Ben Schmidt wrote:
On 11/10/14 10:47 PM, shmick@riseup.net wrote:
debug updates
using localhost, dovecot reports timeout for 15s which i set in RC
but using ssl://localhost, dovecot reports timeout for 0s
notice the attempts to access mysql modules
I don't think MySQL has anything to do with this. Nothing points to a MySQL failure. Sure, some MySQL shared libraries are being loaded, but they won't be used unless MySQL is actually used in configuration.
localhost
IMAP Error in /roundcube/program/lib/Roundcube/rcube_imap.php (184):Login failed for user from 1.2.3.4. Empty startup greeting (localhost:993)
dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [127.0.0.1] dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat dovecot: auth: Debug: auth client connected (pid=14412) dovecot: imap-login: Disconnected (no auth attempts in 15 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: Disconnected, session=<xBTDACQFbQB/AAAB>
connection to imap server failed
I think what's happening here is that Roundcube is connecting to Dovecot on port 993, but not using SSL. Dovecot is sitting waiting for SSL negotiation to proceed, and Roundcube is sitting waiting for Dovecot to send its startup greeting. After 15 seconds, someone gives up and disconnects. From what you said above, I guess it's Roundcube giving up.
If you're just connecting to and from localhost, i.e. no traffic is actually leaving the server, it would be more efficient not to use SSL anyway. Could you open up Dovecot to non-SSL connections from the local machine only, on a different port, and connect to that? That may be the easiest and best way to solve this.
ssl://localhost
IMAP Error in /var/www/htdocs/rc/program/lib/Roundcube/rcube_imap.php (184): Login failed for example.com from 1.2.3.4. Could not connect to ssl://localhost:993: Unknown reason
Failed login for example.com from 85.17.92.143 in session ukv99kdv3k78hgjca7pkobom71 (error: -2)
Where did this message come from (which log, etc.)? It could be the key. Hidden in that error '-2' may be the cause of the problem. Access denied? File not found? ...? But to have even a vague idea how to interpret the -2, we need to know where it's come from.
dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [127.0.0.1] dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat dovecot: auth: Debug: auth client connected (pid=14420) dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [127.0.0.1] dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [127.0.0.1] dovecot: imap-login: Debug: SSL alert: close notify [127.0.0.1] dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<DmZdByQFbwB/AAAB>
connection to imap server failed
This time SSL negotiation has succeeded, so we have a functioning SSL connection. However, something is giving up after zero seconds! That's not helpful. Can you see if you can get that timeout up? Perhaps it's as simple as applying your timeout of 15 seconds to 'ssl://localhost' instead of 'localhost'? If not, something else is causing it to give up, and it may be that error -2 above.
Good luck....
Ben.
for future reference and for those on debian jessie
localhost 143
works
it was the only working combination i could find for imap
thank you all