Routine ispconfig_update.sh has broken my email

Discussion in 'Installation/Configuration' started by Mr. Goose, Apr 6, 2022.

  1. Mr. Goose

    Mr. Goose New Member

    Seems a routine ispconfig_update.sh has broken my ability to receive email. Initially the script went fine, until it reached this part...
    Code:
    Reconfigure Services? (yes,no,selected) [yes]:
    
    Configuring Postfix
    Configuring Dovecot
    Creating new DHParams file, this takes several minutes. Do not interrupt the script.
    142+0 records in
    142+0 records out
    142 bytes copied, 0.00850284 s, 16.7 kB/s
    unable to load DH parameters
    140577114715328:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1149:
    140577114715328:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:309:Type=DHparams
    
    I simply haven't a clue what this means or how to set about fixing it? Does anyone have any ideas at all?
     
    Last edited: Apr 6, 2022
  2. Mr. Goose

    Mr. Goose New Member

    My apologies, I should have also said: I am running a recently successfully upgraded Debian 10 (buster) c/w Dovecot 2.3. I just updated to ISPConfig 3.2.8p1 by using the ispconfig_update.sh command, as recommended.
    Also ran:
    Code:
     journalctl -f -n 500 -o short-iso 
    just to see what's going on in real time. It returns lots of lines similar to this (actual IP addresses redacted):-
    Code:
    dovecot[19620]: pop3-login: Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small: user=<>, rip=my.own.ip.address, lip=the.server.ip.address, session=<4fTgRvLbwL3CpOhR>
    
    Kinda verifies that it is indeed a dovecot configuration issue. But I still have no idea what's actually going on.
     
    Last edited: Apr 6, 2022
  3. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Firstly, you should use [ code ] [ /code ] tag instead of that [snip] [snip].

    Secondly, before running the ISPConfig update after upgrading your OS, do follow all the Perfect Server Tutorial relevant steps for your new OS version.

    Thirdly, dhparam can be created manually but I am not gonna spoon feed you with the code, so search this forum if you need it.

    Anyway, I guess your problem could be related to openssl but I am not so sure for now, so do follow Read Before Posting and do as instructed for the community to help you better.
     
  4. Mr. Goose

    Mr. Goose New Member

    Thank you for your reply and my apologies for my faux pas. It's been rather a long day. Anyway, I have amended my posts accordingly.

    I genuinely thought thought I had done everything as per the perfect server for Debian 10. Though it is perfectly possible I missed something. What do you think I have overlooked here?
     
  5. Mr. Goose

    Mr. Goose New Member

    Checked again in the tutorial. https://www.howtoforge.com/perfect-server-debian-10-buster-apache-bind-dovecot-ispconfig-3-1/
    further, especially section 8. There's essentially no actual configuration of dovecot at all? Just tells you to install it and its related parts.
    Code:
    apt-get -y install postfix postfix-mysql postfix-doc mariadb-client mariadb-server openssl getmail4 rkhunter binutils dovecot-imapd dovecot-pop3d dovecot-mysql dovecot-sieve dovecot-lmtpd sudo curl 
    Though I note the tutorial is for v3.1 not V3.2.
     
  6. Mr. Goose

    Mr. Goose New Member

    OK I think I fixed it. I noticed that the /etc/dovecot/dh.pem file generated by ISPConfig was empty. So I created my own thus:-
    Code:
    openssl dhparam -out dh.pem 4096
    I copied my home made dh.pem to /etc/dovecot/dh.pem as root (I used fish:// in Krusader because I am tired and did not want to make any mistakes)
    I then restarted Dovecot as root
    Code:
    systemctl restart dovecot
    Within a few seconds Thunderbird was receiving emails again.
    Please feel free to close this. But just before you do, I'd really like to know what I have missed and what caused ISPConfig (or perhaps it was me) to mess up creating the /etc/dovecot/dh.pem file properly please?
     
    ahrasis likes this.
  7. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    It could just be a bug in the update, but hard to say without knowing the conditions to reproduce it.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    ISPConfig uses the commands recommended by dovecot to convert or create the dh.param file and as it seems this failed for whatever reason on your system and resulted in an empty file. I think it's not very likely that we will be able to reproduce that issue as it must be something specific to your system, otherwise, we would have had hundreds of reports for this already, and also none of the updates on my old systems failed in that way too.
     
    Mr. Goose likes this.

Share This Page