Ben Schmidt wrote: > On 11/10/14 10:47 PM, [email protected] wrote: >> debug updates >> >> using localhost, dovecot reports timeout for 15s which i set in RC >> >> but using ssl://localhost, dovecot reports timeout for 0s >> >> notice the attempts to access mysql modules > > I don't think MySQL has anything to do with this. Nothing points to a > MySQL failure. Sure, some MySQL shared libraries are being loaded, but > they won't be used unless MySQL is actually used in configuration. > >> localhost >> >> IMAP Error in /roundcube/program/lib/Roundcube/rcube_imap.php >> (184):Login failed for user from 1.2.3.4. Empty startup greeting >> (localhost:993) >> >> dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used >> for ECDH and ECDHE key exchanges >> dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used >> for ECDH and ECDHE key exchanges >> dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept >> initialization [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept >> initialization [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read >> client hello A [127.0.0.1] >> dovecot: auth: Debug: Loading modules from directory: >> /usr/lib/dovecot/modules/auth >> dovecot: auth: Debug: Module loaded: >> /usr/lib/dovecot/modules/auth/libdriver_mysql.so >> dovecot: auth: Debug: Read auth token secret from >> /var/run/dovecot/auth-token-secret.dat >> dovecot: auth: Debug: auth client connected (pid=14412) >> dovecot: imap-login: Disconnected (no auth attempts in 15 secs): >> user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: Disconnected, >> session=<xBTDACQFbQB/AAAB> >> >> connection to imap server failed > > I think what's happening here is that Roundcube is connecting to Dovecot > on port 993, but not using SSL. Dovecot is sitting waiting for SSL > negotiation to proceed, and Roundcube is sitting waiting for Dovecot to > send its startup greeting. After 15 seconds, someone gives up and > disconnects. From what you said above, I guess it's Roundcube giving up. > > If you're just connecting to and from localhost, i.e. no traffic is > actually leaving the server, it would be more efficient not to use SSL > anyway. Could you open up Dovecot to non-SSL connections from the local > machine only, on a different port, and connect to that? That may be the > easiest and best way to solve this. > >> ssl://localhost >> >> IMAP Error in /var/www/htdocs/rc/program/lib/Roundcube/rcube_imap.php >> (184): Login failed for example.com from 1.2.3.4. Could not connect to >> ssl://localhost:993: Unknown reason >> >> Failed login for example.com from 85.17.92.143 in session >> ukv99kdv3k78hgjca7pkobom71 (error: -2) > > Where did this message come from (which log, etc.)? It could be the key. > Hidden in that error '-2' may be the cause of the problem. Access > denied? File not found? ...? But to have even a vague idea how to > interpret the -2, we need to know where it's come from. > >> dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used >> for ECDH and ECDHE key exchanges >> dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used >> for ECDH and ECDHE key exchanges >> dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept >> initialization [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept >> initialization [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client >> hello A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >> server hello A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >> certificate A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key >> exchange A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >> server done A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data >> [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read >> client certificate A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read >> client certificate A [127.0.0.1] >> dovecot: auth: Debug: Loading modules from directory: >> /usr/lib/dovecot/modules/auth >> dovecot: auth: Debug: Module loaded: >> /usr/lib/dovecot/modules/auth/libdriver_mysql.so >> dovecot: auth: Debug: Read auth token secret from >> /var/run/dovecot/auth-token-secret.dat >> dovecot: auth: Debug: auth client connected (pid=14420) >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client >> key exchange A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read >> finished A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >> session ticket A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >> change cipher spec A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write >> finished A [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data >> [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation >> finished successfully [127.0.0.1] >> dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation >> finished successfully [127.0.0.1] >> dovecot: imap-login: Debug: SSL alert: close notify [127.0.0.1] >> dovecot: imap-login: Disconnected (no auth attempts in 0 secs): >> user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<DmZdByQFbwB/AAAB> >> >> connection to imap server failed > > This time SSL negotiation has succeeded, so we have a functioning SSL > connection. However, something is giving up after zero seconds! That's > not helpful. Can you see if you can get that timeout up? Perhaps it's as > simple as applying your timeout of 15 seconds to 'ssl://localhost' > instead of 'localhost'? If not, something else is causing it to give up, > and it may be that error -2 above. > > Good luck.... > > Ben.
for future reference and for those on debian jessie localhost 143 works it was the only working combination i could find for imap thank you all _______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
