Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 14th March 2006, 06:04
noahlau noahlau is offline
Junior Member
 
Join Date: Mar 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default imapd-ssl: Unexpected SSL connection shutdown.

Hello all.

My email server is postfix + courier imap + courier imap ssl + amavis + clamav + spamassassin.

I am fine when i am using IMAP ( port 143 ) to receive my emails. I also can receive emails with IMAP-SSL ( port 993 ).

However, I receive error that is Unexpected SSL connection shutdown when i am using IMAP-SSL to receive emails:

Mar 14 12:56:32 server1 imapd-ssl: Connection, ip=[::ffff:219.79.136.253]
Mar 14 12:56:32 server1 imapd-ssl: LOGIN, user=noahlau, ip=[::ffff:219.79.136.253], protocol=IMAP
Mar 14 12:56:33 server1 imapd-ssl: Unexpected SSL connection shutdown.
Mar 14 12:56:33 server1 imapd-ssl: DISCONNECTED, user=noahlau, ip=[::ffff:219.79.136.253], headers=0, body=0, time=1, starttls=1
Mar 14 12:56:33 server1 imapd-ssl: Connection, ip=[::ffff:219.79.136.253]
Mar 14 12:56:33 server1 imapd-ssl: LOGIN, user=noahlau, ip=[::ffff:219.79.136.253], protocol=IMAP
Mar 14 12:56:33 server1 imapd-ssl: Unexpected SSL connection shutdown.
Mar 14 12:56:33 server1 imapd-ssl: DISCONNECTED, user=noahlau, ip=[::ffff:219.79.136.253], headers=0, body=2180, time=0, starttls=1

Any Idea ??? thank you so much !!!!

Regards
noahlau
Reply With Quote
Sponsored Links
  #2  
Old 14th March 2006, 09:18
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,769
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

Did you get this error with other email clients too?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 14th March 2006, 10:39
noahlau noahlau is offline
Junior Member
 
Join Date: Mar 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till
Did you get this error with other email clients too?
yes,i also get this error from other clients too.

dont know what is the reason.

i use Outlook Express 2000 in the client Computer

Last edited by noahlau; 14th March 2006 at 14:44.
Reply With Quote
  #4  
Old 14th March 2006, 16:14
noahlau noahlau is offline
Junior Member
 
Join Date: Mar 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default

ok, i think it is outlook express issue, because i got no error after i switch to use Thunderbird email client application.
Reply With Quote
  #5  
Old 14th March 2006, 17:49
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Can you run
Code:
telnet localhost 25
and then issue
Code:
ehlo localhost
? What's the output?

Which distribution do you use?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 15th March 2006, 03:22
noahlau noahlau is offline
Junior Member
 
Join Date: Mar 2006
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
Can you run
Code:
telnet localhost 25
and then issue
Code:
ehlo localhost
? What's the output?

Which distribution do you use?
thank you for your reply

i am using Debian 3.1,

ehlo localhost
250-server1.faithfulnet.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250 8BITMIME


1.the config in /etc/courier/imapd-ssl:

SSLPORT=993
SSLADDRESS=0
SSLPIDFILE=/var/run/courier/imapd-ssl.pid
IMAPDSSLSTART=YES
IMAPDSTARTTLS=YES
IMAP_TLS_REQUIRED=0
COURIERTLS=/usr/bin/couriertls
TLS_PROTOCOL=SSL3
TLS_STARTTLS_PROTOCOL=TLS1
TLS_CERTFILE=/etc/courier/imapd.pem
TLS_VERIFYPEER=NONE
TLS_CACHEFILE=/var/lib/courier/couriersslcache
TLS_CACHESIZE=524288
MAILDIRPATH=Maildir

2. main.cf

biff = no
append_dot_mydomain = no
myhostname = server1.faithfulnet.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = faithfulnet.com, server1.faithfulnet.com, localhost.faithfulnet.
com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = /usr/bin/maildrop
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,rejec
t_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
content_filter = amavis:[127.0.0.1]:10024
Reply With Quote
  #7  
Old 15th March 2006, 12:59
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Hm, looks ok...
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #8  
Old 2nd June 2009, 15:56
airstrip airstrip is offline
Junior Member
 
Join Date: May 2007
Posts: 4
Thanks: 0
Thanked 2 Times in 2 Posts
Default Solution for IMAP unexpected shutdown

This solution may help someone out there with a similar server setup:

I have an isp config installation on my debian sarge machine, running with courier-ssl and postfix, following instructions from:
http://www.howtoforge.com/perfect_setup_debian_sarge_p4

I also had imapd-ssl: Unexpected SSL connection shutdown messages appearing in /var/log/mail.log

The problem I found was with smtpd.pem file in /etc/postfix/ssl
If you check the file with this command.

Code:
openssl x509 -noout -text -in smtpd.pem
It will report an error about expecting a TRUSTED certificate.

The solution is to create a .pem file from your .key and .crt files:
Code:
cat smtpd.key smtpd.key > smtpd.pem
openssl gendh >> smtpd.pem
Then check the file with:
Code:
openssl x509 -noout -text -in smtpd.pem
This will replace the .pem file that was generated in the perfect setup, and create one that is properly formed and worked on my setup. Hopefully it helps yours.

Thanks to this ssl cheat sheet, by David Mcnugget:
http://macnugget.org/projects/sslcheatsheet/

I've also posted on this issue when installing a RapidSSL cert.
http://www.howtoforge.com/forums/sho...1572#post71572

Have fun!
Reply With Quote
The Following User Says Thank You to airstrip For This Useful Post:
falko (3rd June 2009)
  #9  
Old 21st June 2012, 01:10
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,262
Thanks: 78
Thanked 24 Times in 20 Posts
Default

Same problem here as noahlau but I can't apply the solution airstrip posted because I don't have a smtpd.pem file and neither does noahlau.

Any more info?
Reply With Quote
  #10  
Old 21st June 2012, 01:37
airstrip airstrip is offline
Junior Member
 
Join Date: May 2007
Posts: 4
Thanks: 0
Thanked 2 Times in 2 Posts
 
Default

I had to get into this way back in '09 to install some 'real' ssl certificates. I've forgotten what I was doing then, and maybe my filenames are different to the perfect setup because of my custom work. But the problem with the shutdown was the .pem file, so check it.

I suggest you do have a .pem file somewhere, perhaps it is here:

smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

Locate the .pem file and try what I suggested above to check it.

and I note that I made an error in my post above.
To create the .pem file you should use this to combine the .key and .crt:

Quote:
cat smtpd.key smtpd.crt > smtpd.pem
openssl gendh >> smtpd.pem
I'm not an expert, just persistent, and so that's as far as I can help you. Good luck.
Reply With Quote
The Following User Says Thank You to airstrip For This Useful Post:
Turbanator (4th September 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
tlsmgr webmail problem, suse 9.3 perfect setup dschmid Installation/Configuration 44 2nd April 2006 18:55
problems sending receiving mail on Postfix mavgh1 HOWTO-Related Questions 17 10th March 2006 12:43
Mail Problems Suse10 x86_64 Praude Installation/Configuration 21 3rd March 2006 16:26
Internet Mail Problem deezone Installation/Configuration 9 22nd February 2006 21:09
from http to https after installation? Mahir Installation/Configuration 25 7th December 2005 20:40


All times are GMT +2. The time now is 13:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.