Erreur mail DH PARAMETERS depuis mise à jour

rodinux · August 30, 2020, 6:34pm

Mon serveur YunoHost

Matériel: Raspberry Pi 4 / avec VPN /
Version de YunoHost: 4.0.5 (testing)
J’ai accès à mon serveur : En SSH | Par la webadmin |
Êtes-vous dans un contexte particulier ou avez-vous effectué des modifications particulières sur votre instance ? : non

Depuis des mises à jour aujourd’hui et un reboot du serveur (un raspberry Pi4), il y a eu un soucis avec le mail. Mon client Thunderbird ne recevait plus de messages. J’ai effacé le compte et essayer de remettre le compte, mais il n’arrive pas à se connecter au serveur ?

Entre autre j’ai ce genre log dans /var/log/mail.err

Aug 30 20:26:40 rodinux dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=37.167.175.202, lip=89.234.140.172, session=<5DJabRyuTSUlp6/K>

On dirait un problème de clé ssl ??
Que faire ?

Je vois aussi l’erreur avec le client K9mail sur mon smartphone. 2 messages dans Boîtes de réception avec SSLHandshakeExecption: SSL

J’ai essayé de redémarré Postfix et Dovecot, aussi tenté sudo yunohost tools regen-conf postfix -f, je n’arrive pas à résoudre ce bug…

Dans les logs, je trouve aussi des pistes, des problèmes avec les clés DH PARAMETERS

Je n’arrive pas à utiliser yunopaste alors je mets quelques lignes ici

Journalctl

août 30 21:05:46 dovecot[10783]: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=XX.XXX.XXX.XXX, lip=XX.XXX.XXX.XXX, session=<jcQt+RyuaCUlp6/K>
août 30 21:06:10 dovecot[10783]: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=XX.XXX.XXX.XXX, lip=XX.XXX.XXX.XXX, session=<Mj2k+hyuhCUlp6/K>
août 30 21:06:13 dovecot[10783]: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=XX.XXX.XXX.XXX, lip=XX.XXX.XXX.XXX, session=<poHR+hyuhiUlp6/K>

/var/log/mail.err

Aug 30 21:05:46 rodinux dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=XX.XXX.XXX.XXX, lip=XX.XXX.XXX.XXX, session=<jcQt+RyuaCUlp6/K>
Aug 30 21:06:10 rodinux dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=XX.XXX.XXX.XXX, lip=XX.XXX.XXX.XXX, session=<Mj2k+hyuhCUlp6/K>
Aug 30 21:06:13 rodinux dovecot: imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=XX.XXX.XXX.XXX, lip=XX.XXX.XXX.XXX, session=<poHR+hyuhiUlp6/K>

/var/log/mail.log

Aug 30 21:33:10 rodinux postfix/submission/smtpd[23270]: warning: cannot load 1024-bit DH parameters from file /usr/share/yunohost/other/ffdhe2048.pem;: No such file or directory -- using compiled-in defaults
Aug 30 21:33:10 rodinux postfix/submission/smtpd[23270]: connect from unknown[XX.XX.XXX.XXX]
Aug 30 21:33:11 rodinux postfix/submission/smtpd[23270]: disconnect from unknown[XX.XX.XXX.XXX] ehlo=1 auth=0/1 rset=0/1 quit=1 commands=2/4
Aug 30 21:34:39 rodinux postfix/smtpd[23574]: warning: cannot load 1024-bit DH parameters from file /usr/share/yunohost/other/ffdhe2048.pem;: No such file or directory -- using compiled-in defaults
Aug 30 21:34:39 rodinux postfix/smtpd[23574]: connect from unknown[XXX.XX.XXX.X]
Aug 30 21:34:43 rodinux postfix/smtpd[23574]: disconnect from unknown[XXX.XX.XXX.X] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Aug 30 21:37:46 rodinux postfix/submission/smtpd[24197]: warning: cannot load 1024-bit DH parameters from file /usr/share/yunohost/other/ffdhe2048.pem;: No such file or directory -- using compiled-in defaults
Aug 30 21:37:46 rodinux postfix/submission/smtpd[24197]: connect from unknown[XX.XX.XXX.XXX]
Aug 30 21:37:46 rodinux postfix/submission/smtpd[24197]: disconnect from unknown[XX.XX.XXX.XXX] ehlo=1 auth=0/1 rset=0/1 quit=1 commands=2/4
Aug 30 21:37:53 rodinux postfix/smtpd[24247]: warning: cannot load 1024-bit DH parameters from file /usr/share/yunohost/other/ffdhe2048.pem;: No such file or directory -- using compiled-in defaults
Aug 30 21:37:53 rodinux postfix/smtpd[24247]: connect from unknown[XXX.XX.XXX.X]

rodinux · August 31, 2020, 7:46am

Hors-sujet, mais j’ai aussi php-fpm qui tombe dans les choux de manière récurrente (Coupures raspberry erreur 502). je redémarre php-fpm via l’interface admin et les services redémarre… Peut-être une mauvaise configuration de la gestion de la mémoire ?? Ceci est un autre post à clarifier plus tard…

