I am trying to backup a gmail account (not the one I am writing from)
to dovecot, using doveadm-backup and imapc, but am having ssl
connection problems.
ted at expectation:~# doveadm backup -D -R -u ted imapc:
dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
74.125.71.108:993 (local 10.7.1.179:53852)
dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected
unexpectedly: SSL_connect() failed: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert
number 40 - reconnecting (delay 0 ms)
dsync(ted): Info: imapc(imap.gmail.com:993): Connected to
74.125.71.109:993 (local 10.7.1.179:59052)
dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected
unexpectedly: SSL_connect() failed: error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert
number 40 - disconnecting
dsync(ted): Error: User initialization failed: imapc: Login to
imap.gmail.com failed: Disconnected from serv
I am using dovecot version 2.2.33.2 on ubuntu, with the
configuration below.
I have also enabled "allow access from unsecure apps" in my
gmail settings.
My first thought looking at the error messages was has that
perhaps doveadm-backup was trying to connect with ssl3, which
is no longer supported by gmail or anyone else nowadays.
But apparently the ssl3_read_bytes function in openssl also
handles tls, so the reference to ssl3 in the message is
misleading, and the real problem must be elsewhere.
If anyone can help me debug this I'd be grateful.
Many thanks,?
Ben
root at expectation:/etc/dovecot# doveconf -N
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-91-generic x86_64 Ubuntu 18.04.4 LTS?
auth_mechanisms = plain
imapc_features = rfc822.size gmail-migration fetch-headers
imapc_host = imap.gmail.com
imapc_password =??# hidden, use -P to show it
imapc_port = 993
imapc_ssl = imaps
imapc_ssl_verify = no
imapc_user = MY_GMAIL_ADDRESS
mail_location = maildir:~/Maildir
mail_prefetch_count = 20
mail_privileged_group = mail
namespace inbox {
? inbox = yes
? location =?
? mailbox Drafts {
????special_use = \Drafts
? }
? mailbox Junk {
????special_use = \Junk
? }
? mailbox Sent {
????special_use = \Sent
? }
? mailbox "Sent Messages" {
????special_use = \Sent
? }
? mailbox Trash {
????special_use = \Trash
? }
? prefix =?
}
passdb {
? driver = pam
? name =?
}
protocols = " imap"
ssl = yes
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL
ssl_client_ca_dir = /etc/ssl/certs
ssl_key =??# hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv3
userdb {
? driver = passwd
? name =?
}
> On 30/03/2020 22:11 Ben Mulvihill <ben.mulvihill at gmail.com> wrote: > > > I am trying to backup a gmail account (not the one I am writing from) > to dovecot, using doveadm-backup and imapc, but am having ssl > connection problems. > > ted at expectation:~# doveadm backup -D -R -u ted imapc: > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > 74.125.71.108:993 (local 10.7.1.179:53852) > dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected > unexpectedly: SSL_connect() failed: error:14094410:SSL > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > number 40 - reconnecting (delay 0 ms) > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > 74.125.71.109:993 (local 10.7.1.179:59052) > dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected > unexpectedly: SSL_connect() failed: error:14094410:SSL > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > number 40 - disconnecting > dsync(ted): Error: User initialization failed: imapc: Login to > imap.gmail.com failed: Disconnected from serv > > > I am using dovecot version 2.2.33.2 on ubuntu, with the > configuration below. > I have also enabled "allow access from unsecure apps" in my > gmail settings. > > My first thought looking at the error messages was has that > perhaps doveadm-backup was trying to connect with ssl3, which > is no longer supported by gmail or anyone else nowadays. > But apparently the ssl3_read_bytes function in openssl also > handles tls, so the reference to ssl3 in the message is > misleading, and the real problem must be elsewhere. > > If anyone can help me debug this I'd be grateful. > > Many thanks,? > Ben > > root at expectation:/etc/dovecot# doveconf -N > # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.confHi! This is very old version of dovecot so this could be a bug that has been fixed in more recent version. Can you verify that you have the required CA certs with openssl s_client -connect imap.gmail.com:993 -servername imap.gmail.com -CApath /etc/ssl/certs and make sure the cert gets validated by openssl. If it does, then you should probably consider upgrading to some more recent version. We provide packages at https://repo.dovecot.org if you are able to upgrade. Aki
On Tue, 2020-03-31 at 09:06 +0300, Aki Tuomi wrote:> > > > On 30/03/2020 22:11 Ben Mulvihill <ben.mulvihill at gmail.com> wrote: > > > > ? > > I am trying to backup a gmail account (not the one I am writing > > from) > > to dovecot, using doveadm-backup and imapc, but am having ssl > > connection problems. > > > > ted at expectation:~# doveadm backup -D -R -u ted imapc: > > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > > 74.125.71.108:993 (local 10.7.1.179:53852) > > dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected > > unexpectedly: SSL_connect() failed: error:14094410:SSL > > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > > number 40 - reconnecting (delay 0 ms) > > dsync(ted): Info: imapc(imap.gmail.com:993): Connected to > > 74.125.71.109:993 (local 10.7.1.179:59052) > > dsync(ted): Error: imapc(imap.gmail.com:993): Server disconnected > > unexpectedly: SSL_connect() failed: error:14094410:SSL > > routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert > > number 40 - disconnecting > > dsync(ted): Error: User initialization failed: imapc: Login to > > imap.gmail.com failed: Disconnected from serv > > > > > > I am using dovecot version 2.2.33.2 on ubuntu, with the > > configuration below. > > I have also enabled "allow access from unsecure apps" in my > > gmail settings. > > > > My first thought looking at the error messages was has that > > perhaps doveadm-backup was trying to connect with ssl3, which > > is no longer supported by gmail or anyone else nowadays. > > But apparently the ssl3_read_bytes function in openssl also > > handles tls, so the reference to ssl3 in the message is > > misleading, and the real problem must be elsewhere. > > > > If anyone can help me debug this I'd be grateful. > > > > Many thanks,? > > Ben > > > > root at expectation:/etc/dovecot# doveconf -N > > # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf > Hi! > > This is very old version of dovecot so this could be a bug that has > been fixed in more recent version. > > Can you verify that you have the required CA certs with > > openssl s_client -connect imap.gmail.com:993 -servername > imap.gmail.com -CApath /etc/ssl/certs > > and make sure the cert gets validated by openssl. > > If it does, then you should probably consider upgrading to some more > recent version. We provide packages at https://repo.dovecot.org if > you are able to upgrade. > > AkiHi Aki! I checked the CA certificate and it was validated OK, so I followed your suggestion and installed dovecot version 2.3.10 from the dovecot repository (the version I was using previously was the latest available in my distribution). The ssl handshake now completes successfully. I have hit? further problems later in the process, but I'll investigate myself first and then maybe post again with the details if I am still stuck. Thank you for your help! Ben