SSL Fehler: sslv3 alert certificate unknown

Frank Kirschner fk at celebrate.de
Fr Mai 10 14:27:05 CEST 2019 

Das Problem scheint gelöst zu sein.
Erst K9 deinstallieren und neu installieren brachte Ruhe ins Log, 
wahrscheinlich wurde ein Zertifikat nicht sauber erneuert.
Habe nichts gefunden, wo man (wie im Thunderbird) bei dem K9 Mail die 
Zertifikate verwalten, ggf. alte löschen kann.
Informativ: Bei dem Handy hat es sich um ein Galaxy S9+ mit Android Oreo 
gehandelt.

lg Frank

Am 10.05.2019 um 08:09 schrieb Frank Kirschner:
>
> Hallo zusammen,
>
> ich habe einen Mailserver mit Postfix und Dovecot aufgesetzt, läuft 
> soweit gut, nur mit einem Client gibt es Probleme.
> Es handelt sich um ein Android Handy mit K-9 Mail. Zyklisch auftretend 
> aus dem dovecot Logfile:
>
> May 10 06:41:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<ypG/L4GICLzAqIKr>
> May 10 06:42:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<BVVQM4GIoMLAqIKr>
> May 10 06:43:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<HxPlNoGISMnAqIKr>
> May 10 06:44:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<+4l3OoGIxM/AqIKr>
> May 10 06:45:10 imap-login: Info: Disconnected (no auth attempts in 3 secs): user=<>, rip=196.52.43.131, lip=192.168.130.191, TLS handshaking: Disconnected, session=<ZhxMO4GIOuzENCuD>
> May 10 06:45:55 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<xycBPoGIbtbAqIKr>
> May 10 06:46:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<EgafQYGIGN3AqIKr>
> May 10 06:47:41 imap-login: Info: Login: user=<foo at bar.de>, method=PLAIN, rip=178.14.68.231, lip=192.168.130.191, mpid=24201, TLS, session=<O1tNRIGINMCyDkTn>
> May 10 06:47:41 imap-login: Info: Login: user=<foo at bar.de>, method=PLAIN, rip=178.14.68.231, lip=192.168.130.191, mpid=24202, TLS, session=<4qNNRIGINsCyDkTn>
> May 10 06:47:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<BOAsRYGI1uPAqIKr>
> May 10 06:48:23 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<j5rSRoGIoOiyDkTn>
> May 10 06:48:24 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<DrrXRoGIouiyDkTn>
> May 10 06:48:24 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<fFPdRoGIpOiyDkTn>
> May 10 06:48:24 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<ffbiRoGIpuiyDkTn>
> May 10 06:48:25 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<PsPqRoGIqOiyDkTn>
> May 10 06:48:25 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<d5fvRoGIquiyDkTn>
> May 10 06:48:26 imap-login: Info: Disconnected (no auth attempts in 1 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<19/1RoGIrOiyDkTn>
> May 10 06:48:26 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<mtz7RoGIruiyDkTn>
> May 10 06:48:27 imap-login: Info: Disconnected (no auth attempts in 1 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<G8wDR4GIsOiyDkTn>
> May 10 06:48:27 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<u2kJR4GIsuiyDkTn>
> May 10 06:48:27 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<wGAOR4GItOiyDkTn>
> May 10 06:48:28 imap-login: Info: Disconnected (no auth attempts in 1 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<29gTR4GItuiyDkTn>
> May 10 06:48:28 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=178.14.68.231, lip=192.168.130.191, TLS handshaking: SSL_accept() failed: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert number 46, session=<RPseR4GIuOiyDkTn>
> May 10 06:48:51 imap-login: Info: Login: user=<foo at bar.de>, method=PLAIN, rip=178.14.68.231, lip=192.168.130.191, mpid=24225, TLS, session=<V9x8SIGImMCyDkTn>
> May 10 06:48:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<hOjJSIGIfOrAqIKr>
> May 10 06:49:56 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=192.168.130.171, lip=192.168.130.191, session=<+bJQTIGIyoLAqIKr>
>
> Zertifikate werden von Let's Encrypt verwendet, andere clients 
> (Thunderbird, Outlook und K-9 Mail auf anderen Handys) funktionieren 
> einwandfrei, nur bei diesem Nutzer taucht das Problem auf und füllt 
> das Logfile.
>
> # doveconf -n
> # 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.24 (124e06aa)
> # OS: Linux 4.15.18-12-pve x86_64 CentOS Linux release 7.6.1810 (Core)
> # Hostname: xxxxx.xxx.de
> disable_plaintext_auth = no
> first_valid_uid = 1000
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> log_path = /var/log/dovecot.log
> login_greeting = IMAP Cluster ready.
> mail_fsync = always
> mail_gid = 1000
> mail_home = /srv/mail/mail_storage/%d/%n
> mail_location = maildir:~
> mail_privileged_group = vpostfix
> mail_uid = 1000
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope 
> encoded-character vacation subaddress comparator-i;ascii-numeric 
> relational regex imap4flags copy include variables body enotify 
> environment mailbox date index ihave duplicate mime for everypart 
> extracttext vacation-seconds
> mbox_write_locks = fcntl
> mmap_disable = yes
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Spam {
>     auto = subscribe
>     special_use = \Junk
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = scheme=CRYPT username_format=%u /etc/dovecot/users
>   driver = passwd-file
> }
> plugin {
>   sieve = file:~/sieve;active=~/.dovecot.sieve
>   sieve_before = /etc/dovecot/spam-global.sieve
>   sieve_extensions = +vacation-seconds
>   sieve_vacation_default_period = 1d
>   sieve_vacation_max_period = 30d
>   sieve_vacation_min_period = 0
> }
> postmaster_address = xxx at xxxxxx.de
> protocols = imap pop3 lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = vpostfix
>     mode = 0666
>     user = vpostfix
>   }
>   unix_listener auth-userdb {
>     group = vpostfix
>     mode = 0600
>     user = vpostfix
>   }
> }
> service imap-login {
>   process_min_avail = 1
>   service_count = 1
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>   }
> }
> ssl_cert = </etc/letsencrypt/live/xxxxxx.de/fullchain.pem
> ssl_key =  # hidden, use -P to show it
> ssl_protocols = !SSLv2 !SSLv3
> userdb {
>   args = username_format=%u /etc/dovecot/users
>   driver = passwd-file
> }
> protocol lmtp {
>   mail_plugins = " sieve"
> }
> protocol lda {
>   mail_plugins = " sieve"
> }
> protocol imap {
>   mail_max_userip_connections = 10
> }
>
> -------------------------- ENDE doveconf --------------------------------
>
> Habe ich etwas falsch konfiguriert?
>
> lg Frank
>

-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listen.jpberlin.de/pipermail/dovecot/attachments/20190510/9db5fa8f/attachment.html>

Mehr Informationen über die Mailingliste Dovecot