On 11/10/14 10:47 PM, [email protected] wrote:
debug updates
using localhost, dovecot reports timeout for 15s which i set in RC
but using ssl://localhost, dovecot reports timeout for 0s
notice the attempts to access mysql modules
I don't think MySQL has anything to do with this. Nothing points to a
MySQL failure. Sure, some MySQL shared libraries are being loaded, but
they won't be used unless MySQL is actually used in configuration.
localhost
IMAP Error in /roundcube/program/lib/Roundcube/rcube_imap.php
(184):Login failed for user from 1.2.3.4. Empty startup greeting
(localhost:993)
dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used
for ECDH and ECDHE key exchanges
dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used
for ECDH and ECDHE key exchanges
dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read
client hello A [127.0.0.1]
dovecot: auth: Debug: Loading modules from directory:
/usr/lib/dovecot/modules/auth
dovecot: auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_mysql.so
dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
dovecot: auth: Debug: auth client connected (pid=14412)
dovecot: imap-login: Disconnected (no auth attempts in 15 secs):
user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: Disconnected,
session=<xBTDACQFbQB/AAAB>
connection to imap server failed
I think what's happening here is that Roundcube is connecting to Dovecot
on port 993, but not using SSL. Dovecot is sitting waiting for SSL
negotiation to proceed, and Roundcube is sitting waiting for Dovecot to
send its startup greeting. After 15 seconds, someone gives up and
disconnects. From what you said above, I guess it's Roundcube giving up.
If you're just connecting to and from localhost, i.e. no traffic is
actually leaving the server, it would be more efficient not to use SSL
anyway. Could you open up Dovecot to non-SSL connections from the local
machine only, on a different port, and connect to that? That may be the
easiest and best way to solve this.
ssl://localhost
IMAP Error in /var/www/htdocs/rc/program/lib/Roundcube/rcube_imap.php
(184): Login failed for example.com from 1.2.3.4. Could not connect to
ssl://localhost:993: Unknown reason
Failed login for example.com from 85.17.92.143 in session
ukv99kdv3k78hgjca7pkobom71 (error: -2)
Where did this message come from (which log, etc.)? It could be the key.
Hidden in that error '-2' may be the cause of the problem. Access
denied? File not found? ...? But to have even a vague idea how to
interpret the -2, we need to know where it's come from.
dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used
for ECDH and ECDHE key exchanges
dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used
for ECDH and ECDHE key exchanges
dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept
initialization [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept
initialization [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
hello A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
server hello A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
certificate A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write key
exchange A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
server done A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
[127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client certificate A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read
client certificate A [127.0.0.1]
dovecot: auth: Debug: Loading modules from directory:
/usr/lib/dovecot/modules/auth
dovecot: auth: Debug: Module loaded:
/usr/lib/dovecot/modules/auth/libdriver_mysql.so
dovecot: auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
dovecot: auth: Debug: auth client connected (pid=14420)
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client
key exchange A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read
finished A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
session ticket A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
change cipher spec A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write
finished A [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data
[127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation
finished successfully [127.0.0.1]
dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation
finished successfully [127.0.0.1]
dovecot: imap-login: Debug: SSL alert: close notify [127.0.0.1]
dovecot: imap-login: Disconnected (no auth attempts in 0 secs):
user=<>, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<DmZdByQFbwB/AAAB>
connection to imap server failed
This time SSL negotiation has succeeded, so we have a functioning SSL
connection. However, something is giving up after zero seconds! That's
not helpful. Can you see if you can get that timeout up? Perhaps it's as
simple as applying your timeout of 15 seconds to 'ssl://localhost'
instead of 'localhost'? If not, something else is causing it to give up,
and it may be that error -2 above.
Good luck....
Ben.
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
