[Dovecot] Jul 06 00:06:15 dict: Error: dict client: Broken handshake

Dennis Clarke dclarke at blastwave.org
Tue Jul 6 03:15:27 EEST 2010


After building and install dovecot I then made my own self signed SSL
certs and placed them carefully into the correct places :

Thus :

# grep -v "^#" dovecot-openssl.cnf | grep -v "^$"
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CA
ST=Ontario
L=Toronto
O=Blastwave
OU=IMAP server
CN=titan.blastwave.org
emailAddress=postmaster at blastwave.org
[ cert_type ]
nsCertType = server

# /opt/csw/bin/openssl req -new -x509 -nodes -config ./dovecot-openssl.cnf
-out /etc/opt/csw/dovecot/certs/dovecot.pem -keyout
/etc/opt/csw/dovecot/private/dovecot.pem -days 365
Generating a 1024 bit RSA private key
...........................++++++
....................++++++
writing new private key to '/etc/opt/csw/dovecot/private/dovecot.pem'
-----
# ls -l /etc/opt/csw/dovecot/certs/dovecot.pem
/etc/opt/csw/dovecot/private/dovecot.pem
-rw-r--r--   1 root     other       1050 Jul  5 23:58
/etc/opt/csw/dovecot/certs/dovecot.pem
-rw-r--r--   1 root     other        887 Jul  5 23:58
/etc/opt/csw/dovecot/private/dovecot.pem
#

I then checked things out with a dovecot -n :

# /opt/csw/sbin/dovecot -n
# 1.2.12: /etc/opt/csw/dovecot/dovecot.conf
Warning: fd limit 256 is lower than what Dovecot can use under full load
(more than 576). Either grow the limit or change login_max_processes_count
and max_mail_processes settings
# OS: SunOS 5.8 i86pc
base_dir: /var/opt/csw/dovecot/
log_path: /var/opt/csw/dovecot/error.log
info_log_path: /var/opt/csw/dovecot/message.log
ssl_cert_file: /etc/opt/csw/dovecot/certs/dovecot.pem
ssl_key_file: /etc/opt/csw/dovecot/private/dovecot.pem
login_dir: /var/opt/csw/dovecot
login_executable: /opt/csw/libexec/dovecot/imap-login
login_greeting: Dovecot from Blastwave.org is ready.
login_max_processes_count: 64
mail_location: mbox:%h/mail:INBOX=/var/mail/%u
auth default:
  passdb:
    driver: pam
  userdb:
    driver: passwd

Other than the warning it looks ready to run.

I fire up the init script :

# /etc/opt/csw/init.d/cswdovecot start
dovecot service starting.

ps -ef confirms that things are happening :

