Routine ispconfig_update.sh has broken my email

Seems a routine ispconfig_update.sh has broken my ability to receive email. Initially the script went fine, until it reached this part...

Code:

Reconfigure Services? (yes,no,selected) [yes]:

Configuring Postfix
Configuring Dovecot
Creating new DHParams file, this takes several minutes. Do not interrupt the script.
142+0 records in
142+0 records out
142 bytes copied, 0.00850284 s, 16.7 kB/s
unable to load DH parameters
140577114715328:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149:
140577114715328:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:309:Type=DHparams

I simply haven't a clue what this means or how to set about fixing it? Does anyone have any ideas at all?

 

My apologies, I should have also said: I am running a recently successfully upgraded Debian 10 (buster) c/w Dovecot 2.3. I just updated to ISPConfig 3.2.8p1 by using the ispconfig_update.sh command, as recommended.
Also ran:

Code:

 journalctl -f -n 500 -o short-iso 

just to see what's going on in real time. It returns lots of lines similar to this (actual IP addresses redacted):-

Code:

dovecot[19620]: pop3-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=my.own.ip.address, lip=the.server.ip.address, session=<4fTgRvLbwL3CpOhR>

Kinda verifies that it is indeed a dovecot configuration issue. But I still have no idea what's actually going on.

 

Firstly, you should use [ code ] [ /code ] tag instead of that [snip] [snip].

Secondly, before running the ISPConfig update after upgrading your OS, do follow all the Perfect Server Tutorial relevant steps for your new OS version.

Thirdly, dhparam can be created manually but I am not gonna spoon feed you with the code, so search this forum if you need it.

Anyway, I guess your problem could be related to openssl but I am not so sure for now, so do follow Read Before Posting and do as instructed for the community to help you better.

 

Thank you for your reply and my apologies for my faux pas. It's been rather a long day. Anyway, I have amended my posts accordingly.

I genuinely thought thought I had done everything as per the perfect server for Debian 10. Though it is perfectly possible I missed something. What do you think I have overlooked here?

 

Checked again in the tutorial. https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/
further, especially section 8. There's essentially no actual configuration of dovecot at all? Just tells you to install it and its related parts.

Code:

apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo curl 

Though I note the tutorial is for v3.1 not V3.2.

 

OK I think I fixed it. I noticed that the /etc/dovecot/dh.pem file generated by ISPConfig was empty. So I created my own thus:-

Code:

openssl dhparam -out dh.pem 4096

I copied my home made dh.pem to /etc/dovecot/dh.pem as root (I used fish:// in Krusader because I am tired and did not want to make any mistakes)
I then restarted Dovecot as root

Code:

systemctl restart dovecot

Within a few seconds Thunderbird was receiving emails again.
Please feel free to close this. But just before you do, I'd really like to know what I have missed and what caused ISPConfig (or perhaps it was me) to mess up creating the /etc/dovecot/dh.pem file properly please?