TLS Error and not working lmtp

Aki Tuomi aki.tuomi at dovecot.fi
Tue Dec 12 10:56:27 EET 2017



On 12.12.2017 02:59, Jakob Schürz wrote:
> Hi!
>
> I have some troubles with the virtual plugin. I run a self-compiled
> dovecot 2.2.33.2 from debian testing. I patched this version with the
> QRESYNC-Patch from a few weeks ago.
> But i always get an errormessage, when i try to open an email from a
> virtual mailbox.
>
> So i cloned the actual git-Repo and compiled dovecot and pigonehole-sieve.
>
> The problem with the virtual plugin seems gone away. But there are some
> other problems.
> I use ssl=required and with dovecot from debian TLS/SSL and STARTTLS
> works fine.
> With the selfcompiled from git, i get this error:
>
> dovecot[1284]: imap-login: Error: Failed to initialize SSL server
> context: Couldn't parse DH parameters: error:0906D06C:PEM
> routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>,
> rip=127.0.0.1, lip=127.0.0.1, secured, session=<D6bC4Rlg8ut/AAAB>
>
> The key and crt are exactly the same files as before.
>
> The second problem is, lmtp is not working. I use exactly the same
> config for the debians dovecot and dovecot from git. But in the
> gitversion the error in exim is:
>
> Failed to connect to socket /var/run/dovecot/lmtp for dovecot_lmtp
> transport: Connection refused
>
> My config is:
>
> # dovecot -n
> # 2.3.devel (b1aac3a1d): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.devel (624e1769)
> # OS: Linux 4.13.0-trunk-amd64 x86_64 Debian 9.3 btrfs
> auth_debug = yes
> auth_mechanisms = plain login cram-md5 digest-md5
> auth_socket_path = /var/run/dovecot/auth-userdb
> auth_verbose = yes
> first_valid_uid = 1000
> imap_capability = +XDOVECOT
> imap_client_workarounds = tb-extra-mailbox-sep
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> listen = *, ::1
> login_trusted_networks = 127.0.0.1/8 192.168.0.0/24 192.168.1.0/24
> 172.17.0.0/24 172.18.0.0/24
> mail_debug = yes
> mail_gid = vmail
> mail_home =  /var/mail/%u
> mail_location =
> maildir:/var/mail/%u/Maildir:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/Maildir/%u:INDEXPVT=/var/lib/dovecot/db/indexes/Maildir/%u:CONTROL=/var/lib/dovecot/db/control/Maildir/%u
> mail_plugins = zlib quota acl listescape mail_log notify virtual
> mail_privileged_group = vmail
> mail_server_admin = mailto:jakob at xundeenergie.at
> mail_shared_explicit_inbox = yes
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart extracttext
> mmap_disable = yes
> namespace {
>   hidden = no
>   inbox = no
>   list = children
>   location =
> maildir:/var/mail/mailarchiv/%u/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/mailarchiv/%u:INDEXPVT=/var/lib/dovecot/db/indexes/mailarchiv/%u
>   mailbox incoming {
>     auto = create
>   }
>   mailbox outgoing {
>     auto = create
>   }
>   prefix = Mailarchiv/
>   separator = /
>   subscriptions = no
>   type = private
> }
> namespace {
>   list = children
>   location =
> maildir:/var/mail/public/:LAYOUT=fs:INDEX=/var/lib/dovecot/db/indexes/public/%u:INDEXPVT=/var/lib/dovecot/db/indexes/public/%u
>   prefix = Roseggergasse/
>   separator = /
>   subscriptions = no
>   type = public
> }
> namespace Geteilt {
>   hidden = no
>   inbox = no
>   list = children
>   location =
> maildir:/var/mail/%%u/Maildir:LAYOUT=fs:INDEXPVT=/var/lib/dovecot/db/indexes/shared/%u/%%u:INDEX=/var/lib/dovecot/db/indexes/shared/%u/%%u
>   prefix = Geteilt/%%n/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace Real {
>   hidden = yes
>   list = no
>   location =
> virtual:/var/mail/real:INDEX=/var/lib/dovecot/db/indexes/real/%u
>   prefix = Real/
>   separator = /
>   subscriptions = no
> }
> namespace Synoptic {
>   hidden = no
>   list = children
>   location =
> virtual:/var/mail/virtual:INDEX=/var/lib/dovecot/db/indexes/virtual/%u
>   mailbox INBOX/Archives {
>     auto = no
>     special_use = \Archive
>   }
>   mailbox INBOX/Drafts {
>     auto = no
>     special_use = \Drafts
>   }
>   mailbox INBOX/Entwürfe {
>     auto = no
>     special_use = \Drafts
>   }
>   mailbox INBOX/Junk {
>     auto = no
>     special_use = \Junk
>   }
>   mailbox INBOX/Sent {
>     auto = no
>     special_use = \Sent
>   }
