Dovecot (doveadm, ssl, sync) - SSL error

Philipp Faeustlin philipp.faeustlin at uni-hohenheim.de
Tue Jan 8 18:15:46 EET 2019 

Zitat von Arkadiusz Majewski <majewsa at gmail.com>:

> Hello!
>
>
>
> dsync SSL still doesn't work for replication, so I've disabled it and tried
> to sync without.
>
> But I have a problem with temp directory.
>
>
>
> Is it possible to change path to temp folder?
>
> I don't want to set permissions but change temporary folder for replication.
>
> Thanks in advance.
>
>
>
>
>
> dovecot: doveadm: Error: safe_mkstemp(/tmp/dovecot.doveadm.) failed:
> Permission denied
>
>
>
>
>
> Arkadiusz Majewski
>
>
>
> From: Arkadiusz Majewski <majewsa at gmail.com>
> Sent: Sunday, December 3, 2017 7:38 PM
> To: 'dovecot at dovecot.org' <dovecot at dovecot.org>
> Subject: Dovecot (doveadm, ssl, sync) - SSL error
>
>
>
> Hello!
>
> I've got a problem to run syncing between both dovecot services on the
> separate servers.
> The error indicates to the problem with SSL.
>
> Directly using openssl command to connect from one server to other and vice
> versa is passed without any errors.
>
>
>
> OS: FreeBSD 11.1-RELEASE-p4
>
> Dovecot: 2.2.33.2_2 and the older one dovecot-2.2.32.1_1 (or similar) -
> build by ports.
>
> OpenSSL: 1.0.2k-freebsd 26 Jan 2017
>
>
>
> dovecot: doveadm(10.18.1.15): Error: doveadm client disconnected before
> handshake: SSL_accept() failed: error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol

I had the same error, some days ago, while testing replication.

For me with dovecot 2.2.36 the solution was, to change the  
mail_replica address from

mail_replica = tcp:HOSTNAME:PORT

to

mail_replica = tcps:HOSTNAME:PORT

Best regards

Philipp
>
>
>
> dovecot.conf (on both servers):
>
>
>
> mail_plugins = $mail_plugins notify replication
>
>
>
> service replicator {
>
>   process_min_avail = 1
>
> }
>
>
>
> service aggregator {
>
>   fifo_listener replication-notify-fifo {
>
>     user = dovecot
>
>   }
>
>   unix_listener replication-notify {
>
>     user = dovecot
>
>   }
>
> }
>
>
>
> service replicator {
>
>   unix_listener replicator-doveadm {
>
>     mode = 0600
>
>   }
>
> }
>
>
>
> replication_max_conns = 10
>
>
>
> service doveadm {
>
>   inet_listener {
>
>     port = 12130
>
>         ssl = yes
>
>   }
>
> }
>
>
>
> ssl = required
> ssl_protocols = SSLv3 TLSv1 TLSv1.1 TLSv1.2
> ssl_cert = </usr/local/etc/dovecot/ssl/cert.crt
> ssl_key = </usr/local/etc/dovecot/ssl/cert.key
> ssl_client_ca_file = </usr/local/etc/dovecot/ssl/ca.pem
> ssl_client_ca_dir = /usr/local/etc/dovecot/ssl
>
>
>
>
>
> Thank you in advance for any help.
>
>
>
> Kind Regards,
>
> Arkadiusz Majewski

More information about the dovecot mailing list