Zertifikatproblem

Dr. Martin Mandelkow dovecot at martin-mandelkow.de
Fr Sep 18 23:01:02 CEST 2020


Android-Version: 8.1.0, Sicherheitsupdate: 1. Oktober 2019
K-9 Mail Version: 5.600

FairMail funktioniert ohne Probleme. Senden und empfangen.
K-9 nicht, welche Crypto kann der denn?

Server log:
Sep 15 20:54:53 localhost dovecot[1071908]: auth: Debug: auth client
connected (pid=1071932)
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x10, ret=1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS read client hello
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write server hello
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write certificate
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write key exchange
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: auth: Debug: auth client
connected (pid=1071933)
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x10, ret=1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: before SSL initialization
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS read client hello
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write server hello
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write certificate
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write key exchange
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2001, ret=1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: SSLv3/TLS write server done
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL
alert: where=0x4004, ret=558: fatal certificate unknown
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: error
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL
alert: where=0x4004, ret=558: fatal certificate unknown
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL
error: SSL_accept() failed: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert
number 46
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL:
where=0x2002, ret=-1: error
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Debug: SSL
error: SSL_accept() failed: error:14094416:SSL
routines:ssl3_read_bytes:sslv3 alert certificate unknown: SSL alert
number 46
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Disconnected
(no auth attempts in 0 secs): user=<>, rip=10.8.0.10,
lip=XX.XXX.XXX.XXX, TLS handshaking: SSL_accept() failed:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
unknown: SSL alert number 46, session=
Sep 15 20:54:53 localhost dovecot[1071908]: imap-login: Disconnected
(no auth attempts in 0 secs): user=<>, rip=10.8.0.10,
lip=XX.XXX.XXX.XXX, TLS handshaking: SSL_accept() failed:
error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate
unknown: SSL alert number 46, session=
Sep 15 20:54:58 localhost dovecot[1071908]: auth: Debug: auth client
connected (pid=1071934)

lg Martin

Am 17.09.2020 um 06:46 schrieb Frank Kirschner:
>> Hallo!
>>
>> Ich habe einen neuen Mailserver mit Postfix + Dovecot aufgesetzt
>> (CentOS 8). Die Konfiguration habe ich von meinem alten Server
>> (CentOS 6) übernommen.
>>
>> Jetzt verbindet sich meine Android-App (K-9 Mail) nicht mehr per
>> IMAP. Thunderbird funktioniert.
>>
>> Wo ist der Fehler?
>>
>>
>>
>> [root at localhost ~]# dovecot --version 2.3.8 (9df20d2db)
>>
>> [root at localhost ~]# doveconf -n # 2.3.8 (9df20d2db):
>> /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.8 (b7b03ba2) #
>> OS: Linux 4.18.0-193.6.3.el8_2.x86_64 x86_64 CentOS Linux
>> release 8.2.2004 (Core) # Hostname: localhost auth_debug = yes
>> auth_debug_passwords = yes auth_mechanisms = cram-md5 plain
>> login auth_verbose = yes auth_verbose_passwords = sha1
>> first_valid_uid = 1000 mail_debug = yes mail_location =
>> maildir:~/Maildir managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify
>> environment mailbox date index ihave duplicate mime foreverypart
>> extracttext mbox_write_locks = fcntl namespace inbox { inbox =
>> yes location = mailbox Drafts { special_use = \Drafts } mailbox
>> Junk { special_use = \Junk } mailbox Sent { special_use = \Sent
>> } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash
>> { special_use = \Trash } prefix = } passdb { driver = pam }
>> passdb { args = scheme=CRYPT username_format=%u
>> /etc/dovecot/users driver = passwd-file } plugin { sieve =
>> ~/.dovecot.sieve sieve_dir = ~/sieve sieve_global_dir =
>> /etc/dovecot/sieve/global/ sieve_global_path =
>> /etc/dovecot/sieve/default.sieve } protocols = imap sieve lmtp
>> sieve service auth { unix_listener
>> /var/spool/postfix/private/auth { group = postfix mode = 0666
>> user = postfix } } service lmtp { unix_listener
>> /var/spool/postfix/private/dovecot-lmtp { group = postfix mode =
>> 0600 user = postfix } } service managesieve-login { inet_listener
>> sieve { port = 4190 } } ssl_cert =
>> </etc/pki/tls/certs/certificate.cer ssl_key = # hidden, use -P to
>> show it userdb { driver = passwd } userdb { args =
>> username_format=%u /etc/dovecot/users driver = passwd-file }
>> verbose_ssl = yes protocol lmtp { auth_username_format = %n
>> mail_plugins = " quota sieve" postmaster_address =
>> postmaster at xxx.de } protocol sieve { managesieve_max_line_length
>> = 65536 }
>>
> Was steht denn im Logfile vom Dovecot wenn ein Verbindungsversuch
> erfolgt?
>
> lg Frank


Mehr Informationen über die Mailingliste Dovecot