Roaming email broke with update to fedora 21

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Roaming email broke with update to fedora 21

David Highley
Description of the setup; remote access for email via web server with
squirrelmail and dovecot. Configured to use imap port 993 and smtp tls.
Email resides on another internal email server. This has been working
for many years and was working on fedora 20. After new install of web
server to fedora 21 and an update to the email server to fedora 21 the
roaming email access has been broken; Error connecting to IMAP server:
tls://mail.  0 :

Have verified the web server can connect to the email server:
openssl s_client -connect imap.example.com:993
openssl s_client -connect imap.example.com:143 -starttls imap

With the two commands above we get a connect for port 993 and for port
143 we are able to login and find the email folder.

Software versions are:
sendmail-8.14.9-5.fc21.x86_64
dovecot-2.2.15-2.fc21.x86_64
squirrelmail-1.4.22-15.fc21.noarch
php-5.6.5-1.fc21.x86_64

The squirrelmail config_local.php file looks like this:
<?php

/**
 * Local config overrides.
 *
 * You can override the config.php settings here.
 * Don't do it unless you know what you're doing.
 * Use standard PHP syntax, see config.php for examples.
 *
 * @copyright &copy; 2002-2006 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 * @subpackage config
 */

$org_name                  = "Highley Recommended, Inc.";
$org_logo                  = SM_PATH . 'images/hlclogo.jpg';
$org_logo_height           = '332';
$org_title                 = "Highley Recommended, Inc.";
$provider_uri              = 'http://www.highley-recommended.com';
$provider_name             = 'Highley Recommended';
$domain                    = 'highley-recommended.com';
$imapServerAddress         = 'mail';
$imapPort                  = 993;
$sendmail_args             = '-i -t';
$pop_before_smtp_host      = '';
$imap_server_type          = 'dovecot';
$plugins[3]                = 'view_as_html';
$plugins[4]                = 'calendar';
$abook_global_file_listing = true;
$abook_file_line_length    = 2048;
$encode_header_key         = '';
$default_charset           = 'iso-8859-1';
$hide_auth_header          = false;
$smtp_sitewide_user        = '';
$smtp_sitewide_pass        = '';
$use_imap_tls              = true;
$use_smtp_tls              = true;
$only_secure_cookies       = true;
$disable_security_tokens   = false;
$check_referrer            = '';
$default_folder_prefix     = '';
?>

The issue seems to be the outside web server which is the email client
in this configuration. What are we missing?

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

mick.crane
On 22/02/2015, David Highley <[hidden email]> wrote:

> Description of the setup; remote access for email via web server with
> squirrelmail and dovecot. Configured to use imap port 993 and smtp tls.
> Email resides on another internal email server. This has been working
> for many years and was working on fedora 20. After new install of web
> server to fedora 21 and an update to the email server to fedora 21 the
> roaming email access has been broken; Error connecting to IMAP server:
> tls://mail.  0 :
>
> Have verified the web server can connect to the email server:
> openssl s_client -connect imap.example.com:993
> openssl s_client -connect imap.example.com:143 -starttls imap
>
bearing in mind that I am amateur dummy I would make an instance of
dovecot on the machine with the webserver and see if it worked then (
if it did ) look to the network addressing in the config files.

cheers

mick

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

Paul Lesniewski
In reply to this post by David Highley
On Sunday, February 22, 2015, David Highley <
[hidden email]> wrote:

> Description of the setup; remote access for email via web server with
> squirrelmail and dovecot. Configured to use imap port 993 and smtp tls.
> Email resides on another internal email server. This has been working
> for many years and was working on fedora 20. After new install of web
> server to fedora 21 and an update to the email server to fedora 21 the
> roaming email access has been broken; Error connecting to IMAP server:
> tls://mail.  0 :


It appears to be trying to connect to a hostname without the rest of your
domain. This corresponds to your IMAP server address of just 'mail'



--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

David Highley
In reply to this post by David Highley
"Paul Lesniewski wrote:"

>
> On Sunday, February 22, 2015, David Highley <
> [hidden email]> wrote:
>
> > Description of the setup; remote access for email via web server with
> > squirrelmail and dovecot. Configured to use imap port 993 and smtp tls.
> > Email resides on another internal email server. This has been working
> > for many years and was working on fedora 20. After new install of web
> > server to fedora 21 and an update to the email server to fedora 21 the
> > roaming email access has been broken; Error connecting to IMAP server:
> > tls://mail.  0 :
>
>
> It appears to be trying to connect to a hostname without the rest of your
> domain. This corresponds to your IMAP server address of just 'mail'

That was a mistake, but should have worked anyway with the host alias in
the host file.

We installed thunderbird to help with testing and have made some
progress. We are able to use 993 imap access for reading email and
modified the web server so it can send email after we found that the
email server rejects any type of relaying. Bit confused as to how this
appeared to work in the past.

So we changed the config_local.php file not to use imap_tls or smtp_tls
and now we see a very long conncecting followed by the error message:
ERROR: Connection dropped by IMAP server.

We have checked the journalctl logs on both hosts and neither log
anything. We do see the web ssl access and request.

