Hi folks,
on a Rocky Linux 8.6 based home server I run Dovecot with an account
that I use as an archive. Archive means, that from different Thunderbird
instances I connect to that Dovecot via IMAPS to move emails there, that
I want to keep. Since some days from all Thunderbird instances I can no
longer connect to that Dovecot account. In /var/log/maillog of the
server I see
Sep 14 06:39:54 server3 dovecot[2033173]: imap-login: Disconnected:
Connection closed: SSL_accept() failed: error:14094412:SSL
routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number
42 (no auth attempts in 0 secs): user=<>, rip=192.168.177.105,
lip=192.168.177.13, TLS handshaking: SSL_accept() failed:
error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:
SSL alert number 42, session=
I found that Openssl alert number 42 might be a problem with the SSL
certificate (which certificate?) but also might be an expired SSL
certificate (which certificate?). As on the Dovecot installation I work
with a self signed certificat. I created a new self signed certificate
yesterday with an expiry not before year 2032. That did not help, I see
the same messages when I try to connect from Thunderbird.
Just to see how Thunderbird is involved in the problem I installed
Claws-Mail. From Claws-Mail I do NOT have those problems, I can access
to Dovecot via IMAPS as expected.
I do not understand why all my Thunderbird installations can no longer
access Dovecot via IMAPS. This worked fine for about 18 months. I can't
prove but I think on beginning of month it worked fine. Something
happened meanwhile.
If there is a problem with an SSL certificate (bad certificate: SSL
alert number 42), which certificate makes the problem? The certificate
used by Dovecot or some certificate used in Thunderbird?
About installation:
cat /etc/redhat-release
Rocky Linux release 8.6 (Green Obsidian)
dovecot --version
2.3.16 (7e2e900c1a)
sudo dovecot -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# OS: Linux 4.18.0-372.19.1.el8_6.x86_64 x86_64 Rocky Linux
release 8.6 (Green Obsidian)
# Hostname: ...
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
first_valid_uid = 1000
mail_debug = yes
mail_gid = vmail
mail_location = maildir:~/Maildir
mail_privileged_group = vmail
mail_uid = vmail
mbox_write_locks = fcntl
namespace {
inbox = yes
location =
mailbox Archives {
special_use = \Archive
}
prefix = INBOX/
separator = /
type = private
}
passdb {
args = scheme=CRYPT username_format=%u /etc/dovecot/users
driver = passwd-file
}
protocols = imap
service imap-login {
inet_listener imap {
port = 0
}
}
ssl = required
ssl_cert = I have the problem with different Thunderbird installations on various
operating systems (Windows 10, Fedora Linux 36 XFCE).
Regards,
Meikel