RE: Mailbox connection fails: Connection closed (No commands sent) Help please
Try https://wiki.mozilla.org/Thunderbird:Debugging Aki > On 08/12/2021 15:04 post...@aecperformance.com wrote: > > > OK I'm confused. It looks like I'm connected to the mailbox but when I try to > 'Get Messages' now it says that the server has disconnected. > In the mail.log file I see this (again): > Dec 8 12:55:43 softlinksys dovecot: imap-login: Login: user=, method=PLAIN, > rip=67.8.3.170, lip=194.163.45.150, mpid=67110, TLS, session= > Dec 8 12:55:43 softlinksys dovecot: imap-login: Login: user=, method=PLAIN, > rip=67.8.3.170, lip=194.163.45.150, mpid=67111, TLS, session= > Dec 8 12:55:43 softlinksys dovecot: imap(smok...@sizzelicks.com)<67110>: > Connection closed (No commands sent) in=0 out=387 deleted=0 expunged=0 > trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 > Dec 8 12:55:43 softlinksys dovecot: imap(smok...@sizzelicks.com)<67111>: > Connection closed (No commands sent) in=0 out=388 deleted=0 expunged=0 > trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 > > Please help me. > How can I fix this problem? > > -Original Message- > From: dovecot On Behalf Of Robert L Mathews > Sent: Tuesday, December 7, 2021 7:46 PM > To: dovecot@dovecot.org > Subject: Re: Mailbox connection fails: Connection closed (No commands sent) > Help please > > On 12/7/21 2:49 PM, Alexander Dalloz wrote: > > > Use a not expired certificate. > > > > $ openssl s_client -connect 194.163.45.150:993 > > CONNECTED(0003) > > depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify > > error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT > > That error's happening because you (Alexander) are using an old openssl > version that has the problem described on: > > https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ > > That's not the problem that the original poster is having unless Thunderbird > also has the same problem, which it may; see: > > > https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049 > > > https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/ > > In any case, this works fine with OpenSSL 1.1 or later: > > $ openssl s_client -connect mail.sizzelicks.com:993 > ... > * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. > > -- > Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
RE: Mailbox connection fails: Connection closed (No commands sent) Help please
OK I'm confused. It looks like I'm connected to the mailbox but when I try to 'Get Messages' now it says that the server has disconnected. In the mail.log file I see this (again): Dec 8 12:55:43 softlinksys dovecot: imap-login: Login: user=, method=PLAIN, rip=67.8.3.170, lip=194.163.45.150, mpid=67110, TLS, session= Dec 8 12:55:43 softlinksys dovecot: imap-login: Login: user=, method=PLAIN, rip=67.8.3.170, lip=194.163.45.150, mpid=67111, TLS, session= Dec 8 12:55:43 softlinksys dovecot: imap(smok...@sizzelicks.com)<67110>: Connection closed (No commands sent) in=0 out=387 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Dec 8 12:55:43 softlinksys dovecot: imap(smok...@sizzelicks.com)<67111>: Connection closed (No commands sent) in=0 out=388 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0 Please help me. How can I fix this problem? -Original Message- From: dovecot On Behalf Of Robert L Mathews Sent: Tuesday, December 7, 2021 7:46 PM To: dovecot@dovecot.org Subject: Re: Mailbox connection fails: Connection closed (No commands sent) Help please On 12/7/21 2:49 PM, Alexander Dalloz wrote: > Use a not expired certificate. > > $ openssl s_client -connect 194.163.45.150:993 > CONNECTED(0003) > depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify > error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT That error's happening because you (Alexander) are using an old openssl version that has the problem described on: <https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ That's not the problem that the original poster is having unless Thunderbird also has the same problem, which it may; see: <https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049> https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049 <https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/> https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/ In any case, this works fine with OpenSSL 1.1 or later: $ openssl s_client -connect mail.sizzelicks.com:993 ... * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. -- Robert L Mathews, Tiger Technologies, <http://www.tigertech.net/> http://www.tigertech.net/
RE: Mailbox connection fails: Connection closed (No commands sent) Help please
