Kein Login mit Roundcubemail an Dovecot unter Debian/Buster
Andreas Günther
dovecot at linuxmaker.com
Mo Jan 20 11:01:20 CET 2020
Hallo zusammen,
ich habe auf einem aktuellem Debian Linux (Buster) einen Postfix/Dovecot-
Mailserver laufen. Als Webmailer verwende ich Roundcubemail 1.4.2.
Die beiden Server Postfix und Dovecot laufen an sich ganz gut. Nur der Login
von Roundcubemail am Dovecot scheitert mit dieser Fehlermeldung in mail.log:
Jan 20 10:37:44 mx1 dovecot: imap-login: Error: Diffie-Hellman key exchange
requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem
Jan 20 10:37:44 mx1 dovecot: imap-login: Disconnected (no auth attempts in 0
secs): user=<>, rip=192.168.1.168, lip=192.168.1.168, TLS handshaking:
SSL_accept() failed: error:141EC044:SSL
routines:tls_construct_server_key_exchange:internal error
Ein Eintrag von
ssl_dh = /etc/dovecot/dh.pem
in die /etc/dovecot/dovecot.conf und ein Service-Neustart liefert diese
Fehlermeldung:
Jan 20 10:43:44 mx1 dovecot: imap-login: Error: Failed to initialize SSL
server context: Couldn't parse DH parameters: error:0909006C:PEM
routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>,
rip=192.168.1.168, lip=192.168.1.168, secured
Jan 20 10:43:44 mx1 dovecot: imap-login: Disconnected: TLS initialization
failed. (no auth attempts in 0 secs): user=<>, rip=192.168.1.168,
lip=192.168.1.168, secured
Und im Webbrowser poppt die Meldung auf, "Verbindung zum Speicherserver
fehlgeschlagen".
Ich bin überzeugt, dass ich irgendetwas in der /etc/dovecot/dovecot.conf
ändern oder hinzufügen muss. Ich weis momentan allerdings nicht, was das genau
ist. Habt Ihr einen Tip?
Beste Grüße
Andreas
/etc/dovecot/dovecot.conf:
auth_mechanisms = plain login
#mail_debug = yes
disable_plaintext_auth = yes
# Uncomment on NFS share
#mmap_disable = yes
#mail_fsync = always
#mail_nfs_index = yes
#mail_nfs_storage = yes
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/
mail_plugins = quota acl fts fts_solr
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
#ssl_min_protocol = !SSLv3
ssl_protocols = !SSLv3
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!
MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-
SHA:AES128-SHA
ssl_prefer_server_ciphers = yes
# Automatically regenerates every week
ssl_dh_parameters_length = 2048
ssl_dh = /etc/dovecot/dh.pem
log_timestamp = "%Y-%m-%d %H:%M:%S "
recipient_delimiter = +
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
namespace inbox {
inbox = yes
location =
separator = /
mailbox "Trash" {
auto = subscribe
special_use = \Trash
}
mailbox "Deleted Messages" {
special_use = \Trash
}
.....
}
namespace {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:%%h/:INDEXPVT=~/Shared/%%u
subscriptions = no
list = yes
}
protocols = imap sieve lmtp pop3
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = root
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
process_min_avail = 2
vsz_limit = 128M
}
service managesieve {
process_limit = 256
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
user = vmail
}
listen = *
ssl_cert = </etc/ssl/mail/mail.crt
ssl_key = </etc/ssl/mail/mail.key
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota imap_acl acl fts fts_solr
}
protocol lmtp {
mail_plugins = quota sieve acl fts fts_solr
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster at example.com
}
protocol sieve {
managesieve_logout_format = bytes=%i/%o
}
plugin {
acl_anyone = allow
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
acl = vfile
quota = dict:Userquota::proxy::sqlquota
quota_rule2 = Trash:storage=+100%%
sieve = /var/vmail/sieve/%u.sieve
sieve_after = /var/vmail/sieve/global.sieve
sieve_max_script_size = 1M
sieve_quota_max_scripts = 0
sieve_quota_max_storage = 0
#fts = solr
#fts_solr = url=http://127.0.0.1:8983/solr/
#fts_autoindex = yes
}
dict {
sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf
}
remote 127.0.0.1 {
disable_plaintext_auth = no
}
!i/etc/dovecot/dovecot.conf
auth_mechanisms = plain login
#mail_debug = yes
disable_plaintext_auth = yes
# Uncomment on NFS share
#mmap_disable = yes
#mail_fsync = always
#mail_nfs_index = yes
#mail_nfs_storage = yes
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/
mail_plugins = quota acl fts fts_solr
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
#ssl_min_protocol = !SSLv3
ssl_protocols = !SSLv3
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!
MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-
SHA:AES128-SHA
ssl_prefer_server_ciphers = yes
# Automatically regenerates every week
#ssl_dh_parameters_length = 2048
ssl_dh = /etc/dovecot/dh.pem
log_timestamp = "%Y-%m-%d %H:%M:%S "
recipient_delimiter = +
passdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
namespace inbox {
inbox = yes
location =
separator = /
mailbox "Trash" {
auto = subscribe
special_use = \Trash
}
mailbox "Deleted Messages" {
special_use = \Trash
}
.....
}
namespace {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:%%h/:INDEXPVT=~/Shared/%%u
subscriptions = no
list = yes
}
protocols = imap sieve lmtp pop3
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = root
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
process_min_avail = 2
vsz_limit = 128M
}
service managesieve {
process_limit = 256
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
user = vmail
}
listen = *
ssl_cert = </etc/ssl/mail/mail.crt
ssl_key = </etc/ssl/mail/mail.key
userdb {
args = /etc/dovecot/dovecot-mysql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota imap_acl acl fts fts_solr
}
protocol lmtp {
mail_plugins = quota sieve acl fts fts_solr
auth_socket_path = /var/run/dovecot/auth-master
postmaster_address = postmaster at example.com
}
protocol sieve {
managesieve_logout_format = bytes=%i/%o
}
plugin {
acl_anyone = allow
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
acl = vfile
quota = dict:Userquota::proxy::sqlquota
quota_rule2 = Trash:storage=+100%%
sieve = /var/vmail/sieve/%u.sieve
sieve_after = /var/vmail/sieve/global.sieve
sieve_max_script_size = 1M
sieve_quota_max_scripts = 0
sieve_quota_max_storage = 0
#fts = solr
#fts_solr = url=http://127.0.0.1:8983/solr/
#fts_autoindex = yes
}
dict {
sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf
}
remote 127.0.0.1 {
disable_plaintext_auth = no
}
!include mailcow_public_folder.conf
mail_max_userip_connections = 500
nclude mailcow_public_folder.conf
mail_max_userip_connections = 500
Mehr Informationen über die Mailingliste Dovecot