Submitted by synergos on Wed, 01/14/2015 - 15:36 Pro Licensee
CentOS Linux 5.11, Virtualmin Pro, ran an upgrade this morning and IMAP stopped working. SMTP and everything else is fine, but I can no longer connect to the IMAP Dovecot server
Status:
Active
Comments
Submitted by andreychek on Wed, 01/14/2015 - 16:04 Comment #1
Howdy -- what problem are you having when attempting to connect via IMAP? Are you receiving an error of some sort? If so, what error are you receiving? Also, do any errors show up in /var/log/maillog?
Submitted by synergos on Wed, 01/14/2015 - 18:49 Pro Licensee Comment #2
Was getting error: dovecot: imap-login: Can't set cipher list to 'ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM': error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command
Modified dovecot.conf as follows, now working. Am I screwing my security with this change?
ssl_cipher_list = ALL:!LOW
Submitted by andreychek on Wed, 01/14/2015 - 20:06 Comment #3
Ah, I think you were seeing a bug where Virtualmin could attempt to set the Dovecot cipher list to the same as Apache, and that won't always work.
While Jamie mentioned that the issue should be fixed in a future Virtualmin version, what you may want to do for now is to not set a Dovecot cipher, and to instead set this:
ssl_protocols = !SSlv2 !SSLv3That, without setting ciphers, would be a secure setup.