Aug 5, 2024: iRedMail-1.7.1 has been released.

**neozimpi@gmail.com** · 2019-09-11 21:50:36

neozimpi@gmail.com
Member
Offline

From: Berlin, Germany
Registered: 2015-03-04
Posts: 99

Topic: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.8.7
- Deployed with iRedMail Easy or the downloadable installer?: downloadable installer
- Linux/BSD distribution name and version: Debian Buster 10.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): ldap
- Web server (Apache or Nginx): apache
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,
after upgrading the mail server due to security updates to Debian 10.1 we encountered the the
dovecot problem: https://forum.iredmail.org/topic15113-e … rrundoveco
This fix the delivery issue. But we are unalbe to view or access the mails in dovecot. Not in roundcube or
thunderbird. Thunderbird stated a access denied where roundcube did nothing and except loading with no end. We can receive the mails from otside and can send mails tehi are delivered vut displaying and managing them is not possible.

what can we do?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2019-09-11 22:17:09

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,156

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

What's the error in Dovecot log file (/var/log/dovecot/*log)?

neozimpi@gmail.com wrote:

- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

Please always paste related error/log so that others can help troubleshoot.

**neozimpi@gmail.com** · 2019-09-11 22:44:56

neozimpi@gmail.com
Member
Offline

From: Berlin, Germany
Registered: 2015-03-04
Posts: 99

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

there is no "/var/log/dovecot/"

dovecot.log:

Sep 11 16:44:12 master: Info: Dovecot v2.3.4.1 (f79e8e7e4) starting up for pop3, imap, sieve, lmtp (core dumps disabled)
Sep 11 16:44:12 config: Warning: please set ssl_dh=</etc/dovecot/dh.pem
Sep 11 16:44:12 config: Warning: You can generate it with: dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem
Sep 11 16:44:12 lmtp(7427): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7432): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7430): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7433): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:12 lmtp(7431): Error: SSL context initialization failed, disabling SSL: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small
Sep 11 16:44:13 pop3-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=192.168.0.36, lip=192.168.0.156, session=<bY76DUiSZNjAqAAk>
Sep 11 16:44:13 pop3-login: Info: Disconnected: TLS initialization failed. (no auth attempts in 0 secs): user=<>, rip=192.168.0.36, lip=192.168.0.156, session=<bY76DUiSZNjAqAAk>
Sep 11 16:44:30 imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=192.168.0.78, lip=192.168.0.156, session=<wQoAD0iSXOLAqABO>
Sep 11 16:44:31 imap-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=192.168.0.78, lip=192.168.0.156, session=<RDgKD0iSXuLAqABO>

**ZhangHuangbin** · 2019-09-17 21:40:06

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,156

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

Add below line in /etc/dovecot/dovecot.conf should fix the issue:

ssl_dh = </etc/ssl/dhparams.pem

Make sure you have /etc/ssl/dhparams.pem on your server. If not, generate a strong one with command:

openssl dhparam -out /etc/ssl/dhparams.pem 2048

You can use 4096 too, but it will take longer time to generate.

Aug 5, 2024: iRedMail-1.7.1 has been released.

https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

Posts: 4

1 Topic by neozimpi@gmail.com 2019-09-11 21:50:36

Topic: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

2 Reply by ZhangHuangbin 2019-09-11 22:17:09

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

3 Reply by neozimpi@gmail.com 2019-09-11 22:44:56

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

4 Reply by ZhangHuangbin 2019-09-17 21:40:06

Re: https://forum.iredmail.org/topic15113-error-netconnectunixvarrundoveco

Posts: 4