I'm not running any A/V software, and the same version of dovecot on servers with CA signed certs (komodo) - the client connects to them just fine. On 09/25/2017 01:40 PM, Tony wrote:> It does look like a client issue. Do you also have some kind of AV > running? There are some AV software that can sometimes interfere with > mail sessions. See if you might be running into a similar situation: > https://support.mozilla.org/en-US/questions/1066126 > > Cheers, > -- > TC > > On 9/25/17 1:27 PM, Michael A. Peters wrote: >> I use dovecot on several servers. One of them uses a self-signed cert, >> it's just me. >> >> It worked fine until yesterday when I upgraded my desktop (NOT the >> server) to CentOS 7.4 >> >> Now thunderbird complains when it starts up, and won't let me confirm >> the security exception. >> >> On the server the following error occurs in the log: >> >> Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth >> attempts in 1 secs): user=<>, >> rip=2600:1010:b064:f260:e83e:562d:2316:18df, >> lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept() >> failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert >> unknown ca: SSL alert number 48, >> session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf> >> >> I believe this is a client issue, as it worked just fine in CentOS 7.3 >> client, but I am hoping this has been seen and fixed before.
Definitely client issue, connecting via evolution works just fine. So I suppose it is off the the thunderbird list. I like thunderbird better. Only plugin I use is dkim validator and when I started thunderbird w/o extensions - still had same issue. But I think it is definitely not a dovecot problem. On 09/25/2017 01:49 PM, Michael A. Peters wrote:> I'm not running any A/V software, and the same version of dovecot on > servers with CA signed certs (komodo) - the client connects to them just > fine. > > On 09/25/2017 01:40 PM, Tony wrote: >> It does look like a client issue. Do you also have some kind of AV >> running? There are some AV software that can sometimes interfere with >> mail sessions. See if you might be running into a similar situation: >> https://support.mozilla.org/en-US/questions/1066126 >> >> Cheers, >> -- >> TC >> >> On 9/25/17 1:27 PM, Michael A. Peters wrote: >>> I use dovecot on several servers. One of them uses a self-signed cert, >>> it's just me. >>> >>> It worked fine until yesterday when I upgraded my desktop (NOT the >>> server) to CentOS 7.4 >>> >>> Now thunderbird complains when it starts up, and won't let me confirm >>> the security exception. >>> >>> On the server the following error occurs in the log: >>> >>> Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth >>> attempts in 1 secs): user=<>, >>> rip=2600:1010:b064:f260:e83e:562d:2316:18df, >>> lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept() >>> failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert >>> unknown ca: SSL alert number 48, >>> session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf> >>> >>> I believe this is a client issue, as it worked just fine in CentOS 7.3 >>> client, but I am hoping this has been seen and fixed before.
Hello Micheal, this reminds me of something, that I experienced in the past. Why would the server! complain "Unknown CA"? To test inspect the communication with wireshark and look if the client sends a cert; or: $ echo "a001 LOGOUT" | openssl s_client -msg -connect your.server:993 and grep for "CertificateRequest". Do you have a certificate configured in your mailclient Thunderbird but not in Evolution? HTH Peter Am 2017-09-26 um 00:08 schrieb Michael A. Peters:> Definitely client issue, connecting via evolution works just fine. > > So I suppose it is off the the thunderbird list. I like thunderbird better. > > Only plugin I use is dkim validator and when I started thunderbird w/o > extensions - still had same issue. > > But I think it is definitely not a dovecot problem. > > On 09/25/2017 01:49 PM, Michael A. Peters wrote: >> I'm not running any A/V software, and the same version of dovecot on >> servers with CA signed certs (komodo) - the client connects to them >> just fine. >> >> On 09/25/2017 01:40 PM, Tony wrote: >>> It does look like a client issue. Do you also have some kind of AV >>> running? There are some AV software that can sometimes interfere with >>> mail sessions. See if you might be running into a similar situation: >>> https://support.mozilla.org/en-US/questions/1066126 >>> >>> Cheers, >>> -- >>> TC >>> >>> On 9/25/17 1:27 PM, Michael A. Peters wrote: >>>> I use dovecot on several servers. One of them uses a self-signed cert, >>>> it's just me. >>>> >>>> It worked fine until yesterday when I upgraded my desktop (NOT the >>>> server) to CentOS 7.4 >>>> >>>> Now thunderbird complains when it starts up, and won't let me confirm >>>> the security exception. >>>> >>>> On the server the following error occurs in the log: >>>> >>>> Sep 25 20:17:49 librelamp dovecot: imap-login: Disconnected (no auth >>>> attempts in 1 secs): user=<>, >>>> rip=2600:1010:b064:f260:e83e:562d:2316:18df, >>>> lip=2600:3c01::f03c:91ff:fee4:310c, TLS handshaking: SSL_accept() >>>> failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert >>>> unknown ca: SSL alert number 48, >>>> session=<u7agQAlasK8mABAQsGTyYOg+Vi0jFhjf> >>>> >>>> I believe this is a client issue, as it worked just fine in CentOS 7.3 >>>> client, but I am hoping this has been seen and fixed before