Re: sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21 Aug 2019, at 07:12, Kristijan Savic - ratiokontakt GmbH wrote: > ssl3 > Any ide what could be causing it? Old MUAs or bad settings on the MUA. SSLv3 should not be used. You should NOT try to add support for SSLv3. -- "Alas, earwax.”
Trying to install Mailcrypt, receive completely blank emails
Hi - perhaps someone can help me.
Starting from a good and well-functioning mailserver setup, I have installed
MailCrypt as per the instructions (I think) to have the per-user passworded
keys setup.
dovecot.conf
/Added:/
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_plugins = $mail_plugins mail_crypt
dovecot-sql.conf.ext
/commented this/ #password_query = SELECT email as user, password FROM
virtual_users WHERE email='%u';
/Added this/
password_query = SELECT \
email as user, password, \
'%w' AS userdb_mail_crypt_private_password \
FROM virtual_users WHERE email='%u';
90-plugin.conf
/Updated this section/
plugin {
mail_crypt_curve = secp521r1
mail_crypt_save_version = 2
/Have also tried all configurations this option set
/#mail_crypt_require_encrypted_user_key = yes
}
/The user is in the mailserver SQL database:/
| user | password
| userdb_mail_crypt_private_password |
+--+++
| user@domain |
4t63ttt36tt3rt6r763r76t8998t858t4y48ht4huu4hti.76876t847t47yt4ty478yt4wgwygfwffweggwy8yey83//FElgiApZU.
| %w
/I have reissued the keys as other problem resolutions have instructed to
do, and I can see the new keys are active./
doveadm -o plugin/mail_crypt_private_password=(same password as user@domain
when created in SQL) mailbox cryptokey generate -u user@domain -UR
/I have restarted dovecot and postfix each time./
/I then send an email either from the user@domain > user@domain OR
otheruser@otherdomain > user@domain from Outlook. Authentication is fine
(POP and SMTP).
No errors appear in any logs - the logs show the mail as being received and
I can see the mail in the user@domain /cur folder. If I try to Postcat any
of these messages I get:/
postcat '1*2.M**3.(host),S=633,W=649:2,S'
*** ENVELOPE RECORDS 1*2.M*3.(host),S=633,W=649:2,S ***
message_size: YPTED
postcat: fatal: invalid size record: YPTED???
*/Within a minute or so I receive the email in the Outlook Inbox - except it
is completely empty of anything.
There is no TO / FROM/ SUBJECT / Body or even Routing information. See
screencaps from Outlook/*
/This happens with existing user mailboxes and new test mailboxes I create.
If I deactivate Mailcrypt all mailboxes/user-accounts work fine.
Any ideas???
I would like to get the working - thanks in advance for your expertise and
time!/
Graham
--
Sent from: http://dovecot.2317879.n4.nabble.com/
Re: sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21/8/2019 18:51, Kristijan Savic - ratiokontakt GmbH via dovecot wrote: SSL3 is no longer included in the cipher sets. Try this: ssl_min_protocol = SSLv3 Thanks. Unfortunately, no dice - same error. Any other tips? I was under the impression "no shared cipher" was rather the problem? Yes this is exactly the problem but the error is specific to SSL3 shared ciphers. routines:ssl3_get_client_hello:no shared cipher You may also want to add this ssl_cipher_list = ALL Basically you should focus as to why SSL3 ciphers are not activated. If the above parameter did not work, it is very possible the openssl distribution you have has not included SSL3 support at all. You may have to do some recompiling if this is the case. If your old clients are only from your internal net and you do not provide any ISP like services you may consider upgrading the clients as you will have quite often issues such as this one in the near future as SSL3 support and below is in the process of being dropped from almost everything.
Re: sometimes no shared cipher after upgrade from 2.2 to 2.3
> SSL3 is no longer included in the cipher sets. Try this: > > ssl_min_protocol = SSLv3 Thanks. Unfortunately, no dice - same error. Any other tips? I was under the impression "no shared cipher" was rather the problem? signature.asc Description: This is a digitally signed message part.