>
>
>
> --
> Paul Lesniewski
> SquirrelMail Team
> Please support Open Source Software by donating to SquirrelMail!
> http://squirrelmail.org/donate_paul_lesniewski.php
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>



------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

David Highley
"David Highley wrote:"

>
> "Paul Lesniewski wrote:"
> >
> > On Sunday, February 22, 2015, David Highley <
> > [hidden email]> wrote:
> >
> > > Description of the setup; remote access for email via web server with
> > > squirrelmail and dovecot. Configured to use imap port 993 and smtp tls.
> > > Email resides on another internal email server. This has been working
> > > for many years and was working on fedora 20. After new install of web
> > > server to fedora 21 and an update to the email server to fedora 21 the
> > > roaming email access has been broken; Error connecting to IMAP server:
> > > tls://mail.  0 :
> >
> >
> > It appears to be trying to connect to a hostname without the rest of your
> > domain. This corresponds to your IMAP server address of just 'mail'
>
> That was a mistake, but should have worked anyway with the host alias in
> the host file.
>
> We installed thunderbird to help with testing and have made some
> progress. We are able to use 993 imap access for reading email and
> modified the web server so it can send email after we found that the
> email server rejects any type of relaying. Bit confused as to how this
> appeared to work in the past.
>
> So we changed the config_local.php file not to use imap_tls or smtp_tls
> and now we see a very long conncecting followed by the error message:
> ERROR: Connection dropped by IMAP server.
>
> We have checked the journalctl logs on both hosts and neither log
> anything. We do see the web ssl access and request.

We are still learning how to find information with journalctl. We see
the error below and have tried several different things that seemed to
fix this issue for others but so far we are not able to make this work.

The error:
dovecot[1857]: imap-login: Disconnected (no auth attempts in 60 secs):
user=<>, rip=10.2.2.3, lip=10.2.2.7, TLS handshaking: SSL_accept()
failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol, session=<yhak9c0PTwAKAgID>

Since we are using 993 with thunderbird which also uses dovecot why
would it not work for squirrelmail?

>
> >
> >
> >
> > --
> > Paul Lesniewski
> > SquirrelMail Team
> > Please support Open Source Software by donating to SquirrelMail!
> > http://squirrelmail.org/donate_paul_lesniewski.php
> > ------------------------------------------------------------------------------
> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> > from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> > with Interactivity, Sharing, Native Excel Exports, App Integration & more
> > Get technology previously reserved for billion-dollar corporations, FREE
> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> > -----
> > squirrelmail-users mailing list
> > Posting guidelines: http://squirrelmail.org/postingguidelines
> > List address: [hidden email]
> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> > List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
> >
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

"Tóth Attila"
The error message speaks for itself. Check dovecot's ssl configuration
settings. Especially ssl_cipher_list in conf.d/10-ssl.conf
http://wiki2.dovecot.org/SSL/DovecotConfiguration
--
dr Tóth Attila, Radiológus, 06-20-825-8057
Attila Toth MD, Radiologist, +36-20-825-8057

2015.Február 24.(K) 05:59 időpontban David Highley ezt írta:

> "David Highley wrote:"
>>
>> "Paul Lesniewski wrote:"
>> >
>> > On Sunday, February 22, 2015, David Highley <
>> > [hidden email]> wrote:
>> >
>> > > Description of the setup; remote access for email via web server
>> with
>> > > squirrelmail and dovecot. Configured to use imap port 993 and smtp
>> tls.
>> > > Email resides on another internal email server. This has been
>> working
>> > > for many years and was working on fedora 20. After new install of
>> web
>> > > server to fedora 21 and an update to the email server to fedora 21
>> the
>> > > roaming email access has been broken; Error connecting to IMAP
>> server:
>> > > tls://mail.  0 :
>> >
>> >
>> > It appears to be trying to connect to a hostname without the rest of
>> your
>> > domain. This corresponds to your IMAP server address of just 'mail'
>>
>> That was a mistake, but should have worked anyway with the host alias in
>> the host file.
>>
>> We installed thunderbird to help with testing and have made some
>> progress. We are able to use 993 imap access for reading email and
>> modified the web server so it can send email after we found that the
>> email server rejects any type of relaying. Bit confused as to how this
>> appeared to work in the past.
>>
>> So we changed the config_local.php file not to use imap_tls or smtp_tls
>> and now we see a very long conncecting followed by the error message:
>> ERROR: Connection dropped by IMAP server.
>>
>> We have checked the journalctl logs on both hosts and neither log
>> anything. We do see the web ssl access and request.
>
> We are still learning how to find information with journalctl. We see
> the error below and have tried several different things that seemed to
> fix this issue for others but so far we are not able to make this work.
>
> The error:
> dovecot[1857]: imap-login: Disconnected (no auth attempts in 60 secs):
> user=<>, rip=10.2.2.3, lip=10.2.2.7, TLS handshaking: SSL_accept()
> failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol, session=<yhak9c0PTwAKAgID>
>
> Since we are using 993 with thunderbird which also uses dovecot why
> would it not work for squirrelmail?
>
>>
>> >
>> >
>> >
>> > --
>> > Paul Lesniewski
>> > SquirrelMail Team
>> > Please support Open Source Software by donating to SquirrelMail!
>> > http://squirrelmail.org/donate_paul_lesniewski.php
>> > ------------------------------------------------------------------------------
>> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> > from Actuate! Instantly Supercharge Your Business Reports and
>> Dashboards
>> > with Interactivity, Sharing, Native Excel Exports, App Integration &
>> more
>> > Get technology previously reserved for billion-dollar corporations,
>> FREE
>> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> > -----
>> > squirrelmail-users mailing list
>> > Posting guidelines: http://squirrelmail.org/postingguidelines
>> > List address: [hidden email]
>> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> > List info (subscribe/unsubscribe/change options):
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> with Interactivity, Sharing, Native Excel Exports, App Integration &
>> more
>> Get technology previously reserved for billion-dollar corporations, FREE
>> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> -----
>> squirrelmail-users mailing list
>> Posting guidelines: http://squirrelmail.org/postingguidelines
>> List address: [hidden email]
>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> List info (subscribe/unsubscribe/change options):
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options):
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>



------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

David Highley
"=?utf-8?B?IlTDs3RoIEF0dGlsYSI=?= wrote:"
>
> The error message speaks for itself. Check dovecot's ssl configuration
> settings. Especially ssl_cipher_list in conf.d/10-ssl.conf

The file has no list defined, just these comments.
# SSL ciphers to use
# #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL

Looks like SSLv2 is disabled. What does squirrelmail need?

