Hey all. I was updating my debian 9 to debian 10 and then 11 bullseye. I think that I covered most of the updates related to ISPConfig and the configuration of roundcube and so on. BUT, Now I wanna connect my Thunderbird to my mail created and is not working as before. The only way that works is using No security for receiving and Starttls for sending. Before I had SSL/TLS in both, at least I want security on receiving emails. EDIT: Work this way I need to work with security like this: Do I miss something? Is there a way to REconfigure again all this stuff? What do you recommend? I attach a test: Code: ##### SERVER ##### IP-address (as per hostname): ***.***.***.*** [WARN] could not determine server's ip address by ifconfig [INFO] OS version is Debian GNU/Linux 11 (bullseye) [INFO] uptime: 17:54:03 up 2:22, 1 user, load average: 0.44, 0.19, 0.08 [INFO] memory: total used free shared buff/cache available Mem: 3.9Gi 2.0Gi 136Mi 196Mi 1.8Gi 1.4Gi Swap: 2.0Gi 16Mi 2.0Gi [INFO] ISPConfig is installed. ##### ISPCONFIG ##### ISPConfig version is 3.2.12p1 ##### VERSION CHECK ##### [INFO] php (cli) version is 7.4.33 [INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.33 ##### PORT CHECK ##### ##### MAIL SERVER CHECK ##### ##### RUNNING SERVER PROCESSES ##### [INFO] I found the following web server(s): Apache 2 (PID 22066) [INFO] I found the following mail server(s): Postfix (PID 21879) [INFO] I found the following pop3 server(s): Dovecot (PID 22050) [INFO] I found the following imap server(s): Dovecot (PID 22050) [INFO] I found the following ftp server(s): PureFTP (PID 22097) ##### LISTENING PORTS ##### (only () Local (Address) [localhost]:10026 (21918/amavisd-new) [localhost]:3306 (21598/mariadbd) [localhost]:10027 (21879/master) [anywhere]:587 (21879/master) [localhost]:11211 (11769/memcached) [localhost]:6379 (11690/redis-server) [anywhere]:110 (22050/dovecot) [anywhere]:143 (22050/dovecot) [anywhere]:465 (21879/master) ***.***.***.***:53 (22105/named) ***.***.***.***:53 (22105/named) [localhost]:53 (22105/named) [localhost]:53 (22105/named) [anywhere]:21 (22097/pure-ftpd) [anywhere]:22 (7275/sshd:) [localhost]:5432 (22476/postgres) [localhost]:953 (22105/named) [anywhere]:25 (21879/master) [anywhere]:993 (22050/dovecot) [anywhere]:995 (22050/dovecot) [localhost]:10023 (10498/postgrey) [localhost]:10024 (21918/amavisd-new) [localhost]:10025 (21879/master) *:*:*:*::*:10026 (21918/amavisd-new) *:*:*:*::*:587 (21879/master) *:*:*:*::*:6379 (11690/redis-server) [localhost]10 (22050/dovecot) [localhost]43 (22050/dovecot) *:*:*:*::*:8080 (22066/apache2) *:*:*:*::*:80 (22066/apache2) *:*:*:*::*:8081 (22066/apache2) *:*:*:*::*:465 (21879/master) *:*:*:*::*:21 (22097/pure-ftpd) *:*:*:*::*:53 (22105/named) *:*:*:*::*:53 (22105/named) *:*:*:*::*f03c:91ff:53 (22105/named) *:*:*:*::*f03c:91ff:53 (22105/named) *:*:*:*::*f03c:91ff:fe23:53 (22105/named) *:*:*:*::*f03c:91ff:fe23:53 (22105/named) *:*:*:*::*:22 (7275/sshd:) *:*:*:*::*:5432 (22476/postgres) *:*:*:*::*:25 (21879/master) *:*:*:*::*:953 (22105/named) *:*:*:*::*:443 (22066/apache2) *:*:*:*::*:993 (22050/dovecot) *:*:*:*::*:995 (22050/dovecot) *:*:*:*::*:10023 (10498/postgrey) *:*:*:*::*:10024 (21918/amavisd-new) ##### IPTABLES ##### Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-before-input all -- [anywhere]/0 [anywhere]/0 ufw-after-input all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-input all -- [anywhere]/0 [anywhere]/0 ufw-reject-input all -- [anywhere]/0 [anywhere]/0 ufw-track-input all -- [anywhere]/0 [anywhere]/0 Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-before-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-forward all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-forward all -- [anywhere]/0 [anywhere]/0 ufw-reject-forward all -- [anywhere]/0 [anywhere]/0 ufw-track-forward all -- [anywhere]/0 [anywhere]/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-before-output all -- [anywhere]/0 [anywhere]/0 ufw-after-output all -- [anywhere]/0 [anywhere]/0 ufw-after-logging-output all -- [anywhere]/0 [anywhere]/0 ufw-reject-output all -- [anywhere]/0 [anywhere]/0 ufw-track-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:137 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:138 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:445 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:67 ufw-skip-to-policy-input udp -- [anywhere]/0 [anywhere]/0 udp dpt:68 ufw-skip-to-policy-input all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ufw-user-forward all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 ctstate INVALID DROP all -- [anywhere]/0 [anywhere]/0 ctstate INVALID ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 3 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 11 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 12 ACCEPT icmp -- [anywhere]/0 [anywhere]/0 icmptype 8 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp spt:67 dpt:68 ufw-not-local all -- [anywhere]/0 [anywhere]/0 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:5353 ACCEPT udp -- [anywhere]/0 ***.