1

Topic: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.8.7
- Deployed with iRedMail Easy or the downloadable installer?: downloadable installer
- Linux/BSD distribution name and version: Debian Buster 10.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): ldap
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,
after upgrading the mail server due to security updates to Debian 10.1 we encountered the the
dovecot problem: https://forum.iredmail.org/topic15113-e … rrundoveco
This fix the delivery issue. But we are unalbe to view or access the mails in dovecot. Not in roundcube or
thunderbird. Thunderbird stated a access denied where roundcube did nothing and except loading with no end. We can receive the mails from otside and can send mails tehi are delivered vut displaying and managing them is not possible.

what can we do?

2

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

What's the error in Dovecot log file (/var/log/dovecot/*log)?

neozimpi@gmail.com wrote:

- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

Please always paste related error/log so that others can help troubleshoot.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

3

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

there is no "/var/log/dovecot/"

dovecot.log:

Sep 11 16:44:12 master: Info: Dovecot v2.3.4.1 (f79e8e7e4) starting up for pop3, imap, sieve, lmtp (core dumps disabled)
Sep 11 16:44:12 config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
Sep 11 16:44:12 config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
Sep 11 16:44:12 lmtp(7427): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7432): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7430): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7433): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7431): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:13 pop3-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=192.168.0.36, lip=192.168.0.156, session=<bY76DUiSZNjAqAAk>
Sep 11 16:44:13 pop3-login: Info: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=192.168.0.36, lip=192.168.0.156, session=<bY76DUiSZNjAqAAk>
Sep 11 16:44:30 imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=192.168.0.78, lip=192.168.0.156, session=<wQoAD0iSXOLAqABO>
Sep 11 16:44:31 imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=192.168.0.78, lip=192.168.0.156, session=<RDgKD0iSXuLAqABO>

4

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

Add below line in /etc/dovecot/dovecot.conf should fix the issue:

ssl_dh = </etc/ssl/dhparams.pem

Make sure you have /etc/ssl/dhparams.pem on your server. If not, generate a strong one with command:

openssl dhparam -out /etc/ssl/dhparams.pem 2048

You can use 4096 too, but it will take longer time to generate.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee