Dovecot cant connect to imaps 993
Solution
The problem was in fact a configuration issue, which was commented on by dovecot itself in /var/log/syslog:
Jan 14 17:34:23 mysite dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=</etc/letsencrypt/live/mysite.com/fullchain.pem)
OLD Attempts
this output from telnet:
telnet mysite.com 993
Trying 127.0.1.1...
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.
is what you would expect. port 993 is the SSL encrypted port for IMAP, so talking to this via telnet is rather hard ;-)
check if ie. thunderbird works with your settings - otherwise post the output of your mailclient and/or dovecot after a failed attempt.
EDIT: you can use openssl to connect to your IMAPS port. There is another question where this has been already answered in detail: https://stackoverflow.com/q/14959461/6591024
openssl s_client -connect mysite.com:993
as stated on the linked questions answers, you may be required to enforce CRLF by using openssl s_client -connect mysite.com:993 -crlf when using MacOS or Windows (perhaps?)
Related videos on Youtube
18 : 24
02 : 25
09 : 46
03 : 24
![6. Install & Config Service Dovecot IMAP POP3 [MAIL SERVER PART 2]](https://i.ytimg.com/vi/TNjKvd4EOIk/hqdefault.jpg?sqp=-oaymwEcCOADEI4CSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLAZAvf8PgIZQW_1A1IzD72Vwcu2Nw)
07 : 21
Fandi Susanto
Updated on September 18, 2022Comments
-
Fandi Susanto over 1 year
I am trying to set up a mail server in digitalocean VPS. The problem is that i cant telnet to 993 although firewall is inactive and dovecot is listening. Please tell me where i do wrong. I followed this postfix, dovecot, mysql, spamassasin tutorial.
My Server OS:
lsb_release -aresults:
No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenialI followed the tutorial until this part:
telnet example.com 993which results in:telnet mysite.com 993 Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. Connection closed by foreign host.i checked firewall:
sudo ufw statuswhich results in:Status: inactiveAnd whether dovecot is active: sudo netstat -plutn | grep 993
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 27460/dovecot tcp6 0 0 :::993 :::* LISTEN 27460/dovecotDovecot -F shows no error, and below are output of dovecot -n:
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap lmtp pop3 service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = /etc/letsencrypt/live/mysite.com/fullchain.pem ssl_key = /etc/letsencrypt/live/mysite.com/privkey.pem userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static }Telnet to postfix smtp is okay though:
telnet mysite.com smtpresults:Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. 220 mysite.com ESMTP Postfix (Ubuntu) ehlo mysite.com 250-mysite.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.Please help.
EDIT 1:
Still no luck with
openssl s_client -connect mysite.com:993 -crlfCONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1515817904 Timeout : 300 (sec) Verify return code: 0 (ok) ---No luck with thunderbird:
Running:
telnet mysite.com 110sometimes closed immediately, sometimes delays for a minute before closing.Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. Connection closed by foreign host.From what I read somewhere else, i think i should expect this line:
+OK Dovecot (Ubuntu) ready.Further information:
sudo netstat -pltnresult:Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:34600 0.0.0.0:* LISTEN 27939/postgres tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27886/mysqld tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 27434/master tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 27460/dovecot tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2409/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 27434/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 27460/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 27460/dovecot tcp6 0 0 :::587 :::* LISTEN 27434/master tcp6 0 0 :::110 :::* LISTEN 27460/dovecot tcp6 0 0 :::80 :::* LISTEN 1519/apache2 tcp6 0 0 :::22 :::* LISTEN 2409/sshd tcp6 0 0 :::25 :::* LISTEN 27434/master tcp6 0 0 :::443 :::* LISTEN 1519/apache2 tcp6 0 0 :::993 :::* LISTEN 27460/dovecot tcp6 0 0 :::995 :::* LISTEN 27460/dovecotand btw... does this has anything to do with
sshd_config>PasswordAuthentication noAnother information:
sudo iptables-save:# Generated by iptables-save v1.6.0 on Sat Jan 13 12:55:47 2018 *filter :INPUT ACCEPT [53354:9755959] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [48733:30432882] COMMIT # Completed on Sat Jan 13 12:55:47 2018-
Michael Hampton over 6 yearsNever name a mail server with the naked domain name. This causes many things to break. Also you need to remove it from/etc/hosts.
-
-
ivanivan over 6 yearsor use
sslclientto do a SSL-ized telnet connection attempt -
Fandi Susanto over 6 yearsThanks for the answer sir. But still no luck.
-
Fandi Susanto over 6 yearsI am sure that i have ssl certs. I am using letsencrypt cert for that. And set appropriate value for that in
/etc/dovecot/conf.d/10-ssl.confand also/etc/postfix/main.cf. And i also previously tried creating self signed cert with no luck. -
Phillip -Zyan K Lee- Stockmann over 6 yearswhat do you mean by "still no luck"? Is this server some kind of lottery? :-D -
Phillip -Zyan K Lee- Stockmann over 6 yearsplease have a look at the
/var/log/mail.logwhile/after you connect viaopenssl./var/log/syslogmay have some messages about the start of dovecot as well. -
Fandi Susanto over 6 yearsToo much content in /var/log/mail.log, so i deleted it and regret it. No content in it after openssl. But one line in
/var/log/syslogsaved my life:Jan 14 17:34:23 mysite dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=</etc/letsencrypt/live/mysite.com/fullchain.pem). -
Fandi Susanto over 6 yearsWohoo... now i have my own personal email. Thanks. It feels like i won a lottery. Lol.