I could really use some help here please. VPS Ubuntu 20.04 postfix 3.4.13 and dovecot 2.3.7.2 I have an email address: smok...@sizzelicks.com <mailto:smok...@sizzelicks.com> on the VPS. When I try to log into the smok...@sizzelicks.com <mailto:smok...@sizzelicks.com> mailbox from Thunderbird I see that it's connected but then get a message saying the server disconnected saying: "The server may have gone down or there may have been an network problem" When I look at syslog on the VPS I see this: Dec 8 23:03:34 softlinksys dovecot: imap-login: Login: user=, Dec 8 23:03:34 softlinksys dovecot: imap(smok...@sizzelicks.com)<4981>: Connection closed (No commands sent) When a spammer tried to log in (s.peters...@softlinksys.com <mailto:s.peters...@softlinksys.com> not our email address) the log shows this: Dec 8 23:16:51 softlinksys dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=mailto:s.peters...@softlinksys.com> > So I see the difference: imap-login: Login: user=mailto:smok...@sizzelicks.com> > and : imap-login: Disconnected (auth failed ... Clearly, I'm successfully logging into the mailbox - yes? BUT - immediately afterward the server disconnects with 'No commands sent'. It looks to me like dovecot expects 'commands' that Thunderbird isn't sending. Is this correct? Thunderbird queries for messages (or it's supposed to). The response & log is the same if I click ‘Get Messages’. Also, I’ve sent numerous messages to smok...@sizzelicks.com <mailto:smok...@sizzelicks.com> . They do not bounce and I don’t get an email saying it couldn’t be delivered. However, nothing is added to the logs from postfix about it. Why is dovecot disconnecting? How can I fix this problem? -Original Message- From: dovecot On Behalf Of Alexander Dalloz Sent: Wednesday, December 8, 2021 5:53 PM To: dovecot@dovecot.org Subject: Re: Mailbox connection fails: Connection closed (No commands sent) Help please Am 08.12.2021 um 01:46 schrieb Robert L Mathews: > On 12/7/21 2:49 PM, Alexander Dalloz wrote: > >> Use a not expired certificate. >> >> $ openssl s_client -connect 194.163.45.150:993 >> CONNECTED(0003) >> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify >> error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 >> GMT > > That error's happening because you (Alexander) are using an old > openssl version that has the problem described on: > > > <https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire> > https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire > / > > That's not the problem that the original poster is having unless > Thunderbird also has the same problem, which it may; see: > > > <https://community.letsencrypt.org/t/note-regarding-transition-to-r3-in> > https://community.letsencrypt.org/t/note-regarding-transition-to-r3-in > termediate-with-firefox-or-thunderbird/140049 > > > > <https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediat> > https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediat > e-certificates-to-mozilla-applications/ > > > In any case, this works fine with OpenSSL 1.1 or later: > > $ openssl s_client -connect mail.sizzelicks.com:993 > ... > * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE > LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. > Confirmed, my fault. # openssl s_client -connect 194.163.45.150:993 CONNECTED(0003) Can't use SSL_get_servername depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = aecperformance.com verify return:1 --- Certificate chain 0 s:CN = aecperformance.com i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 Alexander
RE: Mailbox connection fails: Connection closed (No commands sent) Help please
On Wed, 8 Dec 2021, post...@aecperformance.com wrote: Thunderbird says: Wrong Site The certificate belongs to a different site, which could mean that someone is trying to impersonate this site. $ openssl s_client -connect aecperformance.com:993 < /dev/null 2>/dev/null | openssl x509 -noout -text | grep -F -A1 'X509v3 Subject Alternative Name:' X509v3 Subject Alternative Name: DNS:aecperformance.com, DNS:deanhh.com, DNS:dev.aecperformance.com, DNS:sizzelicks.com, DNS:softlinksys.com, DNS:www.aecperformance.com, DNS:www.deanhh.com, DNS:www.sizzelicks.com, DNS:www.softlinksys.com Is your Thunderbird set up to use one of the above server names, and not, for example, imap.aecperformance.com. The server name has to match one of the above. Joseph Tam
Re: Mailbox connection fails: Connection closed (No commands sent) Help please