>   mailbox INBOX/Spam {
>     auto = no
>     special_use = \Junk
>   }
>   prefix = Synoptic/
>   separator = /
>   subscriptions = no
> }
> namespace inbox {
>   hidden = no
>   inbox = yes
>   location =
>   mailbox Archiv {
>     auto = no
>     special_use = \Archive
>   }
>   mailbox Archive {
>     auto = no
>     special_use = \Archive
>   }
>   mailbox Archives {
>     auto = no
>     special_use = \Archive
>   }
>   mailbox "Deleted Messages" {
>     auto = no
>     special_use = \Trash
>   }
>   mailbox Drafts {
>     auto = no
>     special_use = \Drafts
>   }
>   mailbox Entwürfe {
>     auto = no
>     special_use = \Drafts
>   }
>   mailbox "Gelöschte Elemente" {
>     auto = no
>     special_use = \Trash
>   }
>   mailbox "Gelöschte Objekte" {
>     auto = no
>     special_use = \Trash
>   }
>   mailbox Gesendet {
>     auto = no
>     special_use = \Sent
>   }
>   mailbox "Gesendete Elemente" {
>     auto = no
>     special_use = \Sent
>   }
>   mailbox "Gesendete Objekte" {
>     auto = no
>     special_use = \Sent
>   }
>   mailbox Important {
>     auto = no
>   }
>   mailbox Junk {
>     auto = subscribe
>     autoexpunge = 30 days
>     special_use = \Junk
>   }
>   mailbox Mistkübel {
>     auto = no
>     special_use = \Trash
>   }
>   mailbox Papierkorb {
>     auto = no
>     special_use = \Trash
>   }
>   mailbox Sent {
>     auto = subscribe
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     auto = no
>     special_use = \Sent
>   }
>   mailbox Spam {
>     auto = no
>     special_use = \Junk
>   }
>   mailbox Synoptic/Alle {
>     auto = no
>     comment = All my messages
>     special_use = \All
>   }
>   mailbox Trash {
>     auto = no
>     special_use = \Trash
>   }
>   mailbox Wichtig {
>     auto = create
>   }
>   prefix = INBOX/
>   separator = /
>   subscriptions = no
>   type = private
> }
> namespace subscriptions {
>   hidden = yes
>   list = no
>   location =
>   prefix =
>   subscriptions = yes
> }
> passdb {
>   args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/users
>   driver = passwd-file
> }
> plugin {
>   acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=300
>   acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
>   mail_home =  /var/mail/%u
>   setting_name = sieve, managedsieve
>   sieve = file:/var/mail/%u/sieve/;active=/var/mail/%u/sieve/%u.sieve
> }
> postmaster_address = postmaster at localhost
> protocols = imap pop3 lmtp imap lmtp sieve pop3 sieve
> service anvil {
>   unix_listener anvil-auth-penalty {
>     mode = 00
>   }
> }
> service auth {
>   unix_listener auth-client {
>     group = vmail
>     mode = 0666
>     user = vmail
>   }
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0666
>     user = vmail
>   }
> }
> service imap-login {
>   inet_listener imap {
>     port = 143
>   }
>   inet_listener imaps {
>     port = 993
>     ssl = yes
>   }
>   process_min_avail = 1
>   service_count = 1
> }
> service imap {
>   executable = imap postlogin
>   process_limit = 1024
>   vsz_limit = 400 M
> }
> service lmtp {
>   executable = lmtp -L
>   user = vmail
>   vsz_limit = 400 M
> }
> service postlogin {
>   executable = script-login -d rawlog
> }
> ssl = required
> ssl_cert = </usr/local/etc/dovecot/dovecot.crt
> ssl_key =  # hidden, use -P to show it
> userdb {
>   args = username_format=%u /usr/local/etc/dovecot/users
>   default_fields = home=/var/mail/%u
>   driver = passwd-file
> }
> verbose_proctitle = yes
> verbose_ssl = yes
> protocol lmtp {
>   auth_username_format = %n
>   mail_plugins = zlib quota acl listescape mail_log notify virtual quota
> sieve acl
> }
> protocol lda {
>   mail_plugins = zlib quota acl listescape mail_log notify virtual quota
> sieve acl
> }
> protocol imap {
>   mail_max_userip_connections = 10
>   mail_plugins = zlib quota acl listescape mail_log notify virtual
> imap_quota imap_acl
> }
>
> Any ideas
>
> jakob
>

With v2.3 you are required to provide ssl_dh=</path/to/dh.pem yourself.

You can generate suitable parameters with openssl gendh 2048 (or 4096).
Make sure you run it on something that has plenty of entropy available,
it will take some time.

Aki


More information about the dovecot mailing list