Kein Login mit Roundcubemail an Dovecot unter Debian/Buster

Klaus Tachtler klaus at tachtler.net
Di Jan 21 08:56:03 CET 2020 

Hallo Andreas,

was gibt ein Login-Test mit z.B. TELNET aus, wie ich hier beschrieben habe:

https://dokuwiki.tachtler.net/doku.php?id=tachtler:dovecot_ssl_tls#login-test_mit_telnet1


Grüße
Klaus.


> Hallo zusammen,
>
> ich habe auf einem aktuellem Debian Linux (Buster) einen Postfix/Dovecot-
> Mailserver laufen. Als Webmailer verwende ich Roundcubemail 1.4.2.
> Die beiden Server Postfix und Dovecot laufen an sich ganz gut. Nur der Login
> von Roundcubemail am Dovecot scheitert mit dieser Fehlermeldung in mail.log:
>
>
> Jan 20 10:37:44 mx1 dovecot: imap-login: Error: Diffie-Hellman key exchange
> requested, but no DH parameters provided. Set ssh_dh=</path/to/dh.pem
> Jan 20 10:37:44 mx1 dovecot: imap-login: Disconnected (no auth attempts in 0
> secs): user=<>, rip=192.168.1.168, lip=192.168.1.168, TLS handshaking:
> SSL_accept() failed: error:141EC044:SSL
> routines:tls_construct_server_key_exchange:internal error
>
> Ein Eintrag von
> ssl_dh = /etc/dovecot/dh.pem
> in die /etc/dovecot/dovecot.conf und ein Service-Neustart liefert diese
> Fehlermeldung:
>
> Jan 20 10:43:44 mx1 dovecot: imap-login: Error: Failed to initialize SSL
> server context: Couldn't parse DH parameters: error:0909006C:PEM
> routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>,
> rip=192.168.1.168, lip=192.168.1.168, secured
> Jan 20 10:43:44 mx1 dovecot: imap-login: Disconnected: TLS initialization
> failed. (no auth attempts in 0 secs): user=<>, rip=192.168.1.168,
> lip=192.168.1.168, secured
>
> Und im Webbrowser poppt die Meldung auf, "Verbindung zum Speicherserver
> fehlgeschlagen".
>
> Ich bin überzeugt, dass ich irgendetwas in der /etc/dovecot/dovecot.conf
> ändern oder hinzufügen muss. Ich weis momentan allerdings nicht, was  
> das genau
> ist. Habt Ihr einen Tip?
>
> Beste Grüße
>
> Andreas
>
> /etc/dovecot/dovecot.conf:
>
>
> auth_mechanisms = plain login
> #mail_debug = yes
> disable_plaintext_auth = yes
> # Uncomment on NFS share
> #mmap_disable = yes
> #mail_fsync = always
> #mail_nfs_index = yes
> #mail_nfs_storage = yes
> login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
> mail_home = /var/vmail/%d/%n
> mail_location = maildir:~/
> mail_plugins = quota acl fts fts_solr
> auth_username_chars =
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
> #ssl_min_protocol = !SSLv3
> ssl_protocols = !SSLv3
> ssl_cipher_list =
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
> +CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!
> MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-
> SHA:AES128-SHA
> ssl_prefer_server_ciphers = yes
> # Automatically regenerates every week
> ssl_dh_parameters_length = 2048
> ssl_dh = /etc/dovecot/dh.pem
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> recipient_delimiter = +
> passdb {
>   args = /etc/dovecot/dovecot-mysql.conf
>   driver = sql
> }
> namespace inbox {
>   inbox = yes
>   location =
>   separator = /
>   mailbox "Trash" {
>     auto = subscribe
>     special_use = \Trash
>   }
>   mailbox "Deleted Messages" {
>     special_use = \Trash
>   }
>
> .....
>
>
> }
> namespace {
>     type = shared
>     separator = /
>     prefix = Shared/%%u/
>     location = maildir:%%h/:INDEXPVT=~/Shared/%%u
>     subscriptions = no
>     list = yes
> }
> protocols = imap sieve lmtp pop3
> service dict {
>   unix_listener dict {
>     mode = 0660
>     user = vmail
>     group = vmail
>   }
> }
> service auth {
>   unix_listener /var/spool/postfix/private/auth_dovecot {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-master {
>     mode = 0600
>     user = vmail
>   }
>   unix_listener auth-userdb {
>     mode = 0600
>     user = vmail
>   }
>   user = root
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>   }
>   service_count = 1
>   process_min_avail = 2
>   vsz_limit = 128M
> }
> service managesieve {
>   process_limit = 256
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>     group = postfix
>     mode = 0600
>     user = postfix
>   }
>   user = vmail
> }
> listen = *
> ssl_cert = </etc/ssl/mail/mail.crt
> ssl_key = </etc/ssl/mail/mail.key
> userdb {
>   args = /etc/dovecot/dovecot-mysql.conf
>   driver = sql
> }
> protocol imap {
>   mail_plugins = quota imap_quota imap_acl acl fts fts_solr
> }
> protocol lmtp {
>   mail_plugins = quota sieve acl fts fts_solr
>   auth_socket_path = /var/run/dovecot/auth-master
>   postmaster_address = postmaster at example.com
> }
> protocol sieve {
>   managesieve_logout_format = bytes=%i/%o
> }
> plugin {
