similar to: [SOLVED] Doveadm replicator ssl issues

Solved, thank you. TCPS was the issue. From: Aki Tuomi <aki.tuomi at open-xchange.com> Sent: Wednesday, November 20, 2019 08:54 To: Miro Igov <miro.igov at gmail.com>; dovecot at dovecot.org Subject: Re: Doveadm replicator ssl issues On 18.11.2019 22.30, Miro Igov via dovecot wrote: Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard certificates. Email

On 18.11.2019 22.30, Miro Igov via dovecot wrote: > > Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard > certificates. > > Email clients connect fine, https://www.immuniweb.com/ssl/ tests show > certificates are ok. > > However I can?t make replication work when I add ssl = yes. > > Without ssl it works ok. > > ? > > I added

Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard certificates. Email clients connect fine, https://www.immuniweb.com/ssl/ tests show certificates are ok. However I can't make replication work when I add ssl = yes. Without ssl it works ok. I added verbose_ssl in config and error log shows: dovecot: doveadm(149.x.x.x): Error: SSL handshake failed: SSL_accept()

Have you specified the path to ca-certificates? On Debian it's normally something like that #10-ssl.conf ssl_client_ca_dir = /etc/ssl/certs see http://wiki.dovecot.org/Replication#SSL Am 10.11.2016 um 16:09 schrieb nerbrume at free.fr: > Hello, > > I'm using dovecot 2.2.13 on Debian stable. > My users are authenticated through PAM, and stored in an LDAP backend >

Hello, I'm using dovecot 2.2.13 on Debian stable. My users are authenticated through PAM, and stored in an LDAP backend I'm trying to set-up replication with ssl, following (mainly) this : http://wiki2.dovecot.org/Replication 1) I only diverted from the instructed setup by not setting "doveadm_port = 12345", as it would give me errors of the like: > Fatal:

On Thu, Jun 08, 2017 at 11:06:01AM +0300, Aki Tuomi wrote: > > > On 07.06.2017 15:16, Pallissard, Matthew wrote: > > I'm starting to see the following error when upgrading from 2.2.27 to 2.2.29. > > > > doveadm(ip.add.re.ss): Error: doveadm client disconnected before handshake: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared

Dear Thierry, - Have you checked that port 12345 as specified below is open/forwarded and actually /used/ by dovecot (e.g., use "netstat -tulpn|grep dovecot")? - Did you retrace your steps and have you verified that synchronisation works with ssl disabled? - Did you verify your certificate files (e.g., "openssl verify -verbose -CAfile /etc/ssl/certs/GandiCA2.pem

Hello, I have two mail servers and am also experiencing sporadic replication errors over tcps, similar to Reuben. Each server is running Dovecot 2.3.11.3 (502c39af9) on Debian 10.6. *Log entries from MX1* Nov 18 00:39:26 mx1 dovecot: dsync-local(user at example.com)<Ow3zAjWxtF+TDgAAPHKnuQ>: Error: dsync(mx2.example.com): I/O has stalled, no activity for 600 seconds (last sent=mailbox,

Hi Aki, I do not have any error message but (on both server): doveadm replicator status '*' doveadm(root): Fatal: net_connect_unix(/var/run/dovecot/replicator-doveadm) failed: Connection refused Thx Le vendredi 3 f?vrier 2017 ? 17:09:52, vous ?criviez : > Please keep responses in list. rm -f > /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir. > On

Hi, Some time ago I posted the below but never got a reponse that I could work with. So i am retrying now in the hope that there might be a better idea/suggestion on how to approach this. Situation; I have two nodes, which should replicate to eachother. My main machine receives most mail and the other one receives mostly system messages and should get replicated. (This used to be delivered on

Bonjour Markus, > - Have you checked that port 12345 as specified below is open/forwarded > and actually /used/ by dovecot (e.g., use "netstat -tulpn|grep dovecot")? Yes of course: tcp 0 0 0.0.0.0:12345 0.0.0.0:* LISTEN 22025/dovecot tcp6 0 0 :::12345 :::* LISTEN 22025/dovecot > -

Hello list, dovecot ran rock-solid on OSX Mavericks for about 1 year replicating my mail between 2 servers via dsync with SSL as that is well described here: http://wiki2.dovecot.org/Replication After upgrading to 2.2.15, dsync gets stuck with the Error: "Received invalid SSL certificate" even though neither any of the dovecot configs nor the certs, keys or the CA have changed! When I

Hi, I am trying to establish TCP(s)-based replication between two FreeBSD 11.1 machines, both running Dovecot 2.2.35 (via pkg) with 10 virtual users and 1.2GB maildir. I followed the Wiki description (https://wiki2.dovecot.org/Replication), just skipped the SSH part. My resulting configurations are attached below. Problem: After reloading both Dovecot instances, a few seconds later they start to

Please keep responses in list. rm -f /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir. On 2017-02-03 17:00, Thierry wrote: > Hi, > > I have removed the '<' : > > ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem > > But now: > > doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 > doveadm:

Timo Sirainen <tss at iki.fi> wrote: > On 24.3.2013, at 23.07, Michael Grimm <trashcan at odo.in-berlin.de> wrote: > >> First of all I did need to extend http://wiki2.dovecot.org/Replication to get dsync over tcp running without ssl: > .. >> | dovecot: doveadm(test): Error: doveadm_password not set, can't authenticate to remote server > > Updated

Dear Dovecot community, As discussing on IRC with Aki, I have the following thing happening: I got an alert from my mailservice last night that I was running over quota. My quota reached almost 91% (coming from 30%) in one day. I do not recall receiving so much email (we talk about multiple gb?s additional space usage), so something was acting up. When I logged into my mailservers (I?ll

Hi, I've been seeing errors logged for some time with replication processes, whereby replication sessions seem to be timing out periodically. This is with dovecot version 2.3.10.1 (a3d0e1171) and both are Gentoo x86_64. After some investigation I've determined that these timeouts are only ever occurring with tcps as the replication connection type. These errors never occur if

Hi All, I'm running TCP-based dsync replication on two dovecot nodes. Nowdays i tried to enable SSL (TCPS). I changed mail_replica prefix from tcp:* to tcps:* and added ssl=yes to the inet_listener. Then on running *doveadm sync* i'm getting the following message: " *doveadm(example at example.com <example at example.com>): Error: Couldn't initialize SSL context: Can't

Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = </etc/ssl/private/private.key ssl_cert = </etc/ssl/certs/key.crt ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem # Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 ssl= yes } } and doveadm_port = 12345 // mail_replica =

Maybe you could not delete the message instantly, but keep track of last seen UID. UIDs increase monotonically, so you can rest assured that next arriving email has larger UID. Then you can bulk delete mails that are older than one day. Aki > On October 20, 2017 at 8:01 PM Remko Lodder <remko at FreeBSD.org> wrote: > > > Hi, > > Anyone has suggestions? The situation