Re: sometimes no shared cipher after upgrade from 2.2 to 2.3
Am 2019-08-21 15:39, schrieb Lefteris Tsintjelis via dovecot: [ ... ] SSL3 is no longer included in the cipher sets. Try this: ssl_min_protocol = SSLv3 Instead of doing that I recommend to identify the users and teaching them to use a current OS / mail client. SSLv3 should not be used by anyone. Alexander
Re: sometimes no shared cipher after upgrade from 2.2 to 2.3
On 21/8/2019 16:12, Kristijan Savic - ratiokontakt GmbH via dovecot wrote: We recently upgraded from dovecot 2.2 to 2.3.7.1-1 Not many, but some users are experiencing difficulties. The dovecot directors log: Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session= Any ide what could be causing it? SSL3 is no longer included in the cipher sets. Try this: ssl_min_protocol = SSLv3
sometimes no shared cipher after upgrade from 2.2 to 2.3
We recently upgraded from dovecot 2.2 to 2.3.7.1-1 Not many, but some users are experiencing difficulties. The dovecot directors log: Aug 21 14:28:49 director01 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=redacted, lip=10.0.0.120, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session= Any ide what could be causing it? Thanks, Kristijan signature.asc Description: This is a digitally signed message part.
Re: imapsieve suddenly not working anymore
Found the solution. Mail was copied/moved to mailbox INBOX.Spam instead of SPAM. cheers, t. On 2019-08-21 13:01, Thomas Stein via dovecot wrote: On 2019-08-21 12:30, Thomas Stein via dovecot wrote: Setting logging to debug reveals something is happening but the actual scripts do not run i suppose. Aug 21 11:54:23 imap(himbeere)<31571>: Debug: Mailbox INBOX: Mailbox opened because: SELECT Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: mailbox INBOX.Spam: MOVE event Maybe that's the problem? The "MOVE" event instead of a "COPY" event? Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Pigeonhole version 0.5.7.1 (db5c74be) initializing Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam' from=`*' causes=(COPY FLAG) => before=`file:/usr/share/dovecot/sieve/report-spam.sieve' after=(none) Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: Static mailbox rule [2]: mailbox=`*' from=`Spam' causes=(COPY) => before=`file:/usr/share/dovecot/sieve/report-ham.sieve' after=(none) Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: prefetch Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: access Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: MIME part Aug 21 11:54:24 imap(himbeere)<31571>: Info: Logged out in=427 out=4207 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=507 body_count=1 body_bytes On 2019-08-20 17:33, Thomas Stein via dovecot wrote: Hello one and all. Dovecot version 2.3.7.1 I've configured imapsieve like https://wiki.dovecot.org/HowTo/AntispamWithSieve a while a go and it worked for years now. Suddenly i noticed moving mails to the spamfolder does not trigger the report-spam.sieve script anymore. sieve-test gives: ~/.maildir/.Spam/cur $ sieve-test /usr/share/dovecot/sieve/report-spam.sieve 1542388745.M99384P16720.meine-oma.de\,S\=8173\,W\=8373\:2\,S -D sieve-test(himbeere): Debug: sieve: Pigeonhole version 0.5.7.1 (db5c74be) initializing sieve-test(himbeere): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. sieve-test(himbeere): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded sieve-test(himbeere): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded debug: file storage: Using Sieve script path: /usr/share/dovecot/sieve/report-spam.sieve. debug: file script: Opened script `report-spam' from `/usr/share/dovecot/sieve/report-spam.sieve'. debug: Script binary /usr/share/dovecot/sieve/report-spam.svbin successfully loaded. debug: binary save: not saving binary /usr/share/dovecot/sieve/report-spam.svbin, because it is already stored. report-spam: error: the imapsieve extension cannot be used outside IMAP. sieve-test(himbeere): Info: final result: failed; resolved with successful implicit keep ~/.maildir/.Spam/cur $ I'm not sure the "the imapsieve extension cannot be used outside IMAP" is the error already or thats only because the sieve-test script. Any ideas on that? cheers, t.
