You should check that you have
service imap-login {
inet_listener proxyimap {
port = 1993
haproxy = yes
}
}
and you also need to use
haproxy_trusted_networks
in Dovecot. I'd recommend using some other port than 993 for various reasons,
including monitoring and testing. I would also recommend using proxy protocol
v2 instead of v1.
Aki
> On 21/11/2024 17:46 EET Matt via dovecot <dovecot@dovecot.org> wrote:
>
>
> Yes I see that now as well; I already tried the s_client but strace is
> now allowed due (I think) security reasons.
>
> strace: attach: ptrace(PTRACE_SEIZE, 69): Operation not permitted
>
> I run this imap server behind Caddy using the 4 plugin. proxy_protocol
> v1 is set and Dovecot is aware of the proxy. It seems that there might
> be an issue with L4 and TCP connections as someone else has the same
> issue on LDAP. When I run this IMAP server directly on the host-port
> everything is fine.
>
> Op do 21 nov 2024 om 06:47 schreef Aki Tuomi <aki.tu...@open-xchange.com>:
> >
> >
> > > On 21/11/2024 04:57 EET Matt via dovecot <dovecot@dovecot.org> wrote:
> > >
> > >
> > > I'm running into below probem; my ath is stuck on initializing SSL.
> > >
> > > Certificates are fine, cert-chain is tested and auth no further errors
> > > are shown.
> > >
> > > Comparing to the default configuration from the docs it's pretty the
> > > same and up-to-date so I'm curious what cloud cause this.
> > >
> > > Also CHMOD on files has been checked.
> > >
> > > Nov 21 02:50:29 auth: Debug: Loading modules from directory:
> > > /usr/lib/dovecot/auth
> > > Nov 21 02:50:29 auth: Debug: Module loaded:
> > > /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
> > > Nov 21 02:50:29 auth: Debug: Module loaded:
> > > /usr/lib/dovecot/auth/libdriver_sqlite.so
> > > Nov 21 02:50:29 auth: Debug: Read auth token secret from
> > > /run/dovecot/auth-token-secret.dat
> > > Nov 21 02:50:29 auth: Debug: auth client connected (pid=477)
> > > Nov 21 02:50:29 imap-login: Debug: SSL: where=0x10, ret=1: before SSL
> > > initialization
> > > Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2001, ret=1: before
> > > SSL initialization
> > > Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2002, ret=-1: before
> > > SSL initialization
> > >
> > > Maybe someone has a suggestion...
> > >
> >
> > To be exact, it's imap-login that's stuck on SSL initialization. Can you try
> > openssl s_client -connect your-host:993 and once it's stuck do `strace -p
> > <pid-of-imap-login>` in hopes it would show why it's stuck?
> >
> > Aki
> _______________________________________________
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
