search for: tcps

Hello, I have two mail servers and am also experiencing sporadic replication errors over tcps, similar to Reuben. Each server is running Dovecot 2.3.11.3 (502c39af9) on Debian 10.6. *Log entries from MX1* Nov 18 00:39:26 mx1 dovecot: dsync-local(user at example.com)<Ow3zAjWxtF+TDgAAPHKnuQ>: Error: dsync(mx2.example.com): I/O has stalled, no activity for 600 seconds (last sent=mai...

...g errors logged for some time with replication processes, whereby replication sessions seem to be timing out periodically. This is with dovecot version 2.3.10.1 (a3d0e1171) and both are Gentoo x86_64. After some investigation I've determined that these timeouts are only ever occurring with tcps as the replication connection type. These errors never occur if non-encrypted tcp is configured. I've been able to validate this by changing only the replica_type on both ends of the replication configuration to tcp, and with no other changes and after a few days of operation there is not...

...</etc/ssl/private/private.key ssl_cert = </etc/ssl/certs/key.crt ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem # Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 ssl= yes } } and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port And now: Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters f...

...3 ssl = required verbose_ssl = no ssl_key = </etc/ssl/private/private.key ssl_cert = </etc/ssl/certs/key.crt ssl_ca = </etc/ssl/certs/GandiStandardSSLCA2.pem This config is working for my email client and my email web interface ... Are they on the right order ? mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd There is trafic on my iptables rules on my both servers: 60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711 My error message from server1 (main server): Feb 03 08:38:08 doveadm(user1 at doma...

...04/2017 08:40 PM, Juri wrote: > >> Hi, >> I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and >> a valid Let's Encrypt certificate. >> I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but >> when I launch the replication it fails writing on the log (/var/log/mail.err): >> (Server 1 - sync "client" )| Error: sync: Disconnected from remote: Received invalid SSL >> certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it >...

Hi, I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and a valid Let's Encrypt certificate. I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but when I launch the replication it fails writing on the log (/var/log/mail.err): (Server 1 - sync "client" )| Error: sync: Disconnected from remote: Received invalid SSL certificate: unable to get local issuer certificate: /CN=mail.dividebyzero.it (Server 2 - sync "server&q...

...er >>>> service doveadm { >>>> user = vmail >>>> inet_listener { >>>> port = 12345 >>>> ssl= yes >>>> } >>>> } >>>> >>>> and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port >>>> >>>> And now: >>>> >>>> Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name t...

...ed it). Is there a way to fiddle with the acknowledgement timing or give the processes some more space/time to get on par with eachother? Below is the configuration of machine B, they are synchronised through puppet, so only the hostname and IP addresses are different. (so for replication, A has: tcps:hostname_of_b:12346 and B has tcps:hostname_of_a:12346). Also note that HAproxy is prepared but not in use at all. # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.20 (7cd71ba) # OS: FreeBSD 11.1-RELEASE amd64 auth_mechanisms = plain login disable_plaintext_auth...

...adm_port = 12345", as it would give me errors of the like: > Fatal: /var/run/dovecot/auth-userdb: Configured passdbs don't support crentials lookups (to see if user is proxied, because doveadm_port is set) but rather specifying the port in the mail_replica setting : "mail_replica = tcps:my.domain.com:1465" (following a mail from here : http://www.dovecot.org/list/dovecot/2016-September/105356.html) So far, this seems to be working for me. 2) However, I'm having ssl problems. I have a let's encrypt certificate, and have concatened the CA cert and my server cert in a f...

...r dsync to finish? in dsync-status, constantly flipping between handshake and waiting, for solely 4 out of 10 accounts. Replicator status says 0 requests and 10 total users. On the source host, replicator status says 4 queued full resyncs, 3 waiting failed and 10 total users. I already tried both tcps and tcp; activating debug log did not reveal any errors (e.g. SSL). Would be happy for any advice to track this down. Best regards, tok Config source host: ----- # 2.2.35 (b1cb664): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.23 (b2e41927) # OS: FreeBSD 11.1-RELEASE-p10 amd64 z...

