doveadm backup from gmail with imapc

Ben Mulvihill ben.mulvihill at gmail.com
Tue Mar 31 13:43:08 EEST 2020


On Tue, 2020-03-31 at 09:06 +0300, Aki Tuomi wrote:
> > 
> > On 30/03/2020 22:11 Ben Mulvihill <ben.mulvihill at gmail.com> wrote:
> > 
> >  
> > I am trying to backup a gmail account (not the one I am writing
> > from)
> > to dovecot, using doveadm-backup and imapc, but am having ssl
> > connection problems.
> > 
> > ted at expectation:~# doveadm backup -D -R -u ted imapc:
> > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
> > 74.125.71.108:993 (local 10.7.1.179:53852)
> > dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected
> > unexpectedly: SSL_connect() failed: error:14094410:SSL
> > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert
> > number 40 - reconnecting (delay 0 ms)
> > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
> > 74.125.71.109:993 (local 10.7.1.179:59052)
> > dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected
> > unexpectedly: SSL_connect() failed: error:14094410:SSL
> > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert
> > number 40 - disconnecting
> > dsync(ted): Error: User initialization failed: imapc: Login to
> > imap.gmail.com failed: Disconnected from serv
> > 
> > 
> > I am using dovecot version 2.2.33.2 on ubuntu, with the
> > configuration below.
> > I have also enabled "allow access from unsecure apps" in my
> > gmail settings.
> > 
> > My first thought looking at the error messages was has that
> > perhaps doveadm-backup was trying to connect with ssl3, which
> > is no longer supported by gmail or anyone else nowadays.
> > But apparently the ssl3_read_bytes function in openssl also
> > handles tls, so the reference to ssl3 in the message is
> > misleading, and the real problem must be elsewhere.
> > 
> > If anyone can help me debug this I'd be grateful.
> > 
> > Many thanks, 
> > Ben
> > 
> > root at expectation:/etc/dovecot# doveconf -N
> > # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
> Hi!
> 
> This is very old version of dovecot so this could be a bug that has
> been fixed in more recent version.
> 
> Can you verify that you have the required CA certs with
> 
> openssl s_client -connect imap.gmail.com:993 -servername
> imap.gmail.com -CApath /etc/ssl/certs
> 
> and make sure the cert gets validated by openssl.
> 
> If it does, then you should probably consider upgrading to some more
> recent version. We provide packages at https://repo.dovecot.org if
> you are able to upgrade.
> 
> Aki

Hi Aki!

I checked the CA certificate and it was validated OK, so I
followed your suggestion and installed dovecot version 2.3.10
from the dovecot repository (the version I was using previously
was the latest available in my distribution).

The ssl handshake now completes successfully. I have hit 
further problems later in the process, but I'll investigate
myself first and then maybe post again with the details if
I am still stuck.


Thank you for your help!

Ben


More information about the dovecot mailing list