The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Permanent fix for POP/IMAP over SSL version error?

Discussion in 'General Discussion' started by jerrybell, Dec 14, 2007.

  1. jerrybell

    jerrybell Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Has anyone determined a way to permanently fix the TLS version issue (not sure if it's only FreeBSD or not) that requires the like TLS_PROTOCOL=3 to be changed to TLS_PROTOCOL=23 in imapd-ssl and pop3d-ssl?

    The file has been updated two days in a row, leaving it broken in the morning for me to fix. It seems like someone has probably already solved this. The courier configuration tab in WHM seems to have no bearing on the TLS_PROTOCOL setting.

    Thanks
     
  2. idealso

    idealso Active Member

    Joined:
    Mar 1, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    As near as I can tell, if you're using FreeBSD, you should be looking for something other than CPanel. I don't know about on any Linux distros, but on FreeBSD, it seems quite prone to breakage, even though CPanel say they support it.

    At the very least, make sure you do not allow it to do any automatic updates. And always, when you update your cpanel software, check for new automatic update settings, because they'll be set to on and break your box at the worst possible time.
     
  3. jerrybell

    jerrybell Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    Fantastic....

    I am using freebsd. To date, this is the only issue I've had, but it sounds like I may be lucky. I do have auto-updates turned on, and that is what's killing me. I'd like to keep them on, but am I to understand that a full set of tests are not performed for FreeBSD updates?
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Contrary to rumor, FreeBSD releases receive the same level of QA testing as the Linux releases. We support all supported distributions equally.

    Note that since the userbase for FreeBSD is far smaller than that of the various Linux Distros, issues that may slip past our QA team tend not to be noticed as quickly by users in the EDGE and CURRENT builds.
     
  5. idealso

    idealso Active Member

    Joined:
    Mar 1, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    The problem with the configuration manager writing incorrect configs for courier is a known and noted issue elsewhere in the forums. I don't see a bugtracker available, so I can't check there. However, I did note it to the tech that helped with upgrading the server to courier that the TLS_PROTOCOL setting was wrong (information I found elsewhere in the forums). The tech who fixed our completely broken imap yesterday also left TLS_PROTOCOL set incorrectly.

    I learned that automatic updates for packages were on yesterday, right before I was about to leave on vacation for the weekend. That does not at all make for a happy person. Isn't it likely that package updates might be broken if cpanel updates are off?

    Has CPanel considered dovecot? It seems more reliable and stable, handles mbox and maildir, and when something goes wrong, it actually gives error messages.

    Also, I just tried looking at the Changelog from the support page, but it just brings me to the forums.
     
  6. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  7. idealso

    idealso Active Member

    Joined:
    Mar 1, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    On http://www.cpanel.net/support/support.htm (which you get to if you click Support in the top menu instead of one of the drop-downs), "Changelog" is a link to the forums. It is correct in the drop-down menu at the top, though.
     
  8. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Thanks. I reported that to our Design department. It should be fixed soon.

    The build of Current and Edge that we released last night has once fix for the TLS/SSL drop downs in Courier Configuration. Previously, on FreeBSD, they weren't displaying anything. Feel free to enumerate other problems you know with this tool on FreeBSD.
     
  9. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Thanks for the head's up, I have notified our team of webmasters about the issue.
     
  10. kmpanilla

    kmpanilla Member

    Joined:
    Oct 24, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Wondering if anybody has had any luck on this issue? I have experienced the same thing on FreeBSD with 11.23.0-E24219.
     
  11. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    How do you have ssl configured in Courier Config in WHM?
     
  12. kmpanilla

    kmpanilla Member

    Joined:
    Oct 24, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    IMAP and POP3 are both set for: "Permit SSL v2 or v3 connections and TLSv1 connections".

    It appears that the files got overwritten a minute after /scripts/upcp cron started last night.

    The courier-imap-4.3.1,2 port is installed on this box.
     
  13. openaccess

    openaccess Active Member

    Joined:
    Jan 22, 2006
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    6
    auto-update on freebsd

    Yes, we bumped into this SSL config problem 6-8 months ago. I'd gripe, but we never filed a bug about it, and if nobody files a bug, cpanel can't fix it.

    I do wholeheartedly recommend setting auto-updates on freebsd to 'never' and only doing the updates manually once a month or so. There are issues like this that split through cpanel Q/A on freebsd from time to time, and it can really suck to wake up in the morning and realize all your boxes broke themselves in the middle of the night.

    Probably if all FBSD folks would file bugs more regularly when we notice things, we could all turn auto-update back on again one day.
     
  14. freedman

    freedman Well-Known Member

    Joined:
    Feb 13, 2005
    Messages:
    312
    Likes Received:
    1
    Trophy Points:
    18
    it looks like they're working on it. It's been mentioned in edge changelog.
    also, look in your /scripts folder.

    ls /scripts/*dovecot*
     
Loading...

Share This Page