[Dovecot] TLS handshake errors, frozen IMAP

[Ben Beuchler]

Another new issue has cropped up with my rc1 - rc31 upgrade:

This morning, right around the typical morning email surge, Dovecot
stopped accepting new IMAP connections.  I didn't get a chance to do
much troubleshooting and a restart of Dovecot fixed it.  The only
thing I've been able to find in the logs is a bunch of entries like
this one:

Apr 10 09:11:36 cliff dovecot: imap-login: Disconnected:
rip=150.253.80.90, lip=150.253.10.10, TLS handshake
Apr 10 09:11:36 cliff dovecot: imap-login: Disconnected:
rip=150.253.80.208, lip=150.253.10.10, TLS handshake
Apr 10 09:11:37 cliff dovecot: imap-login: Disconnected:
rip=150.253.91.156, lip=150.253.10.10, TLS handshake

And a few like this:
Apr 10 09:17:48 cliff dovecot: imap-login: Disconnected: Shutting
down: rip=66.93.16.227, lip=150.253.10.10, TLS handshake

Any idea what that might indicate?

-Ben

Re: [Dovecot] TLS handshake errors, frozen IMAP

[Timo Sirainen]

On Tue, 2007-04-10 at 10:34 -0500, Ben Beuchler wrote:
 Apr 10 09:11:36 cliff dovecot: imap-login: Disconnected:
 rip=150.253.80.90, lip=150.253.10.10, TLS handshake

This means that client started SSL/TLS handshake, but it wasn't
finished. Why that might happen, I don't really know. verbose_ssl=yes
might show something, but just as well might not.

Do you have login_process_per_connection=yes? If so and if it happened
to all connections, there was something wrong with the global state.

Hmm. Do you see something like this in the error log:

Waiting for SSL parameter file



signature.asc
Description: This is a digitally signed message part