Dovecot cant connect to imaps 993
Solution
The problem was in fact a configuration issue, which was commented on by dovecot itself in /var/log/syslog
:
Jan 14 17:34:23 mysite dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=</etc/letsencrypt/live/mysite.com/fullchain.pem)
OLD Attempts
this output from telnet:
telnet mysite.com 993
Trying 127.0.1.1...
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.
is what you would expect. port 993 is the SSL encrypted port for IMAP, so talking to this via telnet is rather hard ;-)
check if ie. thunderbird works with your settings - otherwise post the output of your mailclient and/or dovecot after a failed attempt.
EDIT: you can use openssl to connect to your IMAPS port. There is another question where this has been already answered in detail: https://stackoverflow.com/q/14959461/6591024
openssl s_client -connect mysite.com:993
as stated on the linked questions answers, you may be required to enforce CRLF by using openssl s_client -connect mysite.com:993 -crlf
when using MacOS or Windows (perhaps?)
Related videos on Youtube
Fandi Susanto
Updated on September 18, 2022Comments
-
Fandi Susanto over 1 year
I am trying to set up a mail server in digitalocean VPS. The problem is that i cant telnet to 993 although firewall is inactive and dovecot is listening. Please tell me where i do wrong. I followed this postfix, dovecot, mysql, spamassasin tutorial.
My Server OS:
lsb_release -a
results:
No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial
I followed the tutorial until this part:
telnet example.com 993
which results in:telnet mysite.com 993 Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. Connection closed by foreign host.
i checked firewall:
sudo ufw status
which results in:Status: inactive
And whether dovecot is active: sudo netstat -plutn | grep 993
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 27460/dovecot tcp6 0 0 :::993 :::* LISTEN 27460/dovecot
Dovecot -F shows no error, and below are output of dovecot -n:
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap lmtp pop3 service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = /etc/letsencrypt/live/mysite.com/fullchain.pem ssl_key = /etc/letsencrypt/live/mysite.com/privkey.pem userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static }
Telnet to postfix smtp is okay though:
telnet mysite.com smtp
results:Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. 220 mysite.com ESMTP Postfix (Ubuntu) ehlo mysite.com 250-mysite.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.
Please help.
EDIT 1:
Still no luck with
openssl s_client -connect mysite.com:993 -crlf
CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1515817904 Timeout : 300 (sec) Verify return code: 0 (ok) ---
Running:
telnet mysite.com 110
sometimes closed immediately, sometimes delays for a minute before closing.Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. Connection closed by foreign host.
From what I read somewhere else, i think i should expect this line:
+OK Dovecot (Ubuntu) ready.
Further information:
sudo netstat -pltn
result:Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:34600 0.0.0.0:* LISTEN 27939/postgres tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27886/mysqld tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 27434/master tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 27460/dovecot tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2409/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 27434/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 27460/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 27460/dovecot tcp6 0 0 :::587 :::* LISTEN 27434/master tcp6 0 0 :::110 :::* LISTEN 27460/dovecot tcp6 0 0 :::80 :::* LISTEN 1519/apache2 tcp6 0 0 :::22 :::* LISTEN 2409/sshd tcp6 0 0 :::25 :::* LISTEN 27434/master tcp6 0 0 :::443 :::* LISTEN 1519/apache2 tcp6 0 0 :::993 :::* LISTEN 27460/dovecot tcp6 0 0 :::995 :::* LISTEN 27460/dovecot
and btw... does this has anything to do with
sshd_config
>PasswordAuthentication no
Another information:
sudo iptables-save
:# Generated by iptables-save v1.6.0 on Sat Jan 13 12:55:47 2018 *filter :INPUT ACCEPT [53354:9755959] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [48733:30432882] COMMIT # Completed on Sat Jan 13 12:55:47 2018
-
Michael Hampton over 6 yearsNever name a mail server with the naked domain name. This causes many things to break. Also you need to remove it from
/etc/hosts
.
-
-
ivanivan over 6 yearsor use
sslclient
to do a SSL-ized telnet connection attempt -
Fandi Susanto over 6 yearsThanks for the answer sir. But still no luck.
-
Fandi Susanto over 6 yearsI am sure that i have ssl certs. I am using letsencrypt cert for that. And set appropriate value for that in
/etc/dovecot/conf.d/10-ssl.conf
and also/etc/postfix/main.cf
. And i also previously tried creating self signed cert with no luck. -
Phillip -Zyan K Lee- Stockmann over 6 yearswhat do you mean by "still no luck"? Is this server some kind of lottery? :-D
-
Phillip -Zyan K Lee- Stockmann over 6 yearsplease have a look at the
/var/log/mail.log
while/after you connect viaopenssl
./var/log/syslog
may have some messages about the start of dovecot as well. -
Fandi Susanto over 6 yearsToo much content in /var/log/mail.log, so i deleted it and regret it. No content in it after openssl. But one line in
/var/log/syslog
saved my life:Jan 14 17:34:23 mysite dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=</etc/letsencrypt/live/mysite.com/fullchain.pem)
. -
Fandi Susanto over 6 yearsWohoo... now i have my own personal email. Thanks. It feels like i won a lottery. Lol.