Dennis Clarke
2010-Jul-06 00:15 UTC
[Dovecot] Jul 06 00:06:15 dict: Error: dict client: Broken handshake
After building and install dovecot I then made my own self signed SSL
certs and placed them carefully into the correct places :
Thus :
# grep -v "^#" dovecot-openssl.cnf | grep -v "^$"
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
C=CA
ST=Ontario
L=Toronto
O=Blastwave
OU=IMAP server
CN=titan.blastwave.org
emailAddress=postmaster at blastwave.org
[ cert_type ]
nsCertType = server
# /opt/csw/bin/openssl req -new -x509 -nodes -config ./dovecot-openssl.cnf
-out /etc/opt/csw/dovecot/certs/dovecot.pem -keyout
/etc/opt/csw/dovecot/private/dovecot.pem -days 365
Generating a 1024 bit RSA private key
...........................++++++
....................++++++
writing new private key to '/etc/opt/csw/dovecot/private/dovecot.pem'
-----
# ls -l /etc/opt/csw/dovecot/certs/dovecot.pem
/etc/opt/csw/dovecot/private/dovecot.pem
-rw-r--r-- 1 root other 1050 Jul 5 23:58
/etc/opt/csw/dovecot/certs/dovecot.pem
-rw-r--r-- 1 root other 887 Jul 5 23:58
/etc/opt/csw/dovecot/private/dovecot.pem
#
I then checked things out with a dovecot -n :
# /opt/csw/sbin/dovecot -n
# 1.2.12: /etc/opt/csw/dovecot/dovecot.conf
Warning: fd limit 256 is lower than what Dovecot can use under full load
(more than 576). Either grow the limit or change login_max_processes_count
and max_mail_processes settings
# OS: SunOS 5.8 i86pc
base_dir: /var/opt/csw/dovecot/
log_path: /var/opt/csw/dovecot/error.log
info_log_path: /var/opt/csw/dovecot/message.log
ssl_cert_file: /etc/opt/csw/dovecot/certs/dovecot.pem
ssl_key_file: /etc/opt/csw/dovecot/private/dovecot.pem
login_dir: /var/opt/csw/dovecot
login_executable: /opt/csw/libexec/dovecot/imap-login
login_greeting: Dovecot from Blastwave.org is ready.
login_max_processes_count: 64
mail_location: mbox:%h/mail:INBOX=/var/mail/%u
auth default:
passdb:
driver: pam
userdb:
driver: passwd
Other than the warning it looks ready to run.
I fire up the init script :
# /etc/opt/csw/init.d/cswdovecot start
dovecot service starting.
ps -ef confirms that things are happening :
# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Jun 15 ? 0:16 sched
root 1 0 0 Jun 15 ? 0:24 /etc/init -
root 2 0 0 Jun 15 ? 0:00 pageout
root 3 0 0 Jun 15 ? 10:37 fsflush
root 331 1 0 Jun 15 ? 0:00 /usr/lib/saf/sac -t 300
root 334 331 0 Jun 15 ? 0:00 /usr/lib/saf/ttymon
root 153 1 0 Jun 15 ? 0:00 /usr/sbin/rpcbind
root 392 196 0 Jun 16 ? 0:00 in.telnetd
root 75 1 0 Jun 15 ? 0:00 /usr/lib/sysevent/syseventd
root 149 1 0 Jun 15 ? 0:43 /usr/lib/ldap/ldap_cachemgr
root 199 1 0 Jun 15 ? 0:00 /usr/lib/autofs/automountd
root 156 1 0 Jun 15 ? 0:00 /usr/sbin/keyserv
root 196 1 0 Jun 15 ? 0:00 /usr/sbin/inetd -s
daemon 198 1 0 Jun 15 ? 0:00 /usr/lib/nfs/statd
root 234 1 0 Jun 15 ? 0:08 /usr/lib/inet/xntpd
root 226 1 0 Jun 15 ? 0:00 /usr/sbin/cron
root 202 199 0 Jun 15 ? 0:42 /usr/lib/autofs/automountd
root 194 1 0 Jun 15 ? 0:00 /usr/lib/nfs/lockd
root 239 1 0 Jun 15 ? 0:00 /usr/lib/lpsched
root 266 265 0 Jun 15 ? 0:00 /usr/sbin/cs00
root 251 1 0 Jun 15 ? 0:00 /usr/lib/power/powerd
root 265 1 0 Jun 15 ? 0:00 /usr/sbin/cssd
root 225 1 0 Jun 15 ? 0:00 /usr/sbin/syslogd
root 267 1 0 Jun 15 ? 0:00 /usr/bin/fgd
root 264 1 0 Jun 15 ? 0:00 /usr/lib/utmpd
root 290 288 0 Jun 15 ? 0:00 htt_server -port 9010
-syslog -message_locale C
root 275 1 0 Jun 15 ? 0:00
/usr/lib/locale/ja/wnn/dpkeyserv
root 281 1 0 Jun 15 ? 0:00 /usr/lib/locale/ja/wnn/jserver
root 282 281 0 Jun 15 ? 0:00
/usr/lib/locale/ja/wnn/jserver_m
root 288 1 0 Jun 15 ? 0:00 /usr/lib/im/htt -port 9010
-syslog -message_locale C
root 297 1 0 Jun 15 ? 0:00
/usr/lib/locale/ja/atokserver/atokmngdaemon
root 320 317 0 Jun 15 ? 6:33 mibiisa -r -p 3200