> http://wiki2.dovecot.org/SSL/DovecotConfiguration
> --
> dr Tóth Attila, Radiológus, 06-20-825-8057
> Attila Toth MD, Radiologist, +36-20-825-8057
>
> 2015.Február 24.(K) 05:59 időpontban David Highley ezt írta:
> > "David Highley wrote:"
> >>
> >> "Paul Lesniewski wrote:"
> >> >
> >> > On Sunday, February 22, 2015, David Highley <
> >> > [hidden email]> wrote:
> >> >
> >> > > Description of the setup; remote access for email via web server
> >> with
> >> > > squirrelmail and dovecot. Configured to use imap port 993 and smtp
> >> tls.
> >> > > Email resides on another internal email server. This has been
> >> working
> >> > > for many years and was working on fedora 20. After new install of
> >> web
> >> > > server to fedora 21 and an update to the email server to fedora 21
> >> the
> >> > > roaming email access has been broken; Error connecting to IMAP
> >> server:
> >> > > tls://mail.  0 :
> >> >
> >> >
> >> > It appears to be trying to connect to a hostname without the rest of
> >> your
> >> > domain. This corresponds to your IMAP server address of just 'mail'
> >>
> >> That was a mistake, but should have worked anyway with the host alias in
> >> the host file.
> >>
> >> We installed thunderbird to help with testing and have made some
> >> progress. We are able to use 993 imap access for reading email and
> >> modified the web server so it can send email after we found that the
> >> email server rejects any type of relaying. Bit confused as to how this
> >> appeared to work in the past.
> >>
> >> So we changed the config_local.php file not to use imap_tls or smtp_tls
> >> and now we see a very long conncecting followed by the error message:
> >> ERROR: Connection dropped by IMAP server.
> >>
> >> We have checked the journalctl logs on both hosts and neither log
> >> anything. We do see the web ssl access and request.
> >
> > We are still learning how to find information with journalctl. We see
> > the error below and have tried several different things that seemed to
> > fix this issue for others but so far we are not able to make this work.
> >
> > The error:
> > dovecot[1857]: imap-login: Disconnected (no auth attempts in 60 secs):
> > user=<>, rip=10.2.2.3, lip=10.2.2.7, TLS handshaking: SSL_accept()
> > failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> > protocol, session=<yhak9c0PTwAKAgID>
> >
> > Since we are using 993 with thunderbird which also uses dovecot why
> > would it not work for squirrelmail?
> >
> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Paul Lesniewski
> >> > SquirrelMail Team
> >> > Please support Open Source Software by donating to SquirrelMail!
> >> > http://squirrelmail.org/donate_paul_lesniewski.php
> >> > ------------------------------------------------------------------------------
> >> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> >> > from Actuate! Instantly Supercharge Your Business Reports and
> >> Dashboards
> >> > with Interactivity, Sharing, Native Excel Exports, App Integration &
> >> more
> >> > Get technology previously reserved for billion-dollar corporations,
> >> FREE
> >> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> >> > -----
> >> > squirrelmail-users mailing list
> >> > Posting guidelines: http://squirrelmail.org/postingguidelines
> >> > List address: [hidden email]
> >> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> >> > List info (subscribe/unsubscribe/change options):
> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
> >> >
> >>
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> >> with Interactivity, Sharing, Native Excel Exports, App Integration &
> >> more
> >> Get technology previously reserved for billion-dollar corporations, FREE
> >> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
> >> -----
> >> squirrelmail-users mailing list
> >> Posting guidelines: http://squirrelmail.org/postingguidelines
> >> List address: [hidden email]
> >> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> >> List info (subscribe/unsubscribe/change options):
> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
> >>
> >
> > ------------------------------------------------------------------------------
> > Dive into the World of Parallel Programming The Go Parallel Website,
> > sponsored
> > by Intel and developed in partnership with Slashdot Media, is your hub for
> > all
> > things parallel software development, from weekly thought leadership blogs
> > to
> > news, videos, case studies, tutorials and more. Take a look and join the
> > conversation now. http://goparallel.sourceforge.net/
> > -----
> > squirrelmail-users mailing list
> > Posting guidelines: http://squirrelmail.org/postingguidelines
> > List address: [hidden email]
> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> > List info (subscribe/unsubscribe/change options):
> > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
> >
>
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

Rich Hall



On Wed, February 25, 2015 16:21, David Highley wrote:

> ""Tóth Attila" wrote:"
>>
>> The error message speaks for itself. Check dovecot's ssl configuration
>> settings. Especially ssl_cipher_list in conf.d/10-ssl.conf
>
> The file has no list defined, just these comments.
> # SSL ciphers to use
> # #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
>
> Looks like SSLv2 is disabled. What does squirrelmail need?
>
>> http://wiki2.dovecot.org/SSL/DovecotConfiguration
>> --
>> dr Tóth Attila, Radiológus, 06-20-825-8057
>> Attila Toth MD, Radiologist, +36-20-825-8057
>>
>> 2015.Február 24.(K) 05:59 időpontban David Highley ezt írta:
>> > "David Highley wrote:"
>> >>
>> >> "Paul Lesniewski wrote:"
>> >> >
>> >> > On Sunday, February 22, 2015, David Highley <
>> >> > [hidden email]> wrote:
>> >> >
>> >> > > Description of the setup; remote access for email via web server
>> >> with
>> >> > > squirrelmail and dovecot. Configured to use imap port 993 and smtp
>> >> tls.
>> >> > > Email resides on another internal email server. This has been
>> >> working
>> >> > > for many years and was working on fedora 20. After new install of
>> >> web
>> >> > > server to fedora 21 and an update to the email server to fedora 21
>> >> the
>> >> > > roaming email access has been broken; Error connecting to IMAP
>> >> server:
>> >> > > tls://mail.  0 :
>> >> >
>> >> >
>> >> > It appears to be trying to connect to a hostname without the rest of
>> >> your
>> >> > domain. This corresponds to your IMAP server address of just 'mail'
>> >>
>> >> That was a mistake, but should have worked anyway with the host alias in
>> >> the host file.
>> >>
>> >> We installed thunderbird to help with testing and have made some
>> >> progress. We are able to use 993 imap access for reading email and
>> >> modified the web server so it can send email after we found that the
>> >> email server rejects any type of relaying. Bit confused as to how this
>> >> appeared to work in the past.
>> >>
>> >> So we changed the config_local.php file not to use imap_tls or smtp_tls
>> >> and now we see a very long conncecting followed by the error message:
>> >> ERROR: Connection dropped by IMAP server.
>> >>
>> >> We have checked the journalctl logs on both hosts and neither log
>> >> anything. We do see the web ssl access and request.
>> >
>> > We are still learning how to find information with journalctl. We see
>> > the error below and have tried several different things that seemed to
>> > fix this issue for others but so far we are not able to make this work.
>> >
>> > The error:
>> > dovecot[1857]: imap-login: Disconnected (no auth attempts in 60 secs):
>> > user=<>, rip=10.2.2.3, lip=10.2.2.7, TLS handshaking: SSL_accept()
>> > failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>> > protocol, session=<yhak9c0PTwAKAgID>
>> >
>> > Since we are using 993 with thunderbird which also uses dovecot why
>> > would it not work for squirrelmail?
>> >
>> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Paul Lesniewski
>> >> > SquirrelMail Team
>> >> > Please support Open Source Software by donating to SquirrelMail!
>> >> > http://squirrelmail.org/donate_paul_lesniewski.php
>> >> > ------------------------------------------------------------------------------
>> >> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> >> > from Actuate! Instantly Supercharge Your Business Reports and
>> >> Dashboards
>> >> > with Interactivity, Sharing, Native Excel Exports, App Integration &
>> >> more
>> >> > Get technology previously reserved for billion-dollar corporations,
>> >> FREE
>> >> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> >> > -----
>> >> > squirrelmail-users mailing list
>> >> > Posting guidelines: http://squirrelmail.org/postingguidelines
>> >> > List address: [hidden email]
>> >> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> >> > List info (subscribe/unsubscribe/change options):
>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >> >
>> >>
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
>> >> with Interactivity, Sharing, Native Excel Exports, App Integration &
>> >> more
>> >> Get technology previously reserved for billion-dollar corporations, FREE
>> >> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> >> -----
>> >> squirrelmail-users mailing list
>> >> Posting guidelines: http://squirrelmail.org/postingguidelines
>> >> List address: [hidden email]
>> >> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> >> List info (subscribe/unsubscribe/change options):
>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >>
>> >
>> > ------------------------------------------------------------------------------
>> > Dive into the World of Parallel Programming The Go Parallel Website,
>> > sponsored
>> > by Intel and developed in partnership with Slashdot Media, is your hub for
>> > all
>> > things parallel software development, from weekly thought leadership blogs
>> > to
>> > news, videos, case studies, tutorials and more. Take a look and join the
>> > conversation now. http://goparallel.sourceforge.net/
>> > -----
>> > squirrelmail-users mailing list
>> > Posting guidelines: http://squirrelmail.org/postingguidelines
>> > List address: [hidden email]
>> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> > List info (subscribe/unsubscribe/change options):
>> > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for all
>> things parallel software development, from weekly thought leadership blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> -----
>> squirrelmail-users mailing list
>> Posting guidelines: http://squirrelmail.org/postingguidelines
>> List address: [hidden email]
>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> List info (subscribe/unsubscribe/change options):
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website, sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for all
> things parallel software development, from weekly thought leadership blogs to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/-----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options):
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users


You don't want SSLv2 or SSLv3 enabled at all...  both are insecure now.

-R

--
------------------------------------------------------------------------
 Rich Hall
 [hidden email]
 http://www.netlynx.us/rich/
 ham radio: kf6arx
------------------------------------------------------------------------
 Some people are like slinkies.. Not really good for anything useful,
 but they bring a smile to your face when pushed down the stairs.
------------------------------------------------------------------------
 And remember - if it ain't broke, hit it again.


