Zentyal Forum, Linux Small Business Server

Zentyal Server => Email and Groupware => Topic started by: acon on May 22, 2021, 07:14:53 pm

Title: Unable to connect thunderbird IMAP after upgrade to zentyal 7
Post by: acon on May 22, 2021, 07:14:53 pm
Hi, i have just upgraded a Zen6.2 server to Zen7. I has to delete the nginx certs and create news (no web admin).
Everithing is now running as expected, except for IMAP connection from thunderbird clients.
Sogo works, ActveSync works but nor IMAP.
I think the relevant part in syslog is:
Code: [Select]
May 22 16:39:53 fermat dovecot: imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=10.0.0.1, lip=10.0.0.11, session=<AU8+JuzCOPsKAAAB>
May 22 16:39:53 fermat dovecot: imap-login: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=10.0.0.1, lip=10.0.0.11, session=<AU8+JuzCOPsKAAAB>

It looks to me like a dovecot cert problem. Any idea to delete a re-crate dovecots certs?
Title: Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
Post by: acon on May 24, 2021, 06:40:43 pm
Searching in syslog at upgrade time, i found this:
Code: [Select]
May 22 15:21:15 fermat dovecot: config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
May 22 15:21:15 fermat dovecot: config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
I get this message every time i restart dovecot.
In /etc/dovecot//conf.d/10-ssl.conf the config for DH is:
Code: [Select]
ssl_dh = </usr/share/dovecot/dh.pemWhish exists in this folder:
Code: [Select]
-rw-r--r-- 1 root root  769 nov 14  2019 dh.pemSo i d'ont know how to fix this. Please any help is apreciated.
Title: Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
Post by: acon on May 24, 2021, 08:52:14 pm
Other people are experiencing same issue:
https://github.com/zentyal/zentyal/issues/2043 (https://github.com/zentyal/zentyal/issues/2043)
Title: Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
Post by: acon on May 25, 2021, 12:52:57 pm
BTW, i also got this one: https://github.com/zentyal/zentyal/issues/2055
I have updated 2 servers from 6.2 to 7 and one is fine and the other has those 2 small issues, but still usable.
Title: Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
Post by: webmaster on May 25, 2021, 06:16:57 pm
Hello there,

Thanks for reporting. Just to let you know that we are aware of these issues and are working on fixing them. Updates will be posted on GitHub, on the referenced tickets. BR.
Title: Re: Unable to connect thunderbird IMAP after upgrade to zentyal 7
Post by: timerbb on June 09, 2021, 09:05:59 am
I have same problem after upgrade, after performed some digging on google. I have managed to solve it using below

generate the dh.pem

openssl dhparam -out /etc/dovecot/dh.pem 4096

and put it into /usr/share/zentyal/stubs/mail/dovecot.conf.mas under SSL section

ssl_dh =</etc/dovecot/dh.pem

afterward reboot.

then the imaps works again

Rgds
TiMeR