Am 08.12.2021 um 01:46 schrieb Robert L Mathews: On 12/7/21 2:49 PM, Alexander Dalloz wrote: Use a not expired certificate. $ openssl s_client -connect 194.163.45.150:993 CONNECTED(0003) depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT That error's happening because you (Alexander) are using an old openssl version that has the problem described on: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ That's not the problem that the original poster is having unless Thunderbird also has the same problem, which it may; see: https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049 https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/ In any case, this works fine with OpenSSL 1.1 or later: $ openssl s_client -connect mail.sizzelicks.com:993 ... * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. Confirmed, my fault. # openssl s_client -connect 194.163.45.150:993 CONNECTED(0003) Can't use SSL_get_servername depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = aecperformance.com verify return:1 --- Certificate chain 0 s:CN = aecperformance.com i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 Alexander
RE: Mailbox connection fails: Connection closed (No commands sent) Help please
Thanks for your help. I was able to 'confirm' the certificate in Thunderbird. I looked at the certificate in Thunderbird. As I knew, it is a chain of multiple domains, all set up on our VPS. Under Issuer Name it says: Common NameR3 It appears that I'm able to connect to the mailbox now but I can’t receive or send email. Thunderbird says: Wrong Site The certificate belongs to a different site, which could mean that someone is trying to impersonate this site. In Thunderbird I can Confirm Security Exception but I’d much rather fix the problem. The certificate is for a 'chain' of domains, 5 as of now, with the primary domain being aecperformance.com (not sizzelicks.com). The certificate as shown in Thunderbird says: Common Nameaecperformance.com The certificate does show a list of all the domains in the chain. Our VPS hosts multiple domains (5 right now) all of which receive and send email. The websites on the VPS all work fine under ssl using the same certificate chain set up in postfix/dovecot config. When I install postfix and dovecot the configuration includes paths for 1 certificate. The certificate files I have set in postfix & dovecot config are the letsencrypt files for the websites. How should I set up the certificates for the domains that postfix/dovecot handles? How can I fix the problem Thunderbird is having with the certificate chain of multiple domains? -Original Message- From: dovecot On Behalf Of Robert L Mathews Sent: Tuesday, December 7, 2021 7:46 PM To: dovecot@dovecot.org Subject: Re: Mailbox connection fails: Connection closed (No commands sent) Help please On 12/7/21 2:49 PM, Alexander Dalloz wrote: > Use a not expired certificate. > > $ openssl s_client -connect 194.163.45.150:993 > CONNECTED(0003) > depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify > error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT That error's happening because you (Alexander) are using an old openssl version that has the problem described on: <https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ That's not the problem that the original poster is having unless Thunderbird also has the same problem, which it may; see: <https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049> https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049 <https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/> https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/ In any case, this works fine with OpenSSL 1.1 or later: $ openssl s_client -connect mail.sizzelicks.com:993 ... * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. -- Robert L Mathews, Tiger Technologies, <http://www.tigertech.net/> http://www.tigertech.net/
Re: Mailbox connection fails: Connection closed (No commands sent) Help please
On 12/7/21 2:49 PM, Alexander Dalloz wrote: Use a not expired certificate. $ openssl s_client -connect 194.163.45.150:993 CONNECTED(0003) depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT That error's happening because you (Alexander) are using an old openssl version that has the problem described on: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/ That's not the problem that the original poster is having unless Thunderbird also has the same problem, which it may; see: https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049 https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/ In any case, this works fine with OpenSSL 1.1 or later: $ openssl s_client -connect mail.sizzelicks.com:993 ... * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready. -- Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
Re: Mailbox connection fails: Connection closed (No commands sent) Help please
Am 07.12.2021 um 22:45 schrieb post...@aecperformance.com: My VPS IP is: 194.163.45.150 Use a not expired certificate. $ openssl s_client -connect 194.163.45.150:993 CONNECTED(0003) depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT verify return:0 Alexander