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

warren
How do I take take myself off this list ?  Tks, Warren



>
>
>
> On Wed, February 25, 2015 16:21, David Highley wrote:
>> ""Tóth Attila" wrote:"
>>>
>>> The error message speaks for itself. Check dovecot's ssl configuration
>>> settings. Especially ssl_cipher_list in conf.d/10-ssl.conf
>>
>> The file has no list defined, just these comments.
>> # SSL ciphers to use
>> # #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
>>
>> Looks like SSLv2 is disabled. What does squirrelmail need?
>>
>>> http://wiki2.dovecot.org/SSL/DovecotConfiguration
>>> --
>>> dr Tóth Attila, Radiológus, 06-20-825-8057
>>> Attila Toth MD, Radiologist, +36-20-825-8057
>>>
>>> 2015.Február 24.(K) 05:59 időpontban David Highley ezt írta:
>>> > "David Highley wrote:"
>>> >>
>>> >> "Paul Lesniewski wrote:"
>>> >> >
>>> >> > On Sunday, February 22, 2015, David Highley <
>>> >> > [hidden email]> wrote:
>>> >> >
>>> >> > > Description of the setup; remote access for email via web server
>>> >> with
>>> >> > > squirrelmail and dovecot. Configured to use imap port 993 and
>>> smtp
>>> >> tls.
>>> >> > > Email resides on another internal email server. This has been
>>> >> working
>>> >> > > for many years and was working on fedora 20. After new install
>>> of
>>> >> web
>>> >> > > server to fedora 21 and an update to the email server to fedora
>>> 21
>>> >> the
>>> >> > > roaming email access has been broken; Error connecting to IMAP
>>> >> server:
>>> >> > > tls://mail.  0 :
>>> >> >
>>> >> >
>>> >> > It appears to be trying to connect to a hostname without the rest
>>> of
>>> >> your
>>> >> > domain. This corresponds to your IMAP server address of just
>>> 'mail'
>>> >>
>>> >> That was a mistake, but should have worked anyway with the host
>>> alias in
>>> >> the host file.
>>> >>
>>> >> We installed thunderbird to help with testing and have made some
>>> >> progress. We are able to use 993 imap access for reading email and
>>> >> modified the web server so it can send email after we found that the
>>> >> email server rejects any type of relaying. Bit confused as to how
>>> this
>>> >> appeared to work in the past.
>>> >>
>>> >> So we changed the config_local.php file not to use imap_tls or
>>> smtp_tls
>>> >> and now we see a very long conncecting followed by the error
>>> message:
>>> >> ERROR: Connection dropped by IMAP server.
>>> >>
>>> >> We have checked the journalctl logs on both hosts and neither log
>>> >> anything. We do see the web ssl access and request.
>>> >
>>> > We are still learning how to find information with journalctl. We see
>>> > the error below and have tried several different things that seemed
>>> to
>>> > fix this issue for others but so far we are not able to make this
>>> work.
>>> >
>>> > The error:
>>> > dovecot[1857]: imap-login: Disconnected (no auth attempts in 60
>>> secs):
>>> > user=<>, rip=10.2.2.3, lip=10.2.2.7, TLS handshaking: SSL_accept()
>>> > failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>>> > protocol, session=<yhak9c0PTwAKAgID>
>>> >
>>> > Since we are using 993 with thunderbird which also uses dovecot why
>>> > would it not work for squirrelmail?
>>> >
>>> >>
>>> >> >
>>> >> >
>>> >> >
>>> >> > --
>>> >> > Paul Lesniewski
>>> >> > SquirrelMail Team
>>> >> > Please support Open Source Software by donating to SquirrelMail!
>>> >> > http://squirrelmail.org/donate_paul_lesniewski.php
>>> >> > ------------------------------------------------------------------------------
>>> >> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>> >> > from Actuate! Instantly Supercharge Your Business Reports and
>>> >> Dashboards
>>> >> > with Interactivity, Sharing, Native Excel Exports, App Integration
>>> &
>>> >> more
>>> >> > Get technology previously reserved for billion-dollar
>>> corporations,
>>> >> FREE
>>> >> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>>> >> > -----
>>> >> > squirrelmail-users mailing list
>>> >> > Posting guidelines: http://squirrelmail.org/postingguidelines
>>> >> > List address: [hidden email]
>>> >> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>> >> > List info (subscribe/unsubscribe/change options):
>>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>> >> >
>>> >>
>>> >>
>>> >>
>>> >> ------------------------------------------------------------------------------
>>> >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>> >> from Actuate! Instantly Supercharge Your Business Reports and
>>> Dashboards
>>> >> with Interactivity, Sharing, Native Excel Exports, App Integration &
>>> >> more
>>> >> Get technology previously reserved for billion-dollar corporations,
>>> FREE
>>> >> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>>> >> -----
>>> >> squirrelmail-users mailing list
>>> >> Posting guidelines: http://squirrelmail.org/postingguidelines
>>> >> List address: [hidden email]
>>> >> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>> >> List info (subscribe/unsubscribe/change options):
>>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>> >>
>>> >
>>> > ------------------------------------------------------------------------------
>>> > Dive into the World of Parallel Programming The Go Parallel Website,
>>> > sponsored
>>> > by Intel and developed in partnership with Slashdot Media, is your
>>> hub for
>>> > all
>>> > things parallel software development, from weekly thought leadership
>>> blogs
>>> > to
>>> > news, videos, case studies, tutorials and more. Take a look and join
>>> the
>>> > conversation now. http://goparallel.sourceforge.net/
>>> > -----
>>> > squirrelmail-users mailing list
>>> > Posting guidelines: http://squirrelmail.org/postingguidelines
>>> > List address: [hidden email]
>>> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>> > List info (subscribe/unsubscribe/change options):
>>> > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>> >
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website,
>>> sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub
>>> for all
>>> things parallel software development, from weekly thought leadership
>>> blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join
>>> the
>>> conversation now. http://goparallel.sourceforge.net/
>>> -----
>>> squirrelmail-users mailing list
>>> Posting guidelines: http://squirrelmail.org/postingguidelines
>>> List address: [hidden email]
>>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>> List info (subscribe/unsubscribe/change options):
>>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/-----
>> squirrelmail-users mailing list
>> Posting guidelines: http://squirrelmail.org/postingguidelines
>> List address: [hidden email]
>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> List info (subscribe/unsubscribe/change options):
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>
>
> You don't want SSLv2 or SSLv3 enabled at all...  both are insecure now.
>
> -R
>
> --
> ------------------------------------------------------------------------
>  Rich Hall
>  [hidden email]
>  http://www.netlynx.us/rich/
>  ham radio: kf6arx
> ------------------------------------------------------------------------
>  Some people are like slinkies.. Not really good for anything useful,
>  but they bring a smile to your face when pushed down the stairs.
> ------------------------------------------------------------------------
>  And remember - if it ain't broke, hit it again.
>
>
> ------------------------------------------------------------------------------
> Dive into the World of Parallel Programming The Go Parallel Website,
> sponsored
> by Intel and developed in partnership with Slashdot Media, is your hub for
> all
> things parallel software development, from weekly thought leadership blogs
> to
> news, videos, case studies, tutorials and more. Take a look and join the
> conversation now. http://goparallel.sourceforge.net/
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options):
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>


