date:20200430

Replicating to an older version

2020-04-30 Thread Francis Augusto Medeiros-Logeay


Hi everyone,

I have two servers running dovecot, both at version 2.2.33.2. One is a 
an mx-backup and they replicate to each other.


I am moving the main server to a new VPS instance, and I'm planning the 
move carefully, including running dovecot on a container (Docker).


I am basing my container on Ubuntu 20.04, and the dovecot that installs 
is the 2.3.7.2.


My question is: will replication work ok once configured? Reading the 
documentation for version upgrade there was nothing on this. I will 
eventually upgrade the "slave" server, but it might take a few weeks.


Any tips on this would be greatly appreciated.

Best,

Francis

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread Joseph Tam


On Thu, 30 Apr 2020, hanas...@gmail.com wrote:


Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42


According to this


https://serverfault.com/questions/806141/is-the-alert-ssl3-read-bytessslv3-alert-bad-certificate-indicating-that-the-s

this error comes about when you specify the client must authenticate with
their own certificate.  If your Dveocot setup is working with Evolution, have
you ported the client certificate to the Thunderbird setup?

Joseph Tam

Replicating to an older version

2020-04-30 Thread Francis Augusto Medeiros-Logeay


Hi everyone,

I have two servers running dovecot, both at version 2.2.33.2. One is a 
an mx-backup and they replicate to each other.


I am moving the main server to a new VPS instance, and I'm planning the 
move carefully, including running dovecot on a container (Docker).


I am basing my container on Ubuntu 20.04, and the dovecot that installs 
is the 2.3.7.2.


My question is: will replication work ok once configured? Reading the 
documentation for version upgrade there was nothing on this. I will 
eventually upgrade the "slave" server, but it might take a few weeks.


Any tips on this would be greatly appreciated.

Best,

Francis

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread hanas...@gmail.com


I would expect the public cert to be imported as a "server" not an "auth"

The attached image shows that TBird wants an httpS url for a webserver, 
for the source.


Ages ago, I think it prompted for "do you want to trust this new cert" 
and YES added it (assuming that is the public key) to the server list.  
A bit confused by this.




On 4/30/20 2:41 PM, Aki Tuomi wrote:

I see. You need to import the cert into thundebird's trusted ca certs.

Aki
On 30/04/2020 21:36 hanas...@gmail.com  
mailto:hanas...@gmail.com>> wrote:



Hello,

This is a selfsigned cert. Both of the below methods were used.

May I ask for 1. pointer to info setting up "intermediate certs" and
where the certfile goes?

The objective is to generate a self-signed cert and use it for just
internal use with IMAPS dovecot.

Separately, what are your thoughts as to why evolution works and
thunderbird does not?

Thank you,

==1

openssl genrsa -out key.pem 2048

openssl req -new -sha512 -key key.pem -out csr.csr

openssl req -x509 -sha512 -days 365 -key key.pem -in csr.csr -out
certificate.pem
openssl req -in csr.csr -text -noout | grep -i "Signature.*SHA" && echo

==2
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout
mykey.key -out mycert.pem


On 4/30/20 8:11 AM, Aki Tuomi wrote:
On 30/04/2020 14:49 hanas...@gmail.com  
>
mailto:hanas...@gmail.com> 
>> wrote:

>>
>> Recently thunderbird and Dovecot IMAPS cannot agree on SSL however
>> Evolution, on the exact same system, is working fine with the same
>> accounts. Tried recreating the Dovecot cert and also the thunderbird
>> accounts from scratch. The OpenSSL raw client works fine as well.
>>
>> Would someone also confirm the openssl commands to create a selfsigned
>> cert for dovecot imaps. They cert created does work with evolution;
>> just not thunderbird.
>>
>> Thoughts?
>>
>> Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
>> failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
>> certificate: SSL alert number 42
>> Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth 
attempts in

>> 0 secs): user=<>, rip=000, lip= TLS handshaking: SSL_accept()
>> failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
>> certificate: SSL alert number 42, session=<-->
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1:
>> before SSL initialization
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> before SSL initialization
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

