Displaying 20 results from an estimated 105 matches for "tcps".
Did you mean:
tcp
2020 Nov 18
0
Dovecot Replication Errors (only) when using tcps: as the mail_replica Protocol
Hello,
I have two mail servers and am also experiencing sporadic replication
errors over tcps, similar to Reuben. Each server is running Dovecot
2.3.11.3 (502c39af9) on Debian 10.6.
*Log entries from MX1*
Nov 18 00:39:26 mx1 dovecot:
dsync-local(user at example.com)<Ow3zAjWxtF+TDgAAPHKnuQ>: Error:
dsync(mx2.example.com): I/O has stalled, no activity for 600 seconds
(last sent=mai...
2020 Jun 13
2
Dovecot Replication Errors (only) when using tcps: as the mail_replica Protocol
...g errors logged for some time with replication processes,
whereby replication sessions seem to be timing out periodically.
This is with dovecot version 2.3.10.1 (a3d0e1171) and both are Gentoo
x86_64.
After some investigation I've determined that these timeouts are only
ever occurring with tcps as the replication connection type. These
errors never occur if non-encrypted tcp is configured. I've been able
to validate this by changing only the replica_type on both ends of the
replication configuration to tcp, and with no other changes and after a
few days of operation there is not...
2017 Feb 03
4
Dovecot dsync 'ssl_client_ca'
...</etc/ssl/private/private.key
ssl_cert = </etc/ssl/certs/key.crt
ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem
# Create a listener for doveadm-server
service doveadm {
user = vmail
inet_listener {
port = 12345
ssl= yes
}
}
and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port
And now:
Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long
Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters f...
2017 Feb 03
3
Dovecot dsync 'ssl_client_ca'
...3
ssl = required
verbose_ssl = no
ssl_key = </etc/ssl/private/private.key
ssl_cert = </etc/ssl/certs/key.crt
ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem
This config is working for my email client and my email web
interface ...
Are they on the right order ?
mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd
There is trafic on my iptables rules on my both servers:
60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711
My error message from server1 (main server):
Feb 03 08:38:08 doveadm(user1 at doma...
2017 Jan 05
0
Dovecot dsync tcps sends incomplete certificate chain
...04/2017 08:40 PM, Juri wrote:
>
>> Hi,
>> I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and
>> a valid Let's Encrypt certificate.
>> I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but
>> when I launch the replication it fails writing on the log (/var/log/mail.err):
>> (Server 1 - sync "client" )| Error: sync: Disconnected from remote: Received invalid SSL
>> certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it
>...
2017 Jan 04
3
Dovecot dsync tcps sends incomplete certificate chain
Hi,
I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and
a valid Let's Encrypt certificate.
I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but
when I launch the replication it fails writing on the log (/var/log/mail.err):
(Server 1 - sync "client" )| Error: sync: Disconnected from remote: Received invalid SSL
certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it
(Server 2 - sync "server&q...
2017 Feb 06
2
Dovecot dsync 'ssl_client_ca'
...er
>>>> service doveadm {
>>>> user = vmail
>>>> inet_listener {
>>>> port = 12345
>>>> ssl= yes
>>>> }
>>>> }
>>>>
>>>> and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port
>>>>
>>>> And now:
>>>>
>>>> Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name t...
2017 Oct 13
2
Question regarding replication - duplicate emails
...ed it).
Is there a way to fiddle with the acknowledgement timing or give the processes some more space/time to get on par with eachother?
Below is the configuration of machine B, they are synchronised through puppet, so only the hostname and IP addresses are different.
(so for replication, A has: tcps:hostname_of_b:12346 and B has tcps:hostname_of_a:12346). Also note that HAproxy is prepared but
not in use at all.
# 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.20 (7cd71ba)
# OS: FreeBSD 11.1-RELEASE amd64
auth_mechanisms = plain login
disable_plaintext_auth...
2016 Nov 10
2
service doveadm : ssl problems
...adm_port = 12345", as it would give me errors of the like:
> Fatal: /var/run/dovecot/auth-userdb: Configured passdbs don't support crentials lookups (to see if user is proxied, because doveadm_port is set)
but rather specifying the port in the mail_replica setting : "mail_replica = tcps:my.domain.com:1465"
(following a mail from here : http://www.dovecot.org/list/dovecot/2016-September/105356.html)
So far, this seems to be working for me.
2) However, I'm having ssl problems. I have a let's encrypt certificate, and have concatened the CA cert and my server cert in a f...
2018 Jun 16
0
TCP replication: high connection rate and looping in incomplete state
...r dsync to finish? in dsync-status, constantly flipping between handshake and waiting, for solely 4 out of 10 accounts. Replicator status says 0 requests and 10 total users.
On the source host, replicator status says 4 queued full resyncs, 3 waiting failed and 10 total users.
I already tried both tcps and tcp; activating debug log did not reveal any errors (e.g. SSL). Would be happy for any advice to track this down.
