Apple iPad는 Dovecot을 통해 IMAP에 액세스할 수 없습니다. SSL 프로토콜이 지원되지 않습니다.

한동안 실행되어 온 메일 서버가 있습니다. 내 고객 대부분은 Apple 이외의 기기를 사용하거나 웹 클라이언트에 액세스할 수 있습니다. 신규 고객이 Apple 앱을 사용하여 이메일을 읽는 것을 선호하기 때문에 지금은 이러한 장애물에 직면하고 있습니다. 그들은 최대 성능을 발휘하는 구형 iPad를 가지고 있습니다.iOS 9.3.5. 꽤 오래된 일이라는 것을 방금 깨달았습니다.

내 설정이 최신 iOS에서도 작동하나요?

• 이전 iOS 기기에서 IMAP 연결을 시도하면 다음 메시지가 나타납니다.실수.

  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version
  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error
  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol
  Jan  8 17:59:40 host dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 0 secs): user=<>, rip=x.x.x.x, lip=y.y.y.y, TLS handshaking: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol, session=<7Ag79nIO3MBMFhjy>
  Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
  

• Roundcube 및 Outlook의 경우 다음은 로그 결과입니다(둘 다 유사).클라이언트 IMAP 액세스가 제대로 작동합니다.:

  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
  Jan  8 18:19:14 host dovecot: message repeated 2 times: [ imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data]
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
  Jan  8 18:19:14 host dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=421260, TLS, session=<9gkwPHMOyLNChwcP>
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify
  Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify
  Jan  8 18:19:14 host dovecot: imap([email protected])<421260><9gkwPHMOyLNChwcP>: Disconnected: Logged out in=316 out=1699 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=250 body_count=0 body_bytes=0</pre>
  

이게 내 설정이야

• 우분투 22.04.3 LTS
• 커널 5.15.0-91-일반
• 비둘기장 2.3.16 (7e2e900c1a)
• OpenSSL 3.0.2
• 인증서 로봇 2.8.0

구성 파일

• SSL 구성

  $ cat /etc/dovecot/conf.d/10-ssl.conf
  ssl = yes
  verbose_ssl = yes
  ssl_cert = </etc/letsencrypt/live/host.domain.net/fullchain.pem
  ssl_key = </etc/letsencrypt/live/host.domain.net/privkey.pem
  ssl_client_ca_dir = /etc/ssl/certs
  ssl_dh = </etc/ssl/private/dhparam.pem
  # I've also tried: ssl_min_protocol = TLSv1.3
  ssl_min_protocol = TLSv1.2
  # I've also tried: SSL ciphers to use, the default is:
  #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
  # To disable non-EC DH, use:
  ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH</pre>
  

• 비둘기 로프트:

  $ cat /etc/dovecot/conf.d/10-master.conf
  service imap-login {
    inet_listener imap {
      port = 0
    }
    inet_listener imaps {
      port = 993
      ssl = yes
    }
  }
  service pop3-login {
    inet_listener pop3 {
      port = 0
    }
    inet_listener pop3s {
      port = 995
      ssl = yes
    }
  }
  service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
      mode = 0600
      user = postfix
      group = postfix
    }
  }
  service imap {
  }
  service pop3 {
  }
  service auth {
    unix_listener /var/spool/postfix/private/auth {
      mode = 0666
      user = postfix
      group = postfix
    }
    unix_listener auth-userdb {
      mode = 0600
      user = vmail
    }
    user = dovecot
  }
  service auth-worker {
    user = vmail
  }
  service dict {
    unix_listener dict {
    }
  }
  

SSL 랩 테스트 결과

포괄적인평가. 일부 하이라이트구성부분.