starred/modoboa-modoboa
1
0
Fork 0
mirror of https://github.com/modoboa/modoboa.git synced 2026-04-25 08:56:02 +03:00
Code Issues 60 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1134] Modoboa on Debian 9 / SSL version used by Dovecot and webmailer #939

New issue
Closed
opened 2026-02-27 11:14:22 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 11:14:22 +03:00
Owner
Copy link

Originally created by @ghost on GitHub (Jun 10, 2017).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1134

Impacted versions

  • Modoboa: 1.7.4
  • installer used: Yes
  • Webserver: Nginx

Steps to reproduce

I tried to install Modoboa on a fresh Debian 9/stretch, which will become the "stable" Debian on next saturday [1]. When opening the webmailer it fails with the error Error: Connection to IMAP server failed: [Errno 104] Connection reset by peer. The syslog furthermore says:

Jun 10 13:09:39 mail dovecot: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2'
Jun 10 13:09:39 mail dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs

According to this post [2] openssl does not support SSLv2 from version 1.1. Debian stretch uses openssl 1.1.0f-3, so it has no SSLv2 support anymore. In contrast Debian jessie (the stable release at the moment) uses openssl 1.0.1t, so there should be no problem.

According to this post and some posts in Debian mailing lists, the solution to this problem would be changing the SSL version in Dovecot config (file /etc/dovecot/conf.d/10-ssl.conf) from

# SSL protocols to use
ssl_protocols = !SSLv2 !SSLv3

to

# SSL protocols to use
ssl_protocols = !SSLv3

After restarting the whole system there are still errors. The webmailer now reports this error:

Error: Connection to IMAP server failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:661)

while syslog says:

Jun 10 13:19:34 mail dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<BBS0QplRuuB/AAAB>

Does this mean, that the webmailer only supports SSLv2 while openssl used by dovecot only supports SSLv3?

Expected behavior

A working webmailer

Video/Screenshot link (optional)

Webmail-Settings:
bildschirmfoto von 2017-06-10 13-22-25
Changing the IMAP secure connection to No still results in

Error: ['[AUTHENTICATIONFAILED] Authentication failed.']

Links

[1] https://lists.debian.org/debian-devel-announce/2017/05/msg00002.html
[2] https://bbs.archlinux.org/viewtopic.php?id=225535

Originally created by @ghost on GitHub (Jun 10, 2017). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1134 # Impacted versions * Modoboa: 1.7.4 * installer used: Yes * Webserver: Nginx # Steps to reproduce I tried to install Modoboa on a fresh Debian 9/stretch, which will become the "stable" Debian on next saturday [1]. When opening the webmailer it fails with the error ` Error: Connection to IMAP server failed: [Errno 104] Connection reset by peer`. The syslog furthermore says: Jun 10 13:09:39 mail dovecot: imap-login: Fatal: Invalid ssl_protocols setting: Unknown protocol 'SSLv2' Jun 10 13:09:39 mail dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs According to this post [2] openssl does not support SSLv2 from version 1.1. Debian stretch uses openssl 1.1.0f-3, so it has no SSLv2 support anymore. In contrast Debian jessie (the stable release at the moment) uses openssl 1.0.1t, so there should be no problem. According to this post and some posts in Debian mailing lists, the solution to this problem would be changing the SSL version in Dovecot config (file `/etc/dovecot/conf.d/10-ssl.conf`) from # SSL protocols to use ssl_protocols = !SSLv2 !SSLv3 to # SSL protocols to use ssl_protocols = !SSLv3 After restarting the whole system there are still errors. The webmailer now reports this error: Error: Connection to IMAP server failed: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:661) while syslog says: Jun 10 13:19:34 mail dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<BBS0QplRuuB/AAAB> Does this mean, that the webmailer only supports SSLv2 while openssl used by dovecot only supports SSLv3? # Expected behavior A working webmailer # Video/Screenshot link (optional) Webmail-Settings: ![bildschirmfoto von 2017-06-10 13-22-25](https://user-images.githubusercontent.com/29311710/27002350-f058fb22-4ddf-11e7-9a4e-25a1c5ff1f91.png) Changing the IMAP secure connection to No still results in Error: ['[AUTHENTICATIONFAILED] Authentication failed.'] # Links [1] https://lists.debian.org/debian-devel-announce/2017/05/msg00002.html [2] https://bbs.archlinux.org/viewtopic.php?id=225535
kerem closed this issue 2026-02-27 11:14:22 +03:00
kerem commented 2026-02-27 11:14:23 +03:00
Author
Owner
Copy link

