mail.log error that freezes MS Outlook

Discussion in 'ISPConfig 3 Priority Support' started by Tomislav Aurednik, Oct 7, 2016.

  1. I have a wierd error in the log only for 1 email domain and their mailboxes. After the error the users MS Outlook freezes and starts resyncing and the whole laptop slows down.
    Oct 7 12:41:42 mail dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=xx.xx.xx.xx,, TLS handshaking: SSL_accept() syscall failed: Connection reset by peer, session=<1NJKDkQ+HwBcJT0T>

    Only thing that google got me is that it'sa failed login, but after you delete that message in Outlook safe mode from outbox it starts working again. Any idea what can couse this error or how to fix it?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Never seen that. Maybe a problem with the ssl cert? is this a self signed cert or official cert?
  3. Hi, it's official GEOTRUST RAPIDSSL WILDCARD cert
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you install the chain certificates in postfix?
  5. postfix -
    smtpd_tls_cert_file = /etc/postfix/ispserver.pem
    smtpd_tls_key_file = /etc/postfix/ispserver.pem
    smtpd_tls_CAfile = /etc/postfix/ispserver.pem

    and ispserver.pem is consists of:

    dovecot - dovecot.conf
    ssl_cert = </etc/postfix/public.pem
    ssl_ca = </etc/postfix/ca.pem
    ssl_key = </etc/postfix/private.pem
  6. Now I change dovecot to: but it shouldn't be a matter ?
    ssl_cert = </etc/postfix/ispserver.pem
    ssl_ca = </etc/postfix/ispserver.pem
    ssl_key = </etc/postfix/ispserver.pem
  7. Hi,
    Maybe this will help. In mail.err is written:
    Oct 7 12:16:48 mail dovecot: pop3-login: Error: SSL: Stacked error: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message: SSL alert number 10
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    I use separate files for key, cert and CA file on my system, but your combination might work as well. If postfix starts without error, then it should be fine.

    Might be related. maybe that outlook version does not support a specific tls mode or the server forbids an old tls mode that outlook tries to use. You should try to google for the errors, most likely you will find some infos.
  9. It works bouth combinations for cert. I tested.

    As I read now , this is maybe connected to SSLv3, but I am not shure. And I don't know where and what to fix it in postfix or dovecot.

    But this I have to have in conf files, because of the security reasons.
    in dovecot.conf I have :
    ssl_protocols = !SSLv2 !SSLv3
    smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    smtpd_tls_protocols = !SSLv2,!SSLv3

    Version of OL 2016. This error happens very rarely, otherwise the client sends to the same email client without any problems, (thay are all on the same domain even). Probably something related to contacts transferred from Office 2007, and it is possible that have something to do with the cache of OL. I don't know , just thinking out loud ...

Share This Page