>> before SSL initialization
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> before SSL initialization
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> SSLv3/TLS read client hello
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> SSLv3/TLS write server hello
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> SSLv3/TLS write change cipher spec
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> TLSv1.3 write encrypted extensions
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> SSLv3/TLS write certificate
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> TLSv1.3 write server certificate verify
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> SSLv3/TLS write finished
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, 
ret=1:

>> TLSv1.3 early data
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

>> TLSv1.3 early data
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

>> TLSv1.3 early data
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

>> TLSv1.3 early data
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

>> TLSv1.3 early data
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004,
>> ret=554: fatal bad certificate
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

>> error
>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
>> failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
>> certificate: SSL alert number 42
>> Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth
>> attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking:
>> SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3
>> alert bad certificate: SSL alert number 42, session=<--->
>>
>> reference
>> http://forums.debian.net/viewtopic.php?f=5=145849 

>>

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread Reio Remma

For internal use I've installed the private CA cert on whatever clients 
I'm using (Thunderbird, browsers). That way you don't need to make 
exceptions every time a certificate changes.


Good luck,
Reio

On 30.04.2020 21:36, hanas...@gmail.com wrote:

Hello,

This is a selfsigned cert.  Both of the below methods were used.

May I ask for 1. pointer to info setting up "intermediate certs" and 
where the certfile goes?


The objective is to generate a self-signed cert and use it for just 
internal use with IMAPS dovecot.


Separately, what are your thoughts as to why evolution works and 
thunderbird does not?


Thank you,

==1
openssl genrsa -out key.pem 2048
openssl req -new -sha512 -key key.pem -out csr.csr
openssl req -x509 -sha512 -days 365 -key key.pem -in csr.csr -out 
certificate.pem

openssl req -in csr.csr -text -noout | grep -i "Signature.*SHA" && echo

==2
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout 
mykey.key -out mycert.pem



On 4/30/20 8:11 AM, Aki Tuomi wrote:


On 30/04/2020 14:49 hanas...@gmail.com  
mailto:hanas...@gmail.com>> wrote:



Recently thunderbird and Dovecot IMAPS cannot agree on SSL however
Evolution, on the exact same system, is working fine with the same
accounts. Tried recreating the Dovecot cert and also the thunderbird
accounts from scratch. The OpenSSL raw client works fine as well.

Would someone also confirm the openssl commands to create a selfsigned
cert for dovecot imaps. They cert created does work with evolution;
just not thunderbird.

Thoughts?

Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42
Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth 
attempts in

0 secs): user=<>, rip=000, lip= TLS handshaking: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42, session=<-->
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS read client hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write server hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write change cipher spec
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 write encrypted extensions
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 write server certificate verify
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write finished
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004,
ret=554: fatal bad certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, 
ret=-1:

error
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42
Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking:
SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate: SSL alert number 42, session=<--->

reference
http://forums.debian.net/viewtopic.php?f=5=145849 



You are missing intermediate certs from your certfile. Put them after 
cert in order towards root.