root 5500 1 0 Jun 16 console 0:00 -sh
root 317 1 0 Jun 15 ? 0:00 /usr/lib/snmp/snmpdx -y -c
/etc/snmp/conf
root 325 1 0 Jun 15 ? 0:00 /usr/lib/dmi/snmpXdmid -s
titan
root 324 1 0 Jun 15 ? 0:00 /usr/lib/dmi/dmispd
root 11633 11624 0 00:02:40 ? 0:00 dovecot-auth -w
root 11624 1 1 00:02:39 ? 0:00 /opt/csw/sbin/dovecot -c
/etc/opt/csw/dovecot/dovecot.conf
sysadmin 394 392 0 Jun 16 pts/1 0:09 -sh
root 10182 5500 0 Jun 19 console 0:00 /opt/csw/bin/bash
dclarke 10759 10717 0 18:02:33 pts/2 0:01 /opt/csw/bin/bash
root 16188 16185 0 Jun 23 pts/3 0:01 -sh
root 10713 10703 0 18:01:21 ? 0:02 /opt/csw/sbin/sshd -f
/etc/opt/csw/ssh/sshd_config -R
root 11626 11624 0 00:02:39 ? 0:00 dovecot-auth
dovecot 11629 11624 2 00:02:40 ? 0:01 imap-login
root 11635 16188 1 00:02:44 pts/3 0:00 ps -ef
root 10703 1 0 17:56:08 ? 0:00 /opt/csw/sbin/sshd -f
/etc/opt/csw/ssh/sshd_config
root 11634 11624 0 00:02:40 ? 0:00 dovecot-auth -w
dclarke 10717 10715 0 18:01:38 pts/2 0:00 -sh
dovecot 11628 11624 2 00:02:40 ? 0:01 imap-login
root 11631 11624 5 00:02:40 ? 0:02 dict
dclarke 10715 10713 0 18:01:37 ? 0:14 /opt/csw/sbin/sshd -f
/etc/opt/csw/ssh/sshd_config -R
root 11627 11624 0 00:02:40 ? 0:00 dovecot-auth -w
root 11625 11624 11 00:02:39 ? 0:05 ssl-build-param
/var/opt/csw/dovecot/lib/dovecot/ssl-parameters.dat
dovecot 11630 11624 2 00:02:40 ? 0:01 imap-login
root 10175 1 0 Jun 19 ? 0:00 /opt/trustedhost/sbin/sshd
-f /opt/trustedhost/etc/ssh/sshd_config
root 11632 11624 0 00:02:40 ? 0:00 dovecot-auth -w
I look in the area for logging and see :
# ls -lap /var/opt/csw/dovecot/
total 7292
drwxr-x--- 3 root dovecot 512 Jul 6 00:02 ./
drwxr-xr-x 6 root bin 512 Jul 5 23:40 ../
srw------- 1 root other 0 Jul 6 00:02 auth-worker.11626
srw-rw---- 1 root dovecot 0 Jul 6 00:02 default
srwxrwxrwx 1 root other 0 Jul 6 00:02 dict-server
lrwxrwxrwx 1 root other 33 Jul 6 00:02 dovecot.conf ->
/etc/opt/csw/dovecot/dovecot.conf
-rw------- 1 root other 3720949 Jul 6 00:04 error.log
drwxr-x--- 3 root other 512 Jul 6 00:02 lib/
-rw------- 1 root other 6 Jul 6 00:02 master.pid
-rw------- 1 root other 171 Jul 6 00:02 message.log
Why is there a symlink to the dovecot.conf I have no idea but far more
intersting is the very large error.log.
# tail -f /var/opt/csw/dovecot/error.log
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
Jul 06 00:04:35 dict: Error: dict client: Broken handshake
.
.
.
many many lines.
About 100,000 lines of that.
The message.log looks innocent :
# cat /var/opt/csw/dovecot/message.log
Jul 06 00:02:39 dovecot: Info: Dovecot v1.2.12 starting up
Jul 06 00:02:39 dovecot: Info: Generating Diffie-Hellman parameters for
the first time. This may take a while..
What's up with that "Broken handshake" ??
--
Dennis
Timo Sirainen
2010-Jul-06 00:33 UTC
[Dovecot] Jul 06 00:06:15 dict: Error: dict client: Broken handshake
On 6.7.2010, at 1.15, Dennis Clarke wrote:> base_dir: /var/opt/csw/dovecot/ > login_dir: /var/opt/csw/dovecotThese must not be the same. Just use the default for login_dir, it defaults under base_dir. (I thought I already added a check against this .. oh well, v2.0 won't let you specify login_dir at all anymore.)
Dennis Clarke
2010-Jul-06 00:41 UTC
[Dovecot] Jul 06 00:06:15 dict: Error: dict client: Broken handshake
> > On 6.7.2010, at 1.15, Dennis Clarke wrote: > >> base_dir: /var/opt/csw/dovecot/ >> login_dir: /var/opt/csw/dovecot > > These must not be the same. Just use the default for login_dir, it > defaults under base_dir. (I thought I already added a check against this > .. oh well, v2.0 won't let you specify login_dir at all anymore.) >fixed ! awesome software ... now I'll test this in a production machine and see how things go :-) -- Dennis