Yes I have freshly generated dh2048.pem. It's new server and I try to secure him. Should this line be uncommented? (I commented it out because of above errors) I wrote these errors here, becouse they are related to this one line from postfix.
2017-04-25 20:09 GMT+02:00 Viktor Dukhovni <postfix-us...@dukhovni.org>: > > > On Apr 25, 2017, at 10:15 AM, Poliman - Serwis <ser...@poliman.pl> > wrote: > > > > I have configured one line in postfix main.cf (after configure each line > > I check /var/log/mail.err): > > For *Postfix* errors. > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > This is a reasonable Postfix setting, presumably you have a freshly > generated > 2048-bit strong prime DH parameters in that file. > > > After setup above line I have error in above log file (these 4 lines > looped): > > These are *Dovecot* errors, and "dovecot" != "postfix". > > > Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > > Apr 25 14:08:09 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number > > Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad > record mac > > Apr 25 14:08:51 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > Apr 25 14:14:25 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: > error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher > > Apr 25 14:10:51 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: > error:14094085:SSL routines:ssl3_read_bytes:ccs received early > > Apr 25 14:09:16 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: > error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext > > Perhaps there are some MUAs connecting to the dovecot IMAP service in > cleartext on a port where TLS is expected. Please take this issue to > a Dovecot mailing list. > > -- > Viktor. > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl <ser...@poliman.pl>*