---
Aki Tuomi

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread Aki Tuomi


I see. You need to import the cert into thundebird's trusted ca certs.AkiOn 30/04/2020 21:36 hanas...@gmail.com  wrote:Hello,This is a selfsigned cert. Both of the below methods were used.May I ask for 1. pointer to info setting up "intermediate certs" andwhere the certfile goes?The objective is to generate a self-signed cert and use it for justinternal use with IMAPS dovecot.Separately, what are your thoughts as to why evolution works andthunderbird does not?Thank you,==1openssl genrsa -out key.pem 2048openssl req -new -sha512 -key key.pem -out csr.csropenssl req -x509 -sha512 -days 365 -key key.pem -in csr.csr -outcertificate.pemopenssl req -in csr.csr -text -noout | grep -i "Signature.*SHA" && echo==2openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyoutmykey.key -out mycert.pemOn 4/30/20 8:11 AM, Aki Tuomi wrote:On 30/04/2020 14:49 hanas...@gmail.com hanas...@gmail.com>> wrote: Recently thunderbird and Dovecot IMAPS cannot agree on SSL however>> Evolution, on the exact same system, is working fine with the same>> accounts. Tried recreating the Dovecot cert and also the thunderbird>> accounts from scratch. The OpenSSL raw client works fine as well. Would someone also confirm the openssl commands to create a selfsigned>> cert for dovecot imaps. They cert created does work with evolution;>> just not thunderbird. Thoughts? Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept()>> failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad>> certificate: SSL alert number 42>> Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth attempts in>> 0 secs): user=<>, rip=000, lip= TLS handshaking: SSL_accept()>> failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad>> certificate: SSL alert number 42, session=<-->>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1:>> before SSL initialization>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> before SSL initialization>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:>> before SSL initialization>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> before SSL initialization>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> SSLv3/TLS read client hello>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> SSLv3/TLS write server hello>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> SSLv3/TLS write change cipher spec>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> TLSv1.3 write encrypted extensions>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> SSLv3/TLS write certificate>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> TLSv1.3 write server certificate verify>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> SSLv3/TLS write finished>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:>> TLSv1.3 early data>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:>> TLSv1.3 early data>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:>> TLSv1.3 early data>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:>> TLSv1.3 early data>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:>> TLSv1.3 early data>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004,>> ret=554: fatal bad certificate>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:>> error>> Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept()>> failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad>> certificate: SSL alert number 42>> Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth>> attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking:>> SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3>> alert bad certificate: SSL alert number 42, session=<---> reference>> http://forums.debian.net/viewtopic.php?f=5=145849>> You are missing intermediate certs from your certfile. Put them aftercert in order towards root.---Aki Tuomi---
Aki Tuomi

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread hanas...@gmail.com


Hello,

This is a selfsigned cert.  Both of the below methods were used.

May I ask for 1. pointer to info setting up "intermediate certs" and 
where the certfile goes?


The objective is to generate a self-signed cert and use it for just 
internal use with IMAPS dovecot.


Separately, what are your thoughts as to why evolution works and 
thunderbird does not?


Thank you,

==1 

openssl genrsa -out key.pem 2048 

openssl req -new -sha512 -key key.pem -out csr.csr 

openssl req -x509 -sha512 -days 365 -key key.pem -in csr.csr -out 
certificate.pem

openssl req -in csr.csr -text -noout | grep -i "Signature.*SHA" && echo

==2
openssl req -newkey rsa:4096 -sha512 -x509 -days 365 -nodes -keyout 
mykey.key -out mycert.pem



On 4/30/20 8:11 AM, Aki Tuomi wrote:


On 30/04/2020 14:49 hanas...@gmail.com  
mailto:hanas...@gmail.com>> wrote:



Recently thunderbird and Dovecot IMAPS cannot agree on SSL however
Evolution, on the exact same system, is working fine with the same
accounts. Tried recreating the Dovecot cert and also the thunderbird
accounts from scratch. The OpenSSL raw client works fine as well.

Would someone also confirm the openssl commands to create a selfsigned
cert for dovecot imaps. They cert created does work with evolution;
just not thunderbird.

Thoughts?

Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42
Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth attempts in
0 secs): user=<>, rip=000, lip= TLS handshaking: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42, session=<-->
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS read client hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write server hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write change cipher spec
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 write encrypted extensions
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 write server certificate verify
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
SSLv3/TLS write finished
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004,
ret=554: fatal bad certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:
error
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept()
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad
certificate: SSL alert number 42
Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking:
SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3
alert bad certificate: SSL alert number 42, session=<--->

reference
http://forums.debian.net/viewtopic.php?f=5=145849 



You are missing intermediate certs from your certfile. Put them after 
cert in order towards root.


