SSL Fehler: sslv3 alert certificate unknown
Frank Kirschner
fk at celebrate.de
Fr Mai 10 08:09:53 CEST 2019
Hallo zusammen,
ich habe einen Mailserver mit Postfix und Dovecot aufgesetzt, läuft
soweit gut, nur mit einem Client gibt es Probleme.
Es handelt sich um ein Android Handy mit K-9 Mail. Zyklisch auftretend
aus dem dovecot Logfile:
May 10 06:41:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<ypG/L4GICLzAqIKr>
May 10 06:42:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<BVVQM4GIoMLAqIKr>
May 10 06:43:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<HxPlNoGISMnAqIKr>
May 10 06:44:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<+4l3OoGIxM/AqIKr>
May 10 06:45:10 imap-login: Info: Disconnected (no auth attempts in 3 secs): user=<>, rip=196.52.43.131, lip=192.168.130.191, TLS handshaking: Disconnected, session=<ZhxMO4GIOuzENCuD>
May 10 06:45:55 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<xycBPoGIbtbAqIKr>
May 10 06:46:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<EgafQYGIGN3AqIKr>
May 10 06:47:41 imap-login: Info: Login: user=<foo at bar.de>, method=PLAIN, rip=178.14.68.231, lip=192.168.130.191, mpid=24201, TLS, session=<O1tNRIGINMCyDkTn>
May 10 06:47:41 imap-login: Info: Login: user=<foo at bar.de>, method=PLAIN, rip=178.14.68.231, lip=192.168.130.191, mpid=24202, TLS, session=<4qNNRIGINsCyDkTn>
May 10 06:47:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<BOAsRYGI1uPAqIKr>
May 10 06:48:23 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<j5rSRoGIoOiyDkTn>
May 10 06:48:24 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<DrrXRoGIouiyDkTn>
May 10 06:48:24 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<fFPdRoGIpOiyDkTn>
May 10 06:48:24 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<ffbiRoGIpuiyDkTn>
May 10 06:48:25 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<PsPqRoGIqOiyDkTn>
May 10 06:48:25 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<d5fvRoGIquiyDkTn>
May 10 06:48:26 imap-login: Info: Disconnected (no auth attempts in 1 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<19/1RoGIrOiyDkTn>
May 10 06:48:26 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<mtz7RoGIruiyDkTn>
May 10 06:48:27 imap-login: Info: Disconnected (no auth attempts in 1 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<G8wDR4GIsOiyDkTn>
May 10 06:48:27 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<u2kJR4GIsuiyDkTn>
May 10 06:48:27 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<wGAOR4GItOiyDkTn>
May 10 06:48:28 imap-login: Info: Disconnected (no auth attempts in 1 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<29gTR4GItuiyDkTn>
May 10 06:48:28 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<RPseR4GIuOiyDkTn>
May 10 06:48:51 imap-login: Info: Login: user=<foo at bar.de>, method=PLAIN, rip=178.14.68.231, lip=192.168.130.191, mpid=24225, TLS, session=<V9x8SIGImMCyDkTn>
May 10 06:48:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<hOjJSIGIfOrAqIKr>
May 10 06:49:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<+bJQTIGIyoLAqIKr>
Zertifikate werden von Let's Encrypt verwendet, andere clients
(Thunderbird, Outlook und K-9 Mail auf anderen Handys) funktionieren
einwandfrei, nur bei diesem Nutzer taucht das Problem auf und füllt das
Logfile.
# doveconf -n
# 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24 (124e06aa)
# OS: Linux 4.15.18-12-pve x86_64 CentOS Linux release 7.6.1810 (Core)
# Hostname: xxxxx.xxx.de
disable_plaintext_auth = no
first_valid_uid = 1000
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
log_path = /var/log/dovecot.log
login_greeting = IMAP Cluster ready.
mail_fsync = always
mail_gid = 1000
mail_home = /srv/mail/mail_storage/%d/%n
mail_location = maildir:~
mail_privileged_group = vpostfix
mail_uid = 1000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime for everypart
extracttext vacation-seconds
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=CRYPT username_format=%u /etc/dovecot/users
driver = passwd-file
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_before = /etc/dovecot/spam-global.sieve
sieve_extensions = +vacation-seconds
sieve_vacation_default_period = 1d
sieve_vacation_max_period = 30d
sieve_vacation_min_period = 0
}
postmaster_address = xxx at xxxxxx.de
protocols = imap pop3 lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = vpostfix
mode = 0666
user = vpostfix
}
unix_listener auth-userdb {
group = vpostfix
mode = 0600
user = vpostfix
}
}
service imap-login {
process_min_avail = 1
service_count = 1
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
}
ssl_cert = </etc/letsencrypt/live/xxxxxx.de/fullchain.pem
ssl_key = # hidden, use -P to show it
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = username_format=%u /etc/dovecot/users
driver = passwd-file
}
protocol lmtp {
mail_plugins = " sieve"
}
protocol lda {
mail_plugins = " sieve"
}
protocol imap {
mail_max_userip_connections = 10
}
-------------------------- ENDE doveconf --------------------------------
Habe ich etwas falsch konfiguriert?
lg Frank
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listen.jpberlin.de/pipermail/dovecot/attachments/20190510/a119685a/attachment.html>
Mehr Informationen über die Mailingliste Dovecot