Author Topic: Unable to connect thunderbird IMAP after upgrade to zentyal 7  (Read 1102 times)

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
Hi, i have just upgraded a Zen6.2 server to Zen7. I has to delete the nginx certs and create news (no web admin).
Everithing is now running as expected, except for IMAP connection from thunderbird clients.
Sogo works, ActveSync works but nor IMAP.
I think the relevant part in syslog is:
Code: [Select]
May 22 16:39:53 fermat dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=10.0.0.1, lip=10.0.0.11, session=<AU8+JuzCOPsKAAAB>
May 22 16:39:53 fermat dovecot: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=10.0.0.1, lip=10.0.0.11, session=<AU8+JuzCOPsKAAAB>

It looks to me like a dovecot cert problem. Any idea to delete a re-crate dovecots certs?

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
« Reply #1 on: May 24, 2021, 06:40:43 pm »
Searching in syslog at upgrade time, i found this:
Code: [Select]
May 22 15:21:15 fermat dovecot: config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
May 22 15:21:15 fermat dovecot: config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
I get this message every time i restart dovecot.
In /etc/dovecot//conf.d/10-ssl.conf the config for DH is:
Code: [Select]
ssl_dh = </usr/share/dovecot/dh.pemWhish exists in this folder:
Code: [Select]
-rw-r--r-- 1 root root  769 nov 14  2019 dh.pemSo i d'ont know how to fix this. Please any help is apreciated.
« Last Edit: May 24, 2021, 06:59:35 pm by acon »

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
« Reply #2 on: May 24, 2021, 08:52:14 pm »
Other people are experiencing same issue:
https://github.com/zentyal/zentyal/issues/2043

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
« Reply #3 on: May 25, 2021, 12:52:57 pm »
BTW, i also got this one: https://github.com/zentyal/zentyal/issues/2055
I have updated 2 servers from 6.2 to 7 and one is fine and the other has those 2 small issues, but still usable.

webmaster

  • Zentyal Staff
  • Zen Apprentice
  • *****
  • Posts: 27
  • Karma: +2/-1
    • View Profile
Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
« Reply #4 on: May 25, 2021, 06:16:57 pm »
Hello there,

Thanks for reporting. Just to let you know that we are aware of these issues and are working on fixing them. Updates will be posted on GitHub, on the referenced tickets. BR.

timerbb

  • Zen Apprentice
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
« Reply #5 on: June 09, 2021, 09:05:59 am »
I have same problem after upgrade, after performed some digging on google. I have managed to solve it using below

generate the dh.pem

openssl dhparam -out /etc/dovecot/dh.pem 4096

and put it into /usr/share/zentyal/stubs/mail/dovecot.conf.mas under SSL section

ssl_dh =</etc/dovecot/dh.pem

afterward reboot.

then the imaps works again

Rgds
TiMeR