1 (edited by Neil_Brown 2020-11-08 22:51:47)

Topic: Debugging a "bad certificate" error between SoGo and sieve

iRedMail version (check /etc/iredmail-release):

1.3.2 MARIADB edition.

Deployed with iRedMail Easy or the downloadable installer?

No

Linux/BSD distribution name and version:

Debian 10

Store mail accounts in which backend (LDAP/MySQL/PGSQL):

MySQL

Web server (Apache or Nginx):

nginx

Manage mail accounts with iRedAdmin-Pro?

No

[IMPORTANT] Related original log or error message is required if you're experiencing an issue

SoGo is slow, and often shows "service unavailable" error messages".

In dovecot's sieve.log, I see:

Nov  8 14:45:09 iredmail dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<MOAEfpmzhr9/AAAB>

I don't recall making any changes which could impact this, but I must have done something. I cannot see anything problematic in dovecot.conf, but I am not sure what I am looking for.

Any thoughts on debugging / remedying this would be welcome.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Debugging a "bad certificate" error between SoGo and sieve

Please show me output of command below for troubleshooting:

grep 'Server' /etc/sogo/sogo.conf

3

Re: Debugging a "bad certificate" error between SoGo and sieve

ZhangHuangbin wrote:

Please show me output of command below for troubleshooting:

grep 'Server' /etc/sogo/sogo.conf

Thanks for your help!

SOGoIMAPServer = "imap://127.0.0.1:143/";
    SOGoSMTPServer = 127.0.0.1;
    SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES";

4

Re: Debugging a "bad certificate" error between SoGo and sieve

Try this setting and restart sogo service:

SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";

5

Re: Debugging a "bad certificate" error between SoGo and sieve

ZhangHuangbin wrote:

Try this setting and restart sogo service:

SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost";

That worked. Thank you!