:59, Jakob Schürz wrote:
Hi!
I have some troubles with the virtual plugin. I run a self-compiled dovecot 2.2.33.2 from debian testing. I patched this version with the QRESYNC-Patch from a few weeks ago. But i always get an errormessage, when i try to open an email from a virtual mailbox.
So i cloned the actual git-Repo and compiled dovecot and pigonehole-sieve.
The problem with the virtual plugin seems gone away. But there are some other problems. I use ssl=required and with dovecot from debian TLS/SSL and STARTTLS works fine. With the selfcompiled from git, i get this error:
dovecot[1284]: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<D6bC4Rlg8ut/AAAB>
The key and crt are exactly the same files as before.
The second problem is, lmtp is not working. I use exactly the same config for the debians dovecot and dovecot from git. But in the gitversion the error in exim is:
Failed to connect to socket /var/run/dovecot/lmtp for dovecot_lmtp transport: Connection refused
My config is:
# dovecot -n # 2.3.devel (b1aac3a1d): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.devel (624e1769) # OS: Linux 4.13.0-trunk-amd64 x86_64 Debian 9.3 btrfs auth_debug = yes auth_mechanisms = plain login cram-md5 digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_verbose = yes first_valid_uid = 1000 imap_capability = +XDOVECOT imap_client_workarounds = tb-extra-mailbox-sep lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = *, ::1 login_trusted_networks = 127.0.0.1/8 192.168.0.0/24 192.168.1.0/24 172.17.0.0/24 172.18.0.0/24 mail_debug = yes mail_gid = vmail mail_home = /var/mail/%u mail_location = maildir:/var/mail/%u/Maildir:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/Maildir/%u:INDEXPVT=/var/lib/dovecot/db/indexes/Maildir/%u:CONTROL=/var/lib/dovecot/db/control/Maildir/%u mail_plugins = zlib quota acl listescape mail_log notify virtual mail_privileged_group = vmail mail_server_admin = mailto:jakob@xundeenergie.at mail_shared_explicit_inbox = yes mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mmap_disable = yes namespace { hidden = no inbox = no list = children location = maildir:/var/mail/mailarchiv/%u/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/mailarchiv/%u:INDEXPVT=/var/lib/dovecot/db/indexes/mailarchiv/%u mailbox incoming { auto = create } mailbox outgoing { auto = create } prefix = Mailarchiv/ separator = / subscriptions = no type = private } namespace { list = children location = maildir:/var/mail/public/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/public/%u:INDEXPVT=/var/lib/dovecot/db/indexes/public/%u prefix = Roseggergasse/ separator = / subscriptions = no type = public } namespace Geteilt { hidden = no inbox = no list = children location = maildir:/var/mail/%%u/Maildir:LAYOUT=fs:INDEXPVT=/var/lib/dovecot/db/indexes/shared/%u/%%u:INDEX=/var/lib/dovecot/db/indexes/shared/%u/%%u prefix = Geteilt/%%n/ separator = / subscriptions = no type = shared } namespace Real { hidden = yes list = no location = virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u prefix = Real/ separator = / subscriptions = no } namespace Synoptic { hidden = no list = children location = virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u mailbox INBOX/Archives { auto = no special_use = \Archive } mailbox INBOX/Drafts { auto = no special_use = \Drafts } mailbox INBOX/Entwürfe { auto = no special_use = \Drafts } mailbox INBOX/Junk { auto = no special_use = \Junk } mailbox INBOX/Sent { auto = no special_use = \Sent } mailbox INBOX/Spam { auto = no special_use = \Junk } prefix = Synoptic/ separator = / subscriptions = no } namespace inbox { hidden = no inbox = yes location = mailbox Archiv { auto = no special_use = \Archive } mailbox Archive { auto = no special_use = \Archive } mailbox Archives { auto = no special_use = \Archive } mailbox "Deleted Messages" { auto = no special_use = \Trash } mailbox Drafts { auto = no special_use = \Drafts } mailbox Entwürfe { auto = no special_use = \Drafts } mailbox "Gelöschte Elemente" { auto = no special_use = \Trash } mailbox "Gelöschte Objekte" { auto = no special_use = \Trash } mailbox Gesendet { auto = no special_use = \Sent } mailbox "Gesendete Elemente" { auto = no