@tonioo commented on GitHub (Jun 16, 2017):

@tir42 Thank you for reporting this but it is an installer issue. Could you please move it to the appropriate repository?
About the webmail, python2 imaplib (and so the webmail) does not support STARTTLS. Have you tried to change IMAP port to 993? (instead of 143)

<!-- gh-comment-id:308961543 --> @tonioo commented on GitHub (Jun 16, 2017): @tir42 Thank you for reporting this but it is an installer issue. Could you please move it to the appropriate repository? About the webmail, python2 imaplib (and so the webmail) does not support STARTTLS. Have you tried to change IMAP port to 993? (instead of 143)
kerem commented 2026-02-27 11:14:23 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Jun 16, 2017):

Thanks, changing the port to 993 did the trick. But only when I log in as a normal user. When I try to open webmail as admin it still fails with Error: ['[AUTHENTICATIONFAILED] Authentication failed.'].
But this is another issue and has nothing to do with Debian stretch.

<!-- gh-comment-id:308969154 --> @ghost commented on GitHub (Jun 16, 2017): Thanks, changing the port to 993 did the trick. But only when I log in as a normal user. When I try to open webmail as admin it still fails with `Error: ['[AUTHENTICATIONFAILED] Authentication failed.']`. But this is another issue and has nothing to do with Debian stretch.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix/sievefilters-allow-email-in-rule-name
dependabot/npm_and_yarn/frontend/axios-1.15.0
translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP
translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP
fix/login-issue-3995
fix/sievefilters-issues
add-vitepress-openapi
2974-dmarc-empty-email
2.3.x
updated-doc-2.3.0
feature/OIDC
delete-all-alarms
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca
1.x
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE
translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK
1.8.x
1.7.x
1.6.x
1.4.x
1.3.x
1.2.x
2.8.2
2.8.1
2.8.0
2.7.2
2.7.1
2.7.0
2.6.5
2.6.4
2.6.3
2.6.2
2.6.1
2.6.0
2.5.1
2.5.0
2.4.11
2.4.10
2.4.9
2.4.8
2.4.7
2.4.6
2.4.5
2.4.4
2.4.3
2.4.2
2.4.1
2.4.0
2.3.6
2.3.5
2.3.4
2.3.3
2.3.2
2.3.1
2.3.0
2.3.0-beta.4
2.3.0-beta.3
2.3.0-beta.2
2.3.0-beta.1
2.2.4
2.2.3
2.2.2
2.2.1
2.2.0
2.1.2
2.1.1
2.1.0
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
2.0.0-beta.3
2.0.0-beta.2
2.0.0-beta.1
1.17.0
1.16.1
1.16.0
1.15.0
1.14.0
1.13.1
1.13.0
1.12.2
1.12.1
1.12.0
1.11.1
1.11.0
1.10.7
1.10.6
1.10.5
1.10.4
1.10.3
1.10.2
1.10.1
1.10.0
1.9.1
1.9.0
1.8.3
1.8.2
1.8.1
1.8.0
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.3
1.6.2
1.6.1
1.6.0
1.5.3
1.5.2
1.5.1
1.5.0
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.5
1.3.4
1.2.2
1.3.3
1.3.2
1.3.1
1.3.0
1.2.1
1.2.0
1.2.0-rc2
1.2.0-rc1
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.1
1.0.0
0.9.5
0.9.4
0.9.3
0.9.2
0.9.1
0.9
0.8.8
0.8.7
0.8.6.1
0.8.6
0.8.5
0.8.4
0.8.3
0.8.3-rc1
0.8.2
0.8.1
0.8
0.8-rc2
0.8-rc1
0.7.2
0.7.1
0.7
0.6.1
0.6
0.5
0.3
0.2
0.1
Labels
Clear labels   
bug

   
bug

   
dependencies

   
design

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
feedback-needed

   
help-needed

   
help-needed

   
installer

   
invalid

   
looking-for-sponsors

   
modoboa-contacts

   
new-ui

   
new-ui

   
pr

   
pull-request

Mirrored from GitHub Pull Request

  
pyconfr

   
python

   
question

   
security

   
stale

   
webmail

   
wontfix
No labels
bug
bug
dependencies
design
documentation
duplicate
enhancement
enhancement
enhancement
feedback-needed
help-needed
help-needed
installer
invalid
looking-for-sponsors
modoboa-contacts
new-ui
new-ui
pr
pull-request
pyconfr
python
question
security
stale
webmail
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/modoboa-modoboa#939
No description provided.