HI! I have a vps with perfect server installed ubuntu 16.04 LTS and ispconfig 3.1x. Working well 3 more years. I seeing the log files on var/log and mail.err is many error lines now. And now is mailserver randomly not working good. My users randomly not sending and receiving mails! What is this and any issue? I not found working solution!!! Oct 27 22:04:40 katmandu dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 27 22:04:41 katmandu dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 27 22:04:42 katmandu dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 27 22:04:43 katmandu dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 27 22:04:44 katmandu dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 27 22:04:44 katmandu dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 27 22:42:17 katmandu dovecot: pop3-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Oct 27 22:45:33 katmandu postfix/submission/smtpd[32228]: fatal: no SASL authentication mechanisms Oct 27 23:05:00 katmandu dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 27 23:25:08 katmandu dovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Please help me! Best regards Jamby from hungary!
The problem might be that the cipherlist in postfix does not fit the accepted protocols. Use this as a guide to adjust your settings in /etc/postfix/main.cf: https://ssl-config.mozilla.org/#ser...fig=intermediate&openssl=1.1.1d&guideline=5.6 You probably want to to change the following lines (they should already exist) to look like: Code: smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_mandatory_ciphers = medium smtpd_tls_dh1024_param_file = /etc/postfix/dhparam.pem tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 tls_preempt_cipherlist = no Also, execute: Code: curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/postfix/dhparam.pem to get predefined dh params. If you have clients which need TLS1.1 (old outlook, windows7, etc..) then use the "old" settings of the website above
Yes i upgarde to ispconfig 3.2. The error still exists. Users cant receiving mails from dovecot ssl 993 port. Cant connect error. Normail imap logn without ssl is working well.
I seeing a new lines the mail.err file: Oct 31 04:43:23 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 04:43:24 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 06:36:05 xx amavis[18019]: (18019-14) (!!)AV: ALL VIRUS SCANNERS FAILED Oct 31 06:36:16 xx amavis[15401]: (15401-17) (!!)AV: ALL VIRUS SCANNERS FAILED Oct 31 10:23:23 xxu dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 10:36:03 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 10:37:02 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 10:38:02 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 10:41:02 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 10:47:02 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 10:59:00 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 11:23:00 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number Oct 31 12:11:00 xx dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Yes a making chiphers settings and this error is eliminating. Others in error log. IMAP ssl login not working. All ssl mail login is disconnected. why? ispconfig 3.2 update is wrong?
Do this and post results inside CODE tags https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Hi taleman. The reuslts is: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** IP-address(es) (as per ifconfig): ***.***.***.*** [WARN] ip addresses from hostname differ from ifconfig output. Please check your ip settings. [INFO] OS version is Ubuntu 16.04.7 LTS [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.0.33-0ubuntu***.***.***.*** ##### PORT CHECK ##### [WARN] Port 22 (SSH server) seems NOT to be listening ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 1724) [INFO] I found the following mail server(s): Unknown process (smtpd) (PID 816) [INFO] I found the following pop3 server(s): Dovecot (PID 1364) [INFO] I found the following imap server(s): Dovecot (PID 1364) [INFO] I found the following ftp server(s): PureFTP (PID 1861) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10024 (1683/amavisd-new) [localhost]:9000 (1269/php-fpm.conf)) [localhost]:10025 (5150/master) [localhost]:9001 (1124/php-fpm.conf)) [localhost]:10026 (1683/amavisd-new) [localhost]:10027 (5150/master) [anywhere]:587 (5150/master) [localhost]:11211 (1267/memcached) [anywhere]:110 (1364/dovecot) [anywhere]:143 (1364/dovecot) [anywhere]:2223 (1317/sshd) [anywhere]:10000 (1711/perl) [anywhere]:465 (5150/master) [anywhere]:21 (1861/pure-ftpd) ***.***.***.***:53 (1261/named) [localhost]:53 (1261/named) [anywhere]:25 (816/smtpd) [localhost]:953 (1261/named) [anywhere]:993 (1364/dovecot) [anywhere]:995 (1364/dovecot) *:*:*:*::*:10024 (1683/amavisd-new) *:*:*:*::*:3306 (1623/mysqld) *:*:*:*::*:10026 (1683/amavisd-new) *:*:*:*::*:3050 (1345/firebird) [localhost]10 (1364/dovecot) [localhost]43 (1364/dovecot) *:*:*:*::*:2223 (1317/sshd) *:*:*:*::*:8080 (1724/apache2) *:*:*:*::*:80 (1724/apache2) *:*:*:*::*:8081 (1724/apache2) *:*:*:*::*:21 (1861/pure-ftpd) *:*:*:*::*:53 (1261/named) *:*:*:*::*:953 (1261/named) *:*:*:*::*:443 (1724/apache2) *:*:*:*::*:993 (1364/dovecot) *:*:*:*::*:995 (1364/dovecot) ##### IPTABLES ##### Chain INPUT (policy ACCEPT) target prot opt source destination f2b-named-refused-tcp tcp -- [anywhere]/0 [anywhere]/0 multiport dports 53,953 f2b-named-refused-udp udp -- [anywhere]/0 [anywhere]/0 multiport dports 53,953 f2b-pureftpd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 21 f2b-dovecot-pop3imap tcp -- [anywhere]/0 [anywhere]/0 multiport dports 110,995,143,993 f2b-postfix-sasl tcp -- [anywhere]/0 [anywhere]/0 multiport dports 25 f2b-sshd tcp -- [anywhere]/0 [anywhere]/0 multiport dports 22 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain f2b-dovecot-pop3imap (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-named-refused-tcp (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-named-refused-udp (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-postfix-sasl (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-pureftpd (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable REJECT all -- ***.***.***.*** [anywhere]/0 reject-with icmp-port-unreachable RETURN all -- [anywhere]/0 [anywhere]/0
I have this error on my mail.err dovecot: imap-login: Error: SSL: Stacked error: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number many lines and user mail boxes cant connet to imap ssl methode only normal connect without ssl