***.***.*** udp dpt:1900 ufw-user-input all -- [anywhere]/0 [anywhere]/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 ACCEPT all -- [anywhere]/0 [anywhere]/0 ctstate RELATED,ESTABLISHED ufw-user-output all -- [anywhere]/0 [anywhere]/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ctstate INVALID limit: avg 3/min burst 10 LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type LOCAL RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type MULTICAST RETURN all -- [anywhere]/0 [anywhere]/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 10 DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- [anywhere]/0 [anywhere]/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 ctstate NEW ACCEPT udp -- [anywhere]/0 [anywhere]/0 ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:20 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:21 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:22 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:25 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:53 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:80 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:110 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:143 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:443 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:587 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:993 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:995 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8080 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:8081 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:10000 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:53 ACCEPT udp -- [anywhere]/0 [anywhere]/0 udp dpt:3306 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 multiport dports 40110:40210 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:465 ACCEPT tcp -- [anywhere]/0 [anywhere]/0 tcp dpt:990 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- [anywhere]/0 [anywhere]/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- [anywhere]/0 [anywhere]/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- [anywhere]/0 [anywhere]/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ##### LET'S ENCRYPT ##### Certbot is installed in /usr/bin/letsencrypt Hope this can helps for solving my issue.
Have you run an ISPConfig update after upgrading Debian, and did you choose to reconfigure services during that update?
Yes to both question Code: Creating backup of "/usr/local/ispconfig" directory... Creating backup of "/etc" directory... Creating backup of "/etc/letsencrypt" directory... Checking MariaDB version 10.5.26 .. OK Checking ISPConfig database .. OK Starting incremental database update. Loading SQL patch file: /tmp/update_runner.sh.Y2Y8MEf5VJ/install/sql/incremental/upd_dev_collection.sql Reconfigure Permissions in master database? (yes,no) [no]: Service 'xmpp_server' has been detected (currently disabled) do you want to enable and configure it? (yes,no) [no]: Reconfigure Services? (yes,no,selected) [yes]: Configuring Postfix Configuring Dovecot Configuring Spamassassin Configuring Amavisd Configuring Getmail Configuring BIND Configuring Pureftpd Configuring Apache Configuring vlogger Configuring Apps vhost Configuring Jailkit Configuring AppArmor Configuring Ubuntu Firewall Configuring Database Updating ISPConfig ISPConfig Port [8080]: Create new ISPConfig SSL certificate (yes,no) [no]: yes Checking / creating certificate for cerberus.devcognitio.com.ar Using certificate path /etc/letsencrypt/live/cerberus.devcognitio.com.ar Using apache for certificate validation Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Cert not yet due for renewal Keeping the existing certificate Symlink ISPConfig SSL certs to Postfix? (y,n) [y]: Symlink ISPConfig SSL certs to Pure-FTPd? Creating dhparam file may take some time. (y,n) [y]: Reconfigure Crontab? (yes,no) [yes]: Updating Crontab Restarting services ... Update finished.
Please post your dovecot.conf file. Sorry, requested master.cf first but you only have an issue with dovecot as it seems.
