doveadm backup from gmail with imapc

Aki Tuomi aki.tuomi at open-xchange.com
Tue Mar 31 09:06:35 EEST 2020 

> On 30/03/2020 22:11 Ben Mulvihill <ben.mulvihill at gmail.com> wrote:
> 
>  
> I am trying to backup a gmail account (not the one I am writing from)
> to dovecot, using doveadm-backup and imapc, but am having ssl
> connection problems.
> 
> ted at expectation:~# doveadm backup -D -R -u ted imapc:
> dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
> 74.125.71.108:993 (local 10.7.1.179:53852)
> dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected
> unexpectedly: SSL_connect() failed: error:14094410:SSL
> routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert
> number 40 - reconnecting (delay 0 ms)
> dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
> 74.125.71.109:993 (local 10.7.1.179:59052)
> dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected
> unexpectedly: SSL_connect() failed: error:14094410:SSL
> routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert
> number 40 - disconnecting
> dsync(ted): Error: User initialization failed: imapc: Login to
> imap.gmail.com failed: Disconnected from serv
> 
> 
> I am using dovecot version 2.2.33.2 on ubuntu, with the
> configuration below.
> I have also enabled "allow access from unsecure apps" in my
> gmail settings.
> 
> My first thought looking at the error messages was has that
> perhaps doveadm-backup was trying to connect with ssl3, which
> is no longer supported by gmail or anyone else nowadays.
> But apparently the ssl3_read_bytes function in openssl also
> handles tls, so the reference to ssl3 in the message is
> misleading, and the real problem must be elsewhere.
> 
> If anyone can help me debug this I'd be grateful.
> 
> Many thanks, 
> Ben
> 
> root at expectation:/etc/dovecot# doveconf -N
> # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf

Hi!

This is very old version of dovecot so this could be a bug that has been fixed in more recent version.

Can you verify that you have the required CA certs with

openssl s_client -connect imap.gmail.com:993 -servername imap.gmail.com -CApath /etc/ssl/certs

and make sure the cert gets validated by openssl.

If it does, then you should probably consider upgrading to some more recent version. We provide packages at https://repo.dovecot.org if you are able to upgrade.

Aki

More information about the dovecot mailing list