# ps -ef
     UID   PID  PPID  C    STIME TTY      TIME CMD
    root     0     0  0   Jun 15 ?        0:16 sched
    root     1     0  0   Jun 15 ?        0:24 /etc/init -
    root     2     0  0   Jun 15 ?        0:00 pageout
    root     3     0  0   Jun 15 ?       10:37 fsflush
    root   331     1  0   Jun 15 ?        0:00 /usr/lib/saf/sac -t 300
    root   334   331  0   Jun 15 ?        0:00 /usr/lib/saf/ttymon
    root   153     1  0   Jun 15 ?        0:00 /usr/sbin/rpcbind
    root   392   196  0   Jun 16 ?        0:00 in.telnetd
    root    75     1  0   Jun 15 ?        0:00 /usr/lib/sysevent/syseventd
    root   149     1  0   Jun 15 ?        0:43 /usr/lib/ldap/ldap_cachemgr
    root   199     1  0   Jun 15 ?        0:00 /usr/lib/autofs/automountd
    root   156     1  0   Jun 15 ?        0:00 /usr/sbin/keyserv
    root   196     1  0   Jun 15 ?        0:00 /usr/sbin/inetd -s
  daemon   198     1  0   Jun 15 ?        0:00 /usr/lib/nfs/statd
    root   234     1  0   Jun 15 ?        0:08 /usr/lib/inet/xntpd
    root   226     1  0   Jun 15 ?        0:00 /usr/sbin/cron
    root   202   199  0   Jun 15 ?        0:42 /usr/lib/autofs/automountd
    root   194     1  0   Jun 15 ?        0:00 /usr/lib/nfs/lockd
    root   239     1  0   Jun 15 ?        0:00 /usr/lib/lpsched
    root   266   265  0   Jun 15 ?        0:00 /usr/sbin/cs00
    root   251     1  0   Jun 15 ?        0:00 /usr/lib/power/powerd
    root   265     1  0   Jun 15 ?        0:00 /usr/sbin/cssd
    root   225     1  0   Jun 15 ?        0:00 /usr/sbin/syslogd
    root   267     1  0   Jun 15 ?        0:00 /usr/bin/fgd
    root   264     1  0   Jun 15 ?        0:00 /usr/lib/utmpd
    root   290   288  0   Jun 15 ?        0:00 htt_server -port 9010
-syslog -message_locale C
    root   275     1  0   Jun 15 ?        0:00
/usr/lib/locale/ja/wnn/dpkeyserv
    root   281     1  0   Jun 15 ?        0:00 /usr/lib/locale/ja/wnn/jserver
    root   282   281  0   Jun 15 ?        0:00
/usr/lib/locale/ja/wnn/jserver_m
    root   288     1  0   Jun 15 ?        0:00 /usr/lib/im/htt -port 9010
-syslog -message_locale C
    root   297     1  0   Jun 15 ?        0:00
/usr/lib/locale/ja/atokserver/atokmngdaemon
    root   320   317  0   Jun 15 ?        6:33 mibiisa -r -p 3200
    root  5500     1  0   Jun 16 console  0:00 -sh
    root   317     1  0   Jun 15 ?        0:00 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
    root   325     1  0   Jun 15 ?        0:00 /usr/lib/dmi/snmpXdmid -s
titan
    root   324     1  0   Jun 15 ?        0:00 /usr/lib/dmi/dmispd
    root 11633 11624  0 00:02:40 ?        0:00 dovecot-auth -w
    root 11624     1  1 00:02:39 ?        0:00 /opt/csw/sbin/dovecot -c
/etc/opt/csw/dovecot/dovecot.conf
sysadmin   394   392  0   Jun 16 pts/1    0:09 -sh
    root 10182  5500  0   Jun 19 console  0:00 /opt/csw/bin/bash
 dclarke 10759 10717  0 18:02:33 pts/2    0:01 /opt/csw/bin/bash
    root 16188 16185  0   Jun 23 pts/3    0:01 -sh
    root 10713 10703  0 18:01:21 ?        0:02 /opt/csw/sbin/sshd -f
/etc/opt/csw/ssh/sshd_config -R
    root 11626 11624  0 00:02:39 ?        0:00 dovecot-auth
 dovecot 11629 11624  2 00:02:40 ?        0:01 imap-login
    root 11635 16188  1 00:02:44 pts/3    0:00 ps -ef
    root 10703     1  0 17:56:08 ?        0:00 /opt/csw/sbin/sshd -f
/etc/opt/csw/ssh/sshd_config
    root 11634 11624  0 00:02:40 ?        0:00 dovecot-auth -w
 dclarke 10717 10715  0 18:01:38 pts/2    0:00 -sh
 dovecot 11628 11624  2 00:02:40 ?        0:01 imap-login
    root 11631 11624  5 00:02:40 ?        0:02 dict
 dclarke 10715 10713  0 18:01:37 ?        0:14 /opt/csw/sbin/sshd -f
/etc/opt/csw/ssh/sshd_config -R
    root 11627 11624  0 00:02:40 ?        0:00 dovecot-auth -w
    root 11625 11624 11 00:02:39 ?        0:05 ssl-build-param
/var/opt/csw/dovecot/lib/dovecot/ssl-parameters.dat
 dovecot 11630 11624  2 00:02:40 ?        0:01 imap-login
    root 10175     1  0   Jun 19 ?        0:00 /opt/trustedhost/sbin/sshd
-f /opt/trustedhost/etc/ssh/sshd_config
    root 11632 11624  0 00:02:40 ?        0:00 dovecot-auth -w

I look in the area for logging and see :

# ls -lap /var/opt/csw/dovecot/
total 7292
drwxr-x---   3 root     dovecot      512 Jul  6 00:02 ./
drwxr-xr-x   6 root     bin          512 Jul  5 23:40 ../
srw-------   1 root     other          0 Jul  6 00:02 auth-worker.11626
srw-rw----   1 root     dovecot        0 Jul  6 00:02 default
srwxrwxrwx   1 root     other          0 Jul  6 00:02 dict-server
lrwxrwxrwx   1 root     other         33 Jul  6 00:02 dovecot.conf ->
/etc/opt/csw/dovecot/dovecot.conf
-rw-------   1 root     other    3720949 Jul  6 00:04 error.log
drwxr-x---   3 root     other        512 Jul  6 00:02 lib/
-rw-------   1 root     other          6 Jul  6 00:02 master.pid
-rw-------   1 root     other        171 Jul  6 00:02 message.log

Why is there a symlink to the dovecot.conf I have no idea but far more
intersting is the very large error.log.

# tail -f /var/opt/csw/dovecot/error.log
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
.
.
.
many many lines.

About 100,000 lines of that.

The message.log looks innocent :

# cat /var/opt/csw/dovecot/message.log
Jul 06 00:02:39 dovecot: Info: Dovecot v1.2.12 starting up
Jul 06 00:02:39 dovecot: Info: Generating Diffie-Hellman parameters for
the first time. This may take a while..

What's up with that "Broken handshake" ??

-- 
Dennis




More information about the dovecot mailing list