1

Topic: Unable to disable SSLv2 and SSLv3

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):   v0.9.9
- Deployed with iRedMail Easy or the downloadable installer? download
- Linux/BSD distribution name and version: Ubuntu 18.
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  MySQL
- Web server (Apache or Nginx):  Ngnix
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

No matter what I try I continue to receive this message: 

<xx@xxx.com>: delivery via dovecot: delivered via dovecot service
    (doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider
    removing it from ssl_protocols.)

I have checked both Postfix and Dovecot config files which are precisely as suggested.  I cannot seem to effect any change in this error message.   

What am I missing.  Does it have something to do with OpenSSL?

thank you

2

Re: Unable to disable SSLv2 and SSLv3

bodywise wrote:

No matter what I try I continue to receive this message: 

<xx@xxx.com>: delivery via dovecot: delivered via dovecot service
    (doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider
    removing it from ssl_protocols.)

I have checked both Postfix and Dovecot config files which are precisely as suggested.  I cannot seem to effect any change in this error message.   

What am I missing.  Does it have something to do with OpenSSL?

You should have the following in your dovecot.conf:
ssl_protocols = !SSLv2 !SSLv3
The default iRedMail configs have this.

There are similar entries in main.cf also.

Regards,

Tom

3

Re: Unable to disable SSLv2 and SSLv3

Thank you for your comment. 

Yes.  It is done as I mentioned:

dovecot.conf:

ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key

Still getting same warning message.

And in Postfix main.cf

# TLS settings.
#
# SSL key, certificate, CA
#
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CAfile = /etc/ssl/certs/iRedMail.crt
smtpd_tls_CApath = /etc/ssl/certs

# Opportunistic TLS
smtpd_tls_protocols = !SSLv2 !SSLv3
smtp_tls_protocols = !SSLv2 !SSLv3
lmtp_tls_protocols = !SSLv2 !SSLv3

# Mandatory TLS
smtpd_tls_mandatory_protocols = !SSLv2 !SSLv3
smtp_tls_mandatory_protocols = !SSLv2 !SSLv3
lmtp_tls_mandatory_protocols = !SSLv2 !SSLv3

4

Re: Unable to disable SSLv2 and SSLv3

I think I solved this.  It seems the error message is itself faulty.  I have checked the server for SSLv2 and SSLv3 and it is indeed blocked.   Using ssllabs.com testing site.   I don't know how this error message is being generated ...

thank you