It can be deleted. Posted on wrong mailing list. 2017-04-27 10:18 GMT+02:00 [email protected] < [email protected]>:
> Your loglines seem to come from "dovecot: imap-login". > > Does your postfix makes imap logins? Mine doesn't do that. > > But it should be possible by way of using smtp-auth that tests logins > against an imap server. Do you have this? Then, why didn't you provide > the according loglines from your postfix? > > As i see on dovecot list, you asked the same question over there - > yesterday. And you got a smart answer - yesterday. > (http://markmail.org/message/u2b5aytovpkuxwgj) > > Do you use LMTP or smtp-auth against imap? > > Otherwise, i assume, you are completely wrong here on postfix list. > > > Try to learn the difference between postfix, dovecot and the clients you > and/or your customers are using. That will really help you more. > > > > Willi > > > > Am 27.04.2017 um 07:12 schrieb Poliman - Serwis: > > Hi, > > To default dovecot.conf file I added (based on found documentation): > > ssl = required > > disable_plaintext_auth = yes #change default 'no' to 'yes' > > ssl_prefer_server_ciphers = yes > > ssl_options = no_compression > > ssl_dh_parameters_length = 2048 > > ssl_cipher_list = > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- > RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- > AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- > RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: > DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: > AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- > SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:! > RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES- > CBC3-SHA:!KRB5-DES-CBC3-SHA > > > > I have below errors (they appear in loop in mail.err log file): > > #Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > > #Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > > error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number > > #Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > > error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad > record > > mac > > #Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > > > When I setup in postfix main.cf file (other lines default): > > tls_ssl_options = no_ticket, no_compression > > tls_preempt_cipherlist = yes > > smtpd_sasl_security_options=noanonymous,noplaintext > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > smtpd_tls_mandatory_ciphers = high > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > don't > > know what should be setup > > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, > > aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, > ECDHE-RSA-DES-CBC3-SHA, > > DES-CBC3-SHA, RC4-MD5, RC4-SHA, ECDHE-RSA-RC4-SHA > > smtp_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, > aECDH, > > EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, ECDHE-RSA-DES-CBC3-SHA, > > DES-CBC3-SHA, RC4-MD5, RC4-SHA, ECDHE-RSA-RC4-SHA > > > > Is between dovecot and postfix some communication using above ciphers or > > something that generate that errors in log or maybe some public client > try > > connect and can't establish connection? > > > > Server with Ubuntu 16.04 LTS, postfix 3.1 and dovecot 2.2.22 and openssl > > 1.0.2k. > > > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *[email protected] <[email protected]>*