Warren Mitchell - Director
AC Medical International Pty Ltd
mob. 0412 264 594
www.acmedint.com


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

Rich Hall
It is posted a;; through out this posting.. just look..

> List info (subscribe/unsubscribe/change options):
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users


On Thu, February 26, 2015 00:10, [hidden email] wrote:

> How do I take take myself off this list ?  Tks, Warren
>
>
>
>>
>>
>>
>> On Wed, February 25, 2015 16:21, David Highley wrote:
>>> ""Tóth Attila" wrote:"
>>>>
>>>> The error message speaks for itself. Check dovecot's ssl configuration
>>>> settings. Especially ssl_cipher_list in conf.d/10-ssl.conf
>>>
>>> The file has no list defined, just these comments.
>>> # SSL ciphers to use
>>> # #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
>>>
>>> Looks like SSLv2 is disabled. What does squirrelmail need?
>>>
>>>> http://wiki2.dovecot.org/SSL/DovecotConfiguration
>>>> --
>>>> dr Tóth Attila, Radiológus, 06-20-825-8057
>>>> Attila Toth MD, Radiologist, +36-20-825-8057
>>>>
>>>> 2015.Február 24.(K) 05:59 időpontban David Highley ezt írta:
>>>> > "David Highley wrote:"
>>>> >>
>>>> >> "Paul Lesniewski wrote:"
>>>> >> >
>>>> >> > On Sunday, February 22, 2015, David Highley <
>>>> >> > [hidden email]> wrote:
>>>> >> >
>>>> >> > > Description of the setup; remote access for email via web server
>>>> >> with
>>>> >> > > squirrelmail and dovecot. Configured to use imap port 993 and
>>>> smtp
>>>> >> tls.
>>>> >> > > Email resides on another internal email server. This has been
>>>> >> working
>>>> >> > > for many years and was working on fedora 20. After new install
>>>> of
>>>> >> web
>>>> >> > > server to fedora 21 and an update to the email server to fedora
>>>> 21
>>>> >> the
>>>> >> > > roaming email access has been broken; Error connecting to IMAP
>>>> >> server:
>>>> >> > > tls://mail.  0 :
>>>> >> >
>>>> >> >
>>>> >> > It appears to be trying to connect to a hostname without the rest
>>>> of
>>>> >> your
>>>> >> > domain. This corresponds to your IMAP server address of just
>>>> 'mail'
>>>> >>
>>>> >> That was a mistake, but should have worked anyway with the host
>>>> alias in
>>>> >> the host file.
>>>> >>
>>>> >> We installed thunderbird to help with testing and have made some
>>>> >> progress. We are able to use 993 imap access for reading email and
>>>> >> modified the web server so it can send email after we found that the
>>>> >> email server rejects any type of relaying. Bit confused as to how
>>>> this
>>>> >> appeared to work in the past.
>>>> >>
>>>> >> So we changed the config_local.php file not to use imap_tls or
>>>> smtp_tls
>>>> >> and now we see a very long conncecting followed by the error
>>>> message:
>>>> >> ERROR: Connection dropped by IMAP server.
>>>> >>
>>>> >> We have checked the journalctl logs on both hosts and neither log
>>>> >> anything. We do see the web ssl access and request.
>>>> >
>>>> > We are still learning how to find information with journalctl. We see
>>>> > the error below and have tried several different things that seemed
>>>> to
>>>> > fix this issue for others but so far we are not able to make this
>>>> work.
>>>> >
>>>> > The error:
>>>> > dovecot[1857]: imap-login: Disconnected (no auth attempts in 60
>>>> secs):
>>>> > user=<>, rip=10.2.2.3, lip=10.2.2.7, TLS handshaking: SSL_accept()
>>>> > failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>>>> > protocol, session=<yhak9c0PTwAKAgID>
>>>> >
>>>> > Since we are using 993 with thunderbird which also uses dovecot why
>>>> > would it not work for squirrelmail?
>>>> >
>>>> >>
>>>> >> >
>>>> >> >
>>>> >> >
>>>> >> > --
>>>> >> > Paul Lesniewski
>>>> >> > SquirrelMail Team
>>>> >> > Please support Open Source Software by donating to SquirrelMail!
>>>> >> > http://squirrelmail.org/donate_paul_lesniewski.php
>>>> >> > ------------------------------------------------------------------------------
>>>> >> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>>> >> > from Actuate! Instantly Supercharge Your Business Reports and
>>>> >> Dashboards
>>>> >> > with Interactivity, Sharing, Native Excel Exports, App Integration
>>>> &
>>>> >> more
>>>> >> > Get technology previously reserved for billion-dollar
>>>> corporations,
>>>> >> FREE
>>>> >> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>>>> >> > -----
>>>> >> > squirrelmail-users mailing list
>>>> >> > Posting guidelines: http://squirrelmail.org/postingguidelines
>>>> >> > List address: [hidden email]
>>>> >> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>>> >> > List info (subscribe/unsubscribe/change options):
>>>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>>> >> >
>>>> >>
>>>> >>
>>>> >>
>>>> >> ------------------------------------------------------------------------------
>>>> >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>>>> >> from Actuate! Instantly Supercharge Your Business Reports and
>>>> Dashboards
>>>> >> with Interactivity, Sharing, Native Excel Exports, App Integration &
>>>> >> more
>>>> >> Get technology previously reserved for billion-dollar corporations,