Best regards,
tok
Config source host:
-----
# 2.2.35 (b1cb664): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.23 (b2e41927)
# OS: FreeBSD 11.1-RELEASE-p10 amd64 z...
2017 Jan 06
2
Dovecot dsync tcps sends incomplete certificate chain
On 01/05/2017 08:55 PM, Juri wrote:
> 5 Gennaio 2017 01:21, "John Fawcett" <john at voipsupport.it> wrote:
>
>> On 01/04/2017 08:40 PM, Juri wrote:
>>
>>
> Thank you.
>
> In fact I tried both settings, that is
> |ssl_client_ca_dir = /etc/ssl/certs
> |ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem
> but with no
2017 Oct 21
1
Question regarding replication - duplicate emails
...dle with the acknowledgement timing or give the processes some more space/time to get on par with eachother?
> >
> > Below is the configuration of machine B, they are synchronised through puppet, so only the hostname and IP addresses are different.
> > (so for replication, A has: tcps:hostname_of_b:12346 and B has tcps:hostname_of_a:12346). Also note that HAproxy is prepared but
> > not in use at all.
> >
> > # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf
> > # Pigeonhole version 0.4.20 (7cd71ba)
> > # OS: FreeBSD 11.1-RELEASE amd64
&g...
2017 Feb 03
0
Dovecot dsync 'ssl_client_ca'
...# Create a listener for doveadm-server
>>> service doveadm {
>>> user = vmail
>>> inet_listener {
>>> port = 12345
>>> ssl= yes
>>> }
>>> }
>>>
>>> and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port
>>>
>>> And now:
>>>
>>> Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long
>>...
2015 Jan 16
0
dsync SSL fails since 2.2.15
...p://wiki2.dovecot.org/Replication
After upgrading to 2.2.15, dsync gets stuck with the Error: "Received invalid SSL certificate" even though neither any of the dovecot configs nor the certs, keys or the CA have changed!
When I simply outcomment SSL and switch dsync to use tcp (instead of tcps) everthing replications still works like a charm.
Please help me to get SSL back working!
I did a lot of testing and come up with a concrete QUESTION below, hopefully leading the way out of this trap.
What happend
=============
2 days before I upgraded one of the machines to OSX Yosemite.
Alo...
2013 Apr 06
1
replicator/dsync over tcp
...y to add ssl by activating "ssl = yes" in 'service doveadm' (see above) and adding ...
>>
>> | # used by replicator/dsync over tcp
>> | #
>> | ssl_client_ca_dir = /<path-to>/ssl/certs
>>
>> ... and ...
>>
>> | mail_replica = tcps:SERVER-A.TLD
>>
>> But, this didn't work (logfile at remote server):
>>
>> | dovecot: doveadm(test): Invalid certificate: self signed certificate: /OU=dovecot server/CN=OTHER-NAME.TLD/emailAddress=postmaster at OTHER-NAME.TLD
>> | dovecot: doveadm(test): Error: S...
2017 Feb 06
0
Dovecot dsync 'ssl_client_ca'
...adm {
>>>>> user = vmail
>>>>> inet_listener {
>>>>> port = 12345
>>>>> ssl= yes
>>>>> }
>>>>> }
>>>>>
>>>>> and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port
>>>>>
>>>>> And now:
>>>>>
>>>>> Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:f...
2017 Oct 20
0
Question regarding replication - duplicate emails
...re a way to fiddle with the acknowledgement timing or give the processes some more space/time to get on par with eachother?
>
> Below is the configuration of machine B, they are synchronised through puppet, so only the hostname and IP addresses are different.
> (so for replication, A has: tcps:hostname_of_b:12346 and B has tcps:hostname_of_a:12346). Also note that HAproxy is prepared but
> not in use at all.
>
> # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.20 (7cd71ba)
> # OS: FreeBSD 11.1-RELEASE amd64
> auth_mechanisms = plai...
2017 Mar 18
0
replication issues between to nodes
...nfigurations;
--- tmp1.txt 2017-03-18 15:18:41.000000000 +0100
+++ tmp2.txt 2017-03-18 15:18:56.000000000 +0100
@@ -55,7 +55,7 @@
imapsieve_mailbox2_name = *
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid size
- mail_replica = tcps:mail.jr-hosting.nl:12346
+ mail_replica = tcps:mail2.jr-hosting.nl:12346
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve
@@ -105,7 +105,7 @@
}
service lmtp {
inet_listener lmtp {
- address = XXX/X 127.0.0.1 ::1
+ address = YYYY/...
2017 Feb 03
0
Dovecot dsync 'ssl_client_ca'
...etc/ssl/certs/GandiStandardSSLCA2.pem
I think it should be ssl_client_ca_file =
</etc/ssl/certs/GandiStandardSSLCA2.pem for you.
>
> This config is working for my email client and my email web
> interface ...
>
> Are they on the right order ?
>
> mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd
>
> There is trafic on my iptables rules on my both servers:
>
> 60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711
>
>
>
> My error message from server1 (main server):
>...
2019 Nov 20
0
[SOLVED] Doveadm replicator ssl issues
Solved, thank you! TCPS was the problem.
Hi!
You need to use tcps in mail_replica.
Aki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20191120/c12c2d31/attachment.html>