>   acl_anyone = allow
>   acl_shared_dict = file:/var/vmail/shared-mailboxes.db
>   acl = vfile
>   quota = dict:Userquota::proxy::sqlquota
>   quota_rule2 = Trash:storage=+100%%
>   sieve = /var/vmail/sieve/%u.sieve
>   sieve_after = /var/vmail/sieve/global.sieve
>   sieve_max_script_size = 1M
>   sieve_quota_max_scripts = 0
>   sieve_quota_max_storage = 0
>   #fts = solr
>   #fts_solr = url=http://127.0.0.1:8983/solr/
>   #fts_autoindex = yes
> }
> dict {
>   sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf
> }
> remote 127.0.0.1 {
>   disable_plaintext_auth = no
> }
> !i/etc/dovecot/dovecot.conf
> auth_mechanisms = plain login
> #mail_debug = yes
> disable_plaintext_auth = yes
> # Uncomment on NFS share
> #mmap_disable = yes
> #mail_fsync = always
> #mail_nfs_index = yes
> #mail_nfs_storage = yes
> login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
> mail_home = /var/vmail/%d/%n
> mail_location = maildir:~/
> mail_plugins = quota acl fts fts_solr
> auth_username_chars =
> abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
> #ssl_min_protocol = !SSLv3
> ssl_protocols = !SSLv3
> ssl_cipher_list =
> EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:
> +CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!
> MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-
> SHA:AES128-SHA
> ssl_prefer_server_ciphers = yes
> # Automatically regenerates every week
> #ssl_dh_parameters_length = 2048
> ssl_dh = /etc/dovecot/dh.pem
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> recipient_delimiter = +
> passdb {
>   args = /etc/dovecot/dovecot-mysql.conf
>   driver = sql
> }
> namespace inbox {
>   inbox = yes
>   location =
>   separator = /
>   mailbox "Trash" {
>     auto = subscribe
>     special_use = \Trash
>   }
>   mailbox "Deleted Messages" {
>     special_use = \Trash
>   }
>
> .....
>
>
> }
> namespace {
>     type = shared
>     separator = /
>     prefix = Shared/%%u/
>     location = maildir:%%h/:INDEXPVT=~/Shared/%%u
>     subscriptions = no
>     list = yes
> }
> protocols = imap sieve lmtp pop3
> service dict {
>   unix_listener dict {
>     mode = 0660
>     user = vmail
>     group = vmail
>   }
> }
> service auth {
>   unix_listener /var/spool/postfix/private/auth_dovecot {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
>   unix_listener auth-master {
>     mode = 0600
>     user = vmail
>   }
>   unix_listener auth-userdb {
>     mode = 0600
>     user = vmail
>   }
>   user = root
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>   }
>   service_count = 1
>   process_min_avail = 2
>   vsz_limit = 128M
> }
> service managesieve {
>   process_limit = 256
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>     group = postfix
>     mode = 0600
>     user = postfix
>   }
>   user = vmail
> }
> listen = *
> ssl_cert = </etc/ssl/mail/mail.crt
> ssl_key = </etc/ssl/mail/mail.key
> userdb {
>   args = /etc/dovecot/dovecot-mysql.conf
>   driver = sql
> }
> protocol imap {
>   mail_plugins = quota imap_quota imap_acl acl fts fts_solr
> }
> protocol lmtp {
>   mail_plugins = quota sieve acl fts fts_solr
>   auth_socket_path = /var/run/dovecot/auth-master
>   postmaster_address = postmaster at example.com
> }
> protocol sieve {
>   managesieve_logout_format = bytes=%i/%o
> }
> plugin {
>   acl_anyone = allow
>   acl_shared_dict = file:/var/vmail/shared-mailboxes.db
>   acl = vfile
>   quota = dict:Userquota::proxy::sqlquota
>   quota_rule2 = Trash:storage=+100%%
>   sieve = /var/vmail/sieve/%u.sieve
>   sieve_after = /var/vmail/sieve/global.sieve
>   sieve_max_script_size = 1M
>   sieve_quota_max_scripts = 0
>   sieve_quota_max_storage = 0
>   #fts = solr
>   #fts_solr = url=http://127.0.0.1:8983/solr/
>   #fts_autoindex = yes
> }
> dict {
>   sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf
> }
> remote 127.0.0.1 {
>   disable_plaintext_auth = no
> }
> !include mailcow_public_folder.conf
> mail_max_userip_connections = 500
> nclude mailcow_public_folder.conf
> mail_max_userip_connections = 500


----- Ende der Nachricht von Andreas Günther <dovecot at linuxmaker.com> -----



-- 

--------------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: https://www.tachtler.net
DokuWiki: https://dokuwiki.tachtler.net
--------------------------------------------
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : nicht verfügbar
Dateityp    : application/pgp-keys
Dateigröße  : 3121 bytes
Beschreibung: Öffentlicher PGP-Schlüssel
URL         : <https://listen.jpberlin.de/pipermail/dovecot/attachments/20200121/f8368355/attachment-0001.skr>

Mehr Informationen über die Mailingliste Dovecot