special_use = \Sent } mailbox "Gesendete Objekte" { auto = no special_use = \Sent } mailbox Important { auto = no } mailbox Junk { auto = subscribe autoexpunge = 30 days special_use = \Junk } mailbox Mistkübel { auto = no special_use = \Trash } mailbox Papierkorb { auto = no special_use = \Trash } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = no special_use = \Sent } mailbox Spam { auto = no special_use = \Junk } mailbox Synoptic/Alle { auto = no comment = All my messages special_use = \All } mailbox Trash { auto = no special_use = \Trash } mailbox Wichtig { auto = create } prefix = INBOX/ separator = / subscriptions = no type = private } namespace subscriptions { hidden = yes list = no location = prefix = subscriptions = yes } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users driver = passwd-file } plugin { acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db mail_home = /var/mail/%u setting_name = sieve, managedsieve sieve = file:/var/mail/%u/sieve/;active=/var/mail/%u/sieve/%u.sieve } postmaster_address = postmaster@localhost protocols = imap pop3 lmtp imap lmtp sieve pop3 sieve service anvil { unix_listener anvil-auth-penalty { mode = 00 } } service auth { unix_listener auth-client { group = vmail mode = 0666 user = vmail } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 1 service_count = 1 } service imap { executable = imap postlogin process_limit = 1024 vsz_limit = 400 M } service lmtp { executable = lmtp -L user = vmail vsz_limit = 400 M } service postlogin { executable = script-login -d rawlog } ssl = required ssl_cert = </usr/local/etc/dovecot/dovecot.crt ssl_key = # hidden, use -P to show it userdb { args = username_format=%u /usr/local/etc/dovecot/users default_fields = home=/var/mail/%u driver = passwd-file } verbose_proctitle = yes verbose_ssl = yes protocol lmtp { auth_username_format = %n mail_plugins = zlib quota acl listescape mail_log notify virtual quota sieve acl } protocol lda { mail_plugins = zlib quota acl listescape mail_log notify virtual quota sieve acl } protocol imap { mail_max_userip_connections = 10 mail_plugins = zlib quota acl listescape mail_log notify virtual imap_quota imap_acl }
Any ideas
jakob
With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself.
You can generate suitable parameters with openssl gendh 2048 (or 4096). Make sure you run it on something that has plenty of entropy available, it will take some time.
Aki
Am 2017-12-12 um 09:56 schrieb Aki Tuomi:
On 12.12.2017 02:59, Jakob Schürz wrote:
Hi!
[...]
With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself.
You can generate suitable parameters with openssl gendh 2048 (or 4096). Make sure you run it on something that has plenty of entropy available, it will take some time.
Thanks for the Info. This was a challange for me... Is this correct to put this option additionally to ssl_key and ssl_cert in the config? And it must be the parameter-File, not a cert or key?
At least i had to change some paths to the new installation-path /usr/local/... in exim and dovecot conf. /var/run/dovecot is in /usr/local/var/run/dovecot, if i compile it from git and install it with make install.
But now, it is working. Thanks for the info
Jakob
On 13.12.2017 02:59, Jakob Schürz wrote:
Am 2017-12-12 um 09:56 schrieb Aki Tuomi:
On 12.12.2017 02:59, Jakob Schürz wrote:
Hi!
[...]
With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself.
You can generate suitable parameters with openssl gendh 2048 (or 4096). Make sure you run it on something that has plenty of entropy available, it will take some time. Thanks for the Info. This was a challange for me... Is this correct to put this option additionally to ssl_key and ssl_cert in the config? And it must be the parameter-File, not a cert or key?
At least i had to change some paths to the new installation-path /usr/local/... in exim and dovecot conf. /var/run/dovecot is in /usr/local/var/run/dovecot, if i compile it from git and install it with make install.
But now, it is working. Thanks for the info
Jakob
It must be a separate file, yes.
Also you can probably omit the paths from your config, as they usually come from defaults.
Aki
participants (2)
-
Aki Tuomi
-
Jakob Schürz