>>>> FREE
>>>> >> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>>>> >> -----
>>>> >> squirrelmail-users mailing list
>>>> >> Posting guidelines: http://squirrelmail.org/postingguidelines
>>>> >> List address: [hidden email]
>>>> >> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>>> >> List info (subscribe/unsubscribe/change options):
>>>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>>> >>
>>>> >
>>>> > ------------------------------------------------------------------------------
>>>> > Dive into the World of Parallel Programming The Go Parallel Website,
>>>> > sponsored
>>>> > by Intel and developed in partnership with Slashdot Media, is your
>>>> hub for
>>>> > all
>>>> > things parallel software development, from weekly thought leadership
>>>> blogs
>>>> > to
>>>> > news, videos, case studies, tutorials and more. Take a look and join
>>>> the
>>>> > conversation now. http://goparallel.sourceforge.net/
>>>> > -----
>>>> > squirrelmail-users mailing list
>>>> > Posting guidelines: http://squirrelmail.org/postingguidelines
>>>> > List address: [hidden email]
>>>> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>>> > List info (subscribe/unsubscribe/change options):
>>>> > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>>> >
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Dive into the World of Parallel Programming The Go Parallel Website,
>>>> sponsored
>>>> by Intel and developed in partnership with Slashdot Media, is your hub
>>>> for all
>>>> things parallel software development, from weekly thought leadership
>>>> blogs to
>>>> news, videos, case studies, tutorials and more. Take a look and join
>>>> the
>>>> conversation now. http://goparallel.sourceforge.net/
>>>> -----
>>>> squirrelmail-users mailing list
>>>> Posting guidelines: http://squirrelmail.org/postingguidelines
>>>> List address: [hidden email]
>>>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>>> List info (subscribe/unsubscribe/change options):
>>>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Dive into the World of Parallel Programming The Go Parallel Website,
>>> sponsored
>>> by Intel and developed in partnership with Slashdot Media, is your hub
>>> for all
>>> things parallel software development, from weekly thought leadership
>>> blogs to
>>> news, videos, case studies, tutorials and more. Take a look and join the
>>> conversation now. http://goparallel.sourceforge.net/-----
>>> squirrelmail-users mailing list
>>> Posting guidelines: http://squirrelmail.org/postingguidelines
>>> List address: [hidden email]
>>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>>> List info (subscribe/unsubscribe/change options):
>>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>
>>
>> You don't want SSLv2 or SSLv3 enabled at all...  both are insecure now.
>>
>> -R
>>
>> --
>> ------------------------------------------------------------------------
>>  Rich Hall
>>  [hidden email]
>>  http://www.netlynx.us/rich/
>>  ham radio: kf6arx
>> ------------------------------------------------------------------------
>>  Some people are like slinkies.. Not really good for anything useful,
>>  but they bring a smile to your face when pushed down the stairs.
>> ------------------------------------------------------------------------
>>  And remember - if it ain't broke, hit it again.
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for
>> all
>> things parallel software development, from weekly thought leadership blogs
>> to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> -----
>> squirrelmail-users mailing list
>> Posting guidelines: http://squirrelmail.org/postingguidelines
>> List address: [hidden email]
>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> List info (subscribe/unsubscribe/change options):
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>
>
>
> Warren Mitchell - Director
> AC Medical International Pty Ltd
> mob. 0412 264 594
> www.acmedint.com
>


-R

--
------------------------------------------------------------------------
 Rich Hall
 [hidden email]
 http://www.netlynx.us/rich/
 ham radio: kf6arx
------------------------------------------------------------------------
 Some people are like slinkies.. Not really good for anything useful,
 but they bring a smile to your face when pushed down the stairs.
------------------------------------------------------------------------
 And remember - if it ain't broke, hit it again.


------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Roaming email broke with update to fedora 21

Paul Lesniewski
In reply to this post by David Highley
Sorry for the late reply (and top post), but it also could be that you
need to fine tune the SSL context.  You can do so by specifying
$imap_stream_options in config/config_local.php.  The documentation
for this setting can be found in the example config_local for 1.5.2
here:

http://sourceforge.net/p/squirrelmail/code/HEAD/tree/trunk/squirrelmail/config/config_local.example.php

The setting should do the same thing in 1.4.23.  Also note there is a
setting there for the SMTP side as well.