Mais pour le mail, je me demande si ça ne vient pas de la mise à jour de Rouncube ??? Quel est ce soucis avec la clé PEM qui se trouve dans /usr/share/yunohost/other/ elle ne serait pas au bon format 1024-bit ?
Serait-elle corrompue ? Dans le message d’erreur je comprends que smtpd veut charger une clé 1024-bit mais la clé semble être codée en 2048-bit, est-ce que ce serait là le problème ?

Sinon les mails fonctionnent encore via Roundcube en me connectant à une session sur le sso, mais j’aimerai bien pouvoir garder la possibilité de synchroniser mes mails avec Thunderbird et K9mail…

Aleks · August 31, 2020, 7:07pm

If you had took twenty seconds to tell which version of Yunohost your are using and used the support thread template, as strongly advised at least 3 times on this forum, I could have told you directly that this is because you are using the testing version of Yunohost and what the fix would be.

rodinux · August 31, 2020, 7:20pm

Sorry, at first I have posted on Advanced Use Case category this post, and it why I have not seen the advertissment… But it is my guest…
So, my config

Mon serveur YunoHost

Matériel: Raspberry Pi 4 / avec VPN /
Version de YunoHost: 4.0.5 (testing)
J’ai accès à mon serveur : En SSH | Par la webadmin |
Êtes-vous dans un contexte particulier ou avez-vous effectué des modifications particulières sur votre instance ? : non

En effet, j’ai tester Yunohost Buster avant la sortie officielle, entre autre pour contribuer… Du coup je ne suis pas sur une version stable ??

Désolé, pour le cafouillage…

rodinux · August 31, 2020, 7:29pm

Really sorry,
I did not realize I have stay on a testing version, I see this just know:

$ cat /etc/apt/sources.list.d/yunohost.list 
deb http://forge.yunohost.org/debian/ buster stable testing unstable

Perhaps it would be better coming back on stable branch, is it possible without broke dependencies ?

Aleks · August 31, 2020, 7:33pm

Yes, just remove “testing” and "unstable "from the yunohost.list

rodinux · August 31, 2020, 7:35pm

Ok thanks, do you think it will resolve the issue ?

Aleks · August 31, 2020, 7:36pm

Yes and no, the real fix for your issue is to upgrade to 4.0.6 which just got released

rodinux · August 31, 2020, 7:40pm

Ok, I am trying yunohost tools upgrade --system

rodinux · August 31, 2020, 7:47pm

Ok, now I have install a Yunohost 4.0.6 stable, but I always have an issue with smtp… Perhaps I need to reboot the server before ?

Aleks · August 31, 2020, 7:53pm

Can you retell exactly what error message you are referring to

rodinux · August 31, 2020, 8:02pm

I had before configure my mail adress with Thunderbird on my personal computer and also with K9mail with my phone, but I have a message know which say it could not connect to the server. I can send mails from Thunderbird with adresses I still have let, but they did not receive mails, and I have delete an mail adress that I can’t configure anymore…
I got this always on Jounalctl:

map-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0909006C:PEM routines:get_name:no start line: Expecting: DH PARAMETERS: user=<>, rip=XX.XXX.XX.XXX, lip=XX.XXX.XXX.XXX, session=<GlBH1jGuVVwlpw2W>

rodinux · August 31, 2020, 8:21pm

I think perhaps it is also a problem with the vpn config. When I reboot the ipv6 is not the one which is configured with the reverse dns, I have to try understand why…
Since I have keep my raspberry away (my box is HS) I have a problem with the ipv6 adress which became ending with ::2 but was before ending with ::42. I try add the correct .cube configuration on vpnclient, but I did not match. Just before on the afternoon, I could have make it well… but it did not match again ??
Ok, I think I have resolve the issue with vpnclient, now I see the good ipv6. But still a matter with the imap settings ??

rodinux · September 1, 2020, 1:36pm

Ok, with the new release 4.0.6.1, it is resolve ! Thanks a lot !

system · September 16, 2020, 1:36pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.