On 01/05/2017 08:55 PM, Juri wrote: > 5 Gennaio 2017 01:21, "John Fawcett" <john at voipsupport.it> wrote: > >> On 01/04/2017 08:40 PM, Juri wrote: >> >> > Thank you. > > In fact I tried both settings, that is > |ssl_client_ca_dir = /etc/ssl/certs > |ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem > but with no

...dle with the acknowledgement timing or give the processes some more space/time to get on par with eachother? > > > > Below is the configuration of machine B, they are synchronised through puppet, so only the hostname and IP addresses are different. > > (so for replication, A has: tcps:hostname_of_b:12346 and B has tcps:hostname_of_a:12346). Also note that HAproxy is prepared but > > not in use at all. > > > > # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf > > # Pigeonhole version 0.4.20 (7cd71ba) > > # OS: FreeBSD 11.1-RELEASE amd64 &g...

...# Create a listener for doveadm-server >>> service doveadm { >>> user = vmail >>> inet_listener { >>> port = 12345 >>> ssl= yes >>> } >>> } >>> >>> and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port >>> >>> And now: >>> >>> Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long >>...

...p://wiki2.dovecot.org/Replication After upgrading to 2.2.15, dsync gets stuck with the Error: "Received invalid SSL certificate" even though neither any of the dovecot configs nor the certs, keys or the CA have changed! When I simply outcomment SSL and switch dsync to use tcp (instead of tcps) everthing replications still works like a charm. Please help me to get SSL back working! I did a lot of testing and come up with a concrete QUESTION below, hopefully leading the way out of this trap. What happend ============= 2 days before I upgraded one of the machines to OSX Yosemite. Alo...

...y to add ssl by activating "ssl = yes" in 'service doveadm' (see above) and adding ... >> >> | # used by replicator/dsync over tcp >> | # >> | ssl_client_ca_dir = /<path-to>/ssl/certs >> >> ... and ... >> >> | mail_replica = tcps:SERVER-A.TLD >> >> But, this didn't work (logfile at remote server): >> >> | dovecot: doveadm(test): Invalid certificate: self signed certificate: /OU=dovecot server/CN=OTHER-NAME.TLD/emailAddress=postmaster at OTHER-NAME.TLD >> | dovecot: doveadm(test): Error: S...

...adm { >>>>> user = vmail >>>>> inet_listener { >>>>> port = 12345 >>>>> ssl= yes >>>>> } >>>>> } >>>>> >>>>> and doveadm_port = 12345 // mail_replica = tcps:server2.domain.ltd # use doveadm_port >>>>> >>>>> And now: >>>>> >>>>> Feb 03 14:11:16 doveadm(user1 at domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:f...

...re a way to fiddle with the acknowledgement timing or give the processes some more space/time to get on par with eachother? > > Below is the configuration of machine B, they are synchronised through puppet, so only the hostname and IP addresses are different. > (so for replication, A has: tcps:hostname_of_b:12346 and B has tcps:hostname_of_a:12346). Also note that HAproxy is prepared but > not in use at all. > > # 2.2.33.1 (e9afa7f18): /usr/local/etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.20 (7cd71ba) > # OS: FreeBSD 11.1-RELEASE amd64 > auth_mechanisms = plai...

...nfigurations; --- tmp1.txt 2017-03-18 15:18:41.000000000 +0100 +++ tmp2.txt 2017-03-18 15:18:56.000000000 +0100 @@ -55,7 +55,7 @@ imapsieve_mailbox2_name = * mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size - mail_replica = tcps:mail.jr-hosting.nl:12346 + mail_replica = tcps:mail2.jr-hosting.nl:12346 sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve @@ -105,7 +105,7 @@ } service lmtp { inet_listener lmtp { - address = XXX/X 127.0.0.1 ::1 + address = YYYY/...

...etc/ssl/certs/GandiStandardSSLCA2.pem I think it should be ssl_client_ca_file = </etc/ssl/certs/GandiStandardSSLCA2.pem for you. > > This config is working for my email client and my email web > interface ... > > Are they on the right order ? > > mail_replica = tcps:server1 at domain.ltd and tcps:server2 at domain.ltd > > There is trafic on my iptables rules on my both servers: > > 60 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4711 > > > > My error message from server1 (main server): &gt...

Solved, thank you! TCPS was the problem. Hi! You need to use tcps in mail_replica. Aki -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20191120/c12c2d31/attachment.html>