On 2/25/15, David Highley <[hidden email]> wrote:

> "=?utf-8?B?IlTDs3RoIEF0dGlsYSI=?= wrote:"
>>
>> The error message speaks for itself. Check dovecot's ssl configuration
>> settings. Especially ssl_cipher_list in conf.d/10-ssl.conf
>
> The file has no list defined, just these comments.
> # SSL ciphers to use
> # #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
>
> Looks like SSLv2 is disabled. What does squirrelmail need?
>
>> http://wiki2.dovecot.org/SSL/DovecotConfiguration
>> --
>> dr Tóth Attila, Radiológus, 06-20-825-8057
>> Attila Toth MD, Radiologist, +36-20-825-8057
>>
>> 2015.Február 24.(K) 05:59 időpontban David Highley ezt írta:
>> > "David Highley wrote:"
>> >>
>> >> "Paul Lesniewski wrote:"
>> >> >
>> >> > On Sunday, February 22, 2015, David Highley <
>> >> > [hidden email]> wrote:
>> >> >
>> >> > > Description of the setup; remote access for email via web server
>> >> with
>> >> > > squirrelmail and dovecot. Configured to use imap port 993 and smtp
>> >> tls.
>> >> > > Email resides on another internal email server. This has been
>> >> working
>> >> > > for many years and was working on fedora 20. After new install of
>> >> web
>> >> > > server to fedora 21 and an update to the email server to fedora 21
>> >> the
>> >> > > roaming email access has been broken; Error connecting to IMAP
>> >> server:
>> >> > > tls://mail.  0 :
>> >> >
>> >> >
>> >> > It appears to be trying to connect to a hostname without the rest of
>> >> your
>> >> > domain. This corresponds to your IMAP server address of just 'mail'
>> >>
>> >> That was a mistake, but should have worked anyway with the host alias
>> >> in
>> >> the host file.
>> >>
>> >> We installed thunderbird to help with testing and have made some
>> >> progress. We are able to use 993 imap access for reading email and
>> >> modified the web server so it can send email after we found that the
>> >> email server rejects any type of relaying. Bit confused as to how this
>> >> appeared to work in the past.
>> >>
>> >> So we changed the config_local.php file not to use imap_tls or
>> >> smtp_tls
>> >> and now we see a very long conncecting followed by the error message:
>> >> ERROR: Connection dropped by IMAP server.
>> >>
>> >> We have checked the journalctl logs on both hosts and neither log
>> >> anything. We do see the web ssl access and request.
>> >
>> > We are still learning how to find information with journalctl. We see
>> > the error below and have tried several different things that seemed to
>> > fix this issue for others but so far we are not able to make this work.
>> >
>> > The error:
>> > dovecot[1857]: imap-login: Disconnected (no auth attempts in 60 secs):
>> > user=<>, rip=10.2.2.3, lip=10.2.2.7, TLS handshaking: SSL_accept()
>> > failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
>> > protocol, session=<yhak9c0PTwAKAgID>
>> >
>> > Since we are using 993 with thunderbird which also uses dovecot why
>> > would it not work for squirrelmail?
>> >
>> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > Paul Lesniewski
>> >> > SquirrelMail Team
>> >> > Please support Open Source Software by donating to SquirrelMail!
>> >> > http://squirrelmail.org/donate_paul_lesniewski.php
>> >> > ------------------------------------------------------------------------------
>> >> > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> >> > from Actuate! Instantly Supercharge Your Business Reports and
>> >> Dashboards
>> >> > with Interactivity, Sharing, Native Excel Exports, App Integration &
>> >> more
>> >> > Get technology previously reserved for billion-dollar corporations,
>> >> FREE
>> >> > http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> >> > -----
>> >> > squirrelmail-users mailing list
>> >> > Posting guidelines: http://squirrelmail.org/postingguidelines
>> >> > List address: [hidden email]
>> >> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> >> > List info (subscribe/unsubscribe/change options):
>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >> >
>> >>
>> >>
>> >>
>> >> ------------------------------------------------------------------------------
>> >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
>> >> from Actuate! Instantly Supercharge Your Business Reports and
>> >> Dashboards
>> >> with Interactivity, Sharing, Native Excel Exports, App Integration &
>> >> more
>> >> Get technology previously reserved for billion-dollar corporations,
>> >> FREE
>> >> http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk
>> >> -----
>> >> squirrelmail-users mailing list
>> >> Posting guidelines: http://squirrelmail.org/postingguidelines
>> >> List address: [hidden email]
>> >> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> >> List info (subscribe/unsubscribe/change options):
>> >> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >>
>> >
>> > ------------------------------------------------------------------------------
>> > Dive into the World of Parallel Programming The Go Parallel Website,
>> > sponsored
>> > by Intel and developed in partnership with Slashdot Media, is your hub
>> > for
>> > all
>> > things parallel software development, from weekly thought leadership
>> > blogs
>> > to
>> > news, videos, case studies, tutorials and more. Take a look and join
>> > the
>> > conversation now. http://goparallel.sourceforge.net/
>> > -----
>> > squirrelmail-users mailing list
>> > Posting guidelines: http://squirrelmail.org/postingguidelines
>> > List address: [hidden email]
>> > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> > List info (subscribe/unsubscribe/change options):
>> > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>> >
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub for
>> all
>> things parallel software development, from weekly thought leadership blogs
>> to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> -----
>> squirrelmail-users mailing list
>> Posting guidelines: http://squirrelmail.org/postingguidelines
>> List address: [hidden email]
>> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
>> List info (subscribe/unsubscribe/change options):
>> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>>
>
>


--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users