Zentyal Forum, Linux Small Business Server
Zentyal Server => Email and Groupware => Topic started by: acon on May 22, 2021, 07:14:53 pm
-
Hi, i have just upgraded a Zen6.2 server to Zen7. I has to delete the nginx certs and create news (no web admin).
Everithing is now running as expected, except for IMAP connection from thunderbird clients.
Sogo works, ActveSync works but nor IMAP.
I think the relevant part in syslog is:
May 22 16:39:53 fermat dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=10.0.0.1, lip=10.0.0.11, session=<AU8+JuzCOPsKAAAB>
May 22 16:39:53 fermat dovecot: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=10.0.0.1, lip=10.0.0.11, session=<AU8+JuzCOPsKAAAB>
It looks to me like a dovecot cert problem. Any idea to delete a re-crate dovecots certs?
-
Searching in syslog at upgrade time, i found this:
May 22 15:21:15 fermat dovecot: config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
May 22 15:21:15 fermat dovecot: config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
I get this message every time i restart dovecot.
In /etc/dovecot//conf.d/10-ssl.conf the config for DH is:
ssl_dh = </usr/share/dovecot/dh.pem
Whish exists in this folder:
-rw-r--r-- 1 root root 769 nov 14 2019 dh.pem
So i d'ont know how to fix this. Please any help is apreciated.
-
Other people are experiencing same issue:
https://github.com/zentyal/zentyal/issues/2043 (https://github.com/zentyal/zentyal/issues/2043)
-
BTW, i also got this one: https://github.com/zentyal/zentyal/issues/2055
I have updated 2 servers from 6.2 to 7 and one is fine and the other has those 2 small issues, but still usable.
-
Hello there,
Thanks for reporting. Just to let you know that we are aware of these issues and are working on fixing them. Updates will be posted on GitHub, on the referenced tickets. BR.
-
I have same problem after upgrade, after performed some digging on google. I have managed to solve it using below
generate the dh.pem
openssl dhparam -out /etc/dovecot/dh.pem 4096
and put it into /usr/share/zentyal/stubs/mail/dovecot.conf.mas under SSL section
ssl_dh =</etc/dovecot/dh.pem
afterward reboot.
then the imaps works again
Rgds
TiMeR