---
Aki Tuomi

<>

sender rewriting scheme

2020-04-30 Thread Mathieu Gosset

Hello,

 

I would like to know if dovecot/pigeonhole provide a way to do sieve
redirection with sender rewriting scheme (srs)?

I apologize in advance if that e-mail address isn't meant for assistance,
but  I've asked on the official irc channel on freenode and was told to
direct my query to dovecot@dovecot.org, I hope you won't mind.

Thanking you in advance

 

Best Regards

 

Mathieu Gosset

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread Aki Tuomi


On 30/04/2020 14:49 hanas...@gmail.com  wrote:Recently thunderbird and Dovecot IMAPS cannot agree on SSL howeverEvolution, on the exact same system, is working fine with the sameaccounts. Tried recreating the Dovecot cert and also the thunderbirdaccounts from scratch. The OpenSSL raw client works fine as well.Would someone also confirm the openssl commands to create a selfsignedcert for dovecot imaps. They cert created does work with evolution;just not thunderbird.Thoughts?Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept()failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert badcertificate: SSL alert number 42Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth attempts in0 secs): user=<>, rip=000, lip= TLS handshaking: SSL_accept()failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert badcertificate: SSL alert number 42, session=<-->Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1:before SSL initializationApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:before SSL initializationApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:before SSL initializationApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:before SSL initializationApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:SSLv3/TLS read client helloApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:SSLv3/TLS write server helloApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:SSLv3/TLS write change cipher specApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:TLSv1.3 write encrypted extensionsApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:SSLv3/TLS write certificateApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:TLSv1.3 write server certificate verifyApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:SSLv3/TLS write finishedApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1:TLSv1.3 early dataApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:TLSv1.3 early dataApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:TLSv1.3 early dataApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:TLSv1.3 early dataApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:TLSv1.3 early dataApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004,ret=554: fatal bad certificateApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1:errorApr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept()failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert badcertificate: SSL alert number 42Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no authattempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking:SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3alert bad certificate: SSL alert number 42, session=<--->referencehttp://forums.debian.net/viewtopic.php?f=5=145849You are missing intermediate certs from your certfile. Put them after cert in order towards root.---
Aki Tuomi

Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

2020-04-30 Thread hanas...@gmail.com

Recently thunderbird and Dovecot IMAPS cannot agree on SSL however 
Evolution, on the exact same system, is working fine with the same 
accounts. Tried recreating the Dovecot cert and also the thunderbird 
accounts from scratch. The OpenSSL raw client works fine as well.


Would someone also confirm the openssl commands to create a selfsigned 
cert for dovecot imaps.  They cert created does work with evolution; 
just not thunderbird.


Thoughts?

Apr 8 18:10:18 hh dovecot: imap-login: Debug: SSL error: SSL_accept() 
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad 
certificate: SSL alert number 42
Apr 8 18:10:18 hh dovecot: imap-login: Disconnected (no auth attempts in 
0 secs): user=<>, rip=000, lip= TLS handshaking: SSL_accept() 
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad 
certificate: SSL alert number 42, session=<-->
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x10, ret=1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
before SSL initialization
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS read client hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write server hello
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write change cipher spec
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
TLSv1.3 write encrypted extensions
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
TLSv1.3 write server certificate verify
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
SSLv3/TLS write finished
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
TLSv1.3 early data
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL alert: where=0x4004, 
ret=554: fatal bad certificate
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: 
error
Apr 8 18:10:19 hh dovecot: imap-login: Debug: SSL error: SSL_accept() 
failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad 
certificate: SSL alert number 42
Apr 8 18:10:19 firewall dovecot: imap-login: Disconnected (no auth 
attempts in 0 secs): user=<>, rip=000, lip=00, TLS handshaking: 
SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 
alert bad certificate: SSL alert number 42, session=<--->


reference
http://forums.debian.net/viewtopic.php?f=5=145849

Replicating to an older version

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

Replicating to an older version

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

sender rewriting scheme

Re: Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK

10 matches

Site Navigation

Mail list logo

Footer information