Re: imapsieve suddenly not working anymore
On 2019-08-21 12:30, Thomas Stein via dovecot wrote: Setting logging to debug reveals something is happening but the actual scripts do not run i suppose. Aug 21 11:54:23 imap(himbeere)<31571>: Debug: Mailbox INBOX: Mailbox opened because: SELECT Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: mailbox INBOX.Spam: MOVE event Maybe that's the problem? The "MOVE" event instead of a "COPY" event? Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Pigeonhole version 0.5.7.1 (db5c74be) initializing Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam' from=`*' causes=(COPY FLAG) => before=`file:/usr/share/dovecot/sieve/report-spam.sieve' after=(none) Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: Static mailbox rule [2]: mailbox=`*' from=`Spam' causes=(COPY) => before=`file:/usr/share/dovecot/sieve/report-ham.sieve' after=(none) Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: prefetch Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: access Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: MIME part Aug 21 11:54:24 imap(himbeere)<31571>: Info: Logged out in=427 out=4207 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=507 body_count=1 body_bytes On 2019-08-20 17:33, Thomas Stein via dovecot wrote: Hello one and all. Dovecot version 2.3.7.1 I've configured imapsieve like https://wiki.dovecot.org/HowTo/AntispamWithSieve a while a go and it worked for years now. Suddenly i noticed moving mails to the spamfolder does not trigger the report-spam.sieve script anymore. sieve-test gives: ~/.maildir/.Spam/cur $ sieve-test /usr/share/dovecot/sieve/report-spam.sieve 1542388745.M99384P16720.meine-oma.de\,S\=8173\,W\=8373\:2\,S -D sieve-test(himbeere): Debug: sieve: Pigeonhole version 0.5.7.1 (db5c74be) initializing sieve-test(himbeere): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. sieve-test(himbeere): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded sieve-test(himbeere): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded debug: file storage: Using Sieve script path: /usr/share/dovecot/sieve/report-spam.sieve. debug: file script: Opened script `report-spam' from `/usr/share/dovecot/sieve/report-spam.sieve'. debug: Script binary /usr/share/dovecot/sieve/report-spam.svbin successfully loaded. debug: binary save: not saving binary /usr/share/dovecot/sieve/report-spam.svbin, because it is already stored. report-spam: error: the imapsieve extension cannot be used outside IMAP. sieve-test(himbeere): Info: final result: failed; resolved with successful implicit keep ~/.maildir/.Spam/cur $ I'm not sure the "the imapsieve extension cannot be used outside IMAP" is the error already or thats only because the sieve-test script. Any ideas on that? cheers, t.
Re: imapsieve suddenly not working anymore
Setting logging to debug reveals something is happening but the actual scripts do not run i suppose. Aug 21 11:54:23 imap(himbeere)<31571>: Debug: Mailbox INBOX: Mailbox opened because: SELECT Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: mailbox INBOX.Spam: MOVE event Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Pigeonhole version 0.5.7.1 (db5c74be) initializing Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded Aug 21 11:54:23 imap(himbeere)<31569>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam' from=`*' causes=(COPY FLAG) => before=`file:/usr/share/dovecot/sieve/report-spam.sieve' after=(none) Aug 21 11:54:23 imap(himbeere)<31569>: Debug: imapsieve: Static mailbox rule [2]: mailbox=`*' from=`Spam' causes=(COPY) => before=`file:/usr/share/dovecot/sieve/report-ham.sieve' after=(none) Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: prefetch Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: access Aug 21 11:54:24 imap(himbeere)<31571>: Debug: Mailbox INBOX: UID 132668: Opened mail because: MIME part Aug 21 11:54:24 imap(himbeere)<31571>: Info: Logged out in=427 out=4207 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=507 body_count=1 body_bytes On 2019-08-20 17:33, Thomas Stein via dovecot wrote: Hello one and all. Dovecot version 2.3.7.1 I've configured imapsieve like https://wiki.dovecot.org/HowTo/AntispamWithSieve a while a go and it worked for years now. Suddenly i noticed moving mails to the spamfolder does not trigger the report-spam.sieve script anymore. sieve-test gives: ~/.maildir/.Spam/cur $ sieve-test /usr/share/dovecot/sieve/report-spam.sieve 1542388745.M99384P16720.meine-oma.de\,S\=8173\,W\=8373\:2\,S -D sieve-test(himbeere): Debug: sieve: Pigeonhole version 0.5.7.1 (db5c74be) initializing sieve-test(himbeere): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. sieve-test(himbeere): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded sieve-test(himbeere): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.7.1 (db5c74be) loaded debug: file storage: Using Sieve script path: /usr/share/dovecot/sieve/report-spam.sieve. debug: file script: Opened script `report-spam' from `/usr/share/dovecot/sieve/report-spam.sieve'. debug: Script binary /usr/share/dovecot/sieve/report-spam.svbin successfully loaded. debug: binary save: not saving binary /usr/share/dovecot/sieve/report-spam.svbin, because it is already stored. report-spam: error: the imapsieve extension cannot be used outside IMAP. sieve-test(himbeere): Info: final result: failed; resolved with successful implicit keep ~/.maildir/.Spam/cur $ I'm not sure the "the imapsieve extension cannot be used outside IMAP" is the error already or thats only because the sieve-test script. Any ideas on that? cheers, t.