here it's Code: # Do not change this file, as changes will be overwritten by any ISPConfig update. # Put your custom settings in /usr/local/ispconfig/server/conf-custom/install/dovecot_custom.conf.master. # To start using those changes, do a force upgrade and let it reconfigure your services. (ispconfig_update.sh --force) listen = *,[::] protocols = imap pop3 lmtp auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key ssl_dh = </etc/dovecot/dh.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305> ssl_prefer_server_ciphers = no mail_max_userip_connections = 100 mail_plugins = quota passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage # no longer needed, as 'sieve' is in userdb extra fields: sieve=/var/vmail/%d/%n/.sieve sieve_before=/var/vmail/%d/%n/.ispconfig-before.sieve sieve_after=/var/vmail/%d/%n/.ispconfig.sieve sieve_max_script_size = 2M sieve_max_actions = 100 sieve_max_redirects = 25 } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix # For higher volume sites, it may be desirable to increase the number of active listener processes. # A range of 5 to 20 is probably good for most sites # process_min_avail = 5 } } lmtp_rcpt_check_quota = yes service imap-login { client_limit = 1000 process_limit = 512 } protocol imap { mail_plugins = $mail_plugins quota imap_quota auth_verbose = yes } protocol pop3 { pop3_uidl_format = %08Xu%08Xv mail_plugins = $mail_plugins quota auth_verbose = yes } protocol lda { postmaster_address = [email protected] mail_plugins = $mail_plugins sieve quota } protocol lmtp { postmaster_address = [email protected] mail_plugins = $mail_plugins quota sieve } service stats { unix_listener stats-reader { user = vmail group = vmail mode = 0660 } unix_listener stats-writer { user = vmail group = vmail mode = 0660 } } service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } client_limit = 1 } plugin { quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" } imap_capability=+SPECIAL-USE XLIST namespace inbox { inbox = yes separator = . mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } } !include_try conf.d/99-ispconfig-custom-config.conf And this is the 10-master.cf Code: default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } service pop3-login { inet_listener pop3 { #port = 110 } inet_listener pop3s { #port = 995 #ssl = yes } } service submission-login { inet_listener submission { #port = 587 } } service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = $default_vsz_limit # Max. number of IMAP processes (connections) #process_limit = 1024 } service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 } service submission { # Max. number of SMTP Submission processes (connections) #process_limit = 1024 } service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { #mode = 0666 #user = #group = } # Postfix smtp-auth #unix_listener /var/spool/postfix/private/auth { # mode = 0666 #} # Auth process is run as this user. #user = $default_internal_user } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. #user = root } service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } }
And this is the 10-ssl.cf which I changed it when I saw ssl = no and all file commented. Code: GNU nano 5.4 10-ssl.conf ## ## SSL settings ## # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt> ssl = yes # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.key # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) #ssl_ca = # Require that CRL check succeeds for client certificates. #ssl_require_crl = yes # Directory and/or file for trusted SSL CA certificates. These are used only # when Dovecot needs to act as an SSL client (e.g. imapc backend). The # directory is usually /etc/ssl/certs in Debian-based systems and the file is # /etc/pki/tls/cert.pem in RedHat-based systems. #ssl_client_ca_dir = #ssl_client_ca_file = # Request client to send a certificate. If you also want to require it, set # auth_ssl_require_client_cert=yes in auth section. #ssl_verify_client_cert = no # Which field from certificate to use for username. commonName and # x500UniqueIdentifier are the usual choices. You'll also need to set # auth_ssl_username_from_cert=yes. #ssl_cert_username_field = commonName # DH parameters length to use. #ssl_dh_parameters_length = 1024 # SSL protocols to use ssl_protocols = TLSv1.2 TLSv1.3 # SSL ciphers to use #ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL # Prefer the server's order of ciphers over client's. #ssl_prefer_server_ciphers = no # SSL crypto device to use, for valid values run "openssl engine" #ssl_crypto_device = # SSL extra options. Currently supported options are: # no_compression - Disable compression. #ssl_options =
You changed the wrong files, neither 10-ssl.cf nor 10-master.cf are used by your server. The only relevant file is /etc/dovecot/dovecot.conf.
dovecot.conf looks fine so far, here a file from a Debian 12 system with working starttls: Code: # Do not change this file, as changes will be overwritten by any ISPConfig update. # Put your custom settings in /usr/local/ispconfig/server/conf-custom/install/dovecot_custom.conf.master. # To start using those changes, do a force upgrade and let it reconfigure your services. (ispconfig_update.sh --force) listen = *,[::] protocols = imap pop3 lmtp sieve auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key ssl_dh = </etc/dovecot/dh.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl_prefer_server_ciphers = no mail_max_userip_connections = 100 mail_plugins = quota passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage # no longer needed, as 'sieve' is in userdb extra fields: sieve=/var/vmail/%d/%n/.sieve sieve_before=/var/vmail/%d/%n/.ispconfig-before.sieve sieve_after=/var/vmail/%d/%n/.ispconfig.sieve sieve_max_script_size = 2M sieve_max_actions = 100 sieve_max_redirects = 25 } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix # For higher volume sites, it may be desirable to increase the number of active listener processes. # A range of 5 to 20 is probably good for most sites # process_min_avail = 5 } } lmtp_rcpt_check_quota = yes service imap-login { client_limit = 1000 process_limit = 512 } protocol imap { mail_plugins = $mail_plugins quota imap_quota auth_verbose = yes } protocol pop3 { pop3_uidl_format = %08Xu%08Xv mail_plugins = $mail_plugins quota auth_verbose = yes } protocol lda { postmaster_address = [email protected] mail_plugins = $mail_plugins sieve quota } protocol lmtp { postmaster_address = [email protected] mail_plugins = $mail_plugins quota sieve } service stats { unix_listener stats-reader { user = vmail group = vmail mode = 0660 } unix_listener stats-writer { user = vmail group = vmail mode = 0660 } } service quota-status { executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } client_limit = 1 } plugin { quota_status_success = DUNNO quota_status_nouser = DUNNO quota_status_overquota = "552 5.2.2 Mailbox is full" } imap_capability=+SPECIAL-USE XLIST namespace inbox { inbox = yes separator = . mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } } !include_try conf.d/99-ispconfig-custom-config.conf
Updating again to Debian 12 solved the issue. I didn't know what I changed. Now I'm having issues for accessing to phpmyadmin, but all seems to be there. strange
