> On 29/11/2020 22:31 Christy S <christys1...@gmail.com> wrote: > > > Hi folks, > > I'm stumped on an error we're getting in dovecot after upgrading ubuntu. > I will say up front that I'm far from a linux expert. I'm helping my > husband by managing a virtual private server to handle his domain, > including its email. We set this up two years ago and once I finally got > the mail working, it's been humming along just fine since, until two > days ago when I performed the ubuntu upgrade. Now, when we try to send > mail through his domain thunderbird gives this error: > > Your message was sent but a copy was not placed in your sent folder > (Sent) due to network or file access errors. > > Note that it says this, but the mail isn't actually sent at all. We are > using SSL and have been since the beginning which might be part of our > problem, but I'm not positive. > > A google search suggested adding two lines to the 10-ssl.conf file. > > ssl_dh = </usr/share/dovecot/dh.pem > ssl_cipher_list = HIGH:!DH:!aNULL > > I did both of these things and restarted the server completely, but no > luck. looking in /var/log/mail.err I see this. > > Nov 29 14:08:56 kylesmith-music dovecot: imap-login: Error: Failed to > initialize SSL server context: Can't load SSL cert > ificate: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too > small: user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, > session=<t4qrdkS1kPNLFhL4> > What's interesting is that last line only showed up after I added the > two lines to the config file. > > My guess is I need to do something with SSL, update it maybe? But I > don't want to go fiddling around purely on a guess and potentially break > things even more. So, any of you much more linux familiar types want to > point me in the right direction? Thanks! > > Christy
Your DH parameters are too weak. You should generate at least 2048 byte parameters. Aki
