Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Dovecot SSL issues

Discussion in 'Security' started by madnoob2, Apr 11, 2018.

  1. madnoob2

    madnoob2 Member

    Joined:
    Apr 18, 2017
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Croatia
    cPanel Access Level:
    Root Administrator
    Hello,

    after I migrated my cPanel to a new server I'm getting dovecot IMAP errors when using the 993 SSL port.
    Apr 11 23:22:35 localhost dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=myip, lip=myip, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<eN3ZPJlpjIVe/bJ2>

    Does anyone know what the issue is here? It all worked perfectly fine on the older server (same cp version - latest)

    // I used the transfer tool to transfer everything (including exim settings).
     
  2. PenguinInternet

    PenguinInternet Well-Known Member
    PartnerNOC

    Joined:
    Jun 20, 2007
    Messages:
    175
    Likes Received:
    11
    Trophy Points:
    68
    Location:
    Cardiff, UK
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    On new servers, only TLS v1.2 is enabled as standard therefore you need to preferably ensure that your mail client supports and uses this protocol instead of the older SSL protocols which are now deemed to be insecure. Alternatively you can add support for older versions of TLS (v1.0 / 1.1) if needed by editing the mailserver configuation
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. madnoob2

    madnoob2 Member

    Joined:
    Apr 18, 2017
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Croatia
    cPanel Access Level:
    Root Administrator
    Could you please provide me with the dovecot ssl settings as well as exim's ? I messed around with it , my dovecot looks like this : !SSLv2 !SSLv3 !TLSv1 !TLSv1.1

    And exim : +no_sslv2 +no_sslv3

    Is that correct?

    I realized that all the clients will have to re-add their mails onto their client as something got messed up there during the transition.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,660
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    As noted in the previous response, the system enables Transport Layer Security (TLS) protocol version 1.2 on new installations of cPanel & WHM starting with version 68. This is noted at:

    68 Release Notes - Version 68 Documentation - cPanel Documentation

    Can you verify which Operating System and email client are you using when encountering this error message?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. madnoob2

    madnoob2 Member

    Joined:
    Apr 18, 2017
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Croatia
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    While I can confirm one, I can't confirm for other clients. My own phone that runs on iOS 8 (I know, outdated) had issues with the migration, but before that on our old host (v68 as well) everything worked fine.
    After the migration on new host it got messy, but removing the mail and adding it again in the client worked fine. Could you point me to default settings for dovecot + exim regarding the SSL settings?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,660
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The TLS changes are only enabled by default on new installations of cPanel. Thus, if the previous server was updated to cPanel & WHM 68 from a previous server, the TLS changes would not have been enabled automatically.

    We provide these values at:

    How to Adjust Cipher Protocols - cPanel Knowledge Base - cPanel Documentation

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice