Apple iPadはDovecot経由でIMAPにアクセスできません。 SSLプロトコルはサポートされていません。

Apple iPadはDovecot経由でIMAPにアクセスできません。 SSLプロトコルはサポートされていません。

しばらく実行されてきたメールサーバーがあります。私の顧客のほとんどは、Apple以外のデバイスを使用したり、Webクライアントにアクセスしたりできます。新しい顧客がAppleアプリを使用して電子メールを読むことを好むので、今はこれらの障害に直面しています。彼らは最大のパフォーマンスを発揮する古いiPadを持っています。iOS 9.3.5。かなり古いことだと気づきました。

私の設定は最新のiOSでも動作しますか?

  • 以前のiOSデバイスでIMAPに接続しようとすると、次のメッセージが表示されます。間違い
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol
    Jan  8 17:59:40 host dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 0 secs): user=<>, rip=x.x.x.x, lip=y.y.y.y, TLS handshaking: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol, session=<7Ag79nIO3MBMFhjy>
    Jan  8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
    
  • RoundcubeとOutlookの場合、以下はログの結果です(両方とも同様)。クライアントの IMAP アクセスが正常に動作します。:
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: message repeated 2 times: [ imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data]
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
    Jan  8 18:19:14 host dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=421260, TLS, session=<9gkwPHMOyLNChwcP>
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify
    Jan  8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify
    Jan  8 18:19:14 host dovecot: imap([email protected])<421260><9gkwPHMOyLNChwcP>: Disconnected: Logged out in=316 out=1699 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=250 body_count=0 body_bytes=0</pre>
    

これは私の設定です。

  • Ubuntu 22.04.3 LTS
  • カーネル 5.15.0-91-一般
  • ピジョン2.3.16(7e2e900c1a)
  • OpenSSL 3.0.2
  • 証明書ロボット 2.8.0

構成ファイル

  • SSLの設定
    $ cat /etc/dovecot/conf.d/10-ssl.conf
    ssl = yes
    verbose_ssl = yes
    ssl_cert = &lt;/etc/letsencrypt/live/host.domain.net/fullchain.pem
    ssl_key = &lt;/etc/letsencrypt/live/host.domain.net/privkey.pem
    ssl_client_ca_dir = /etc/ssl/certs
    ssl_dh = &lt;/etc/ssl/private/dhparam.pem
    # I've also tried: ssl_min_protocol = TLSv1.3
    ssl_min_protocol = TLSv1.2
    # I've also tried: SSL ciphers to use, the default is:
    #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
    # To disable non-EC DH, use:
    ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH</pre>
    
  • 鳩ロフト:
    $ cat /etc/dovecot/conf.d/10-master.conf
    service imap-login {
      inet_listener imap {
        port = 0
      }
      inet_listener imaps {
        port = 993
        ssl = yes
      }
    }
    service pop3-login {
      inet_listener pop3 {
        port = 0
      }
      inet_listener pop3s {
        port = 995
        ssl = yes
      }
    }
    service lmtp {
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
        mode = 0600
        user = postfix
        group = postfix
      }
    }
    service imap {
    }
    service pop3 {
    }
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        mode = 0666
        user = postfix
        group = postfix
      }
      unix_listener auth-userdb {
        mode = 0600
        user = vmail
      }
      user = dovecot
    }
    service auth-worker {
      user = vmail
    }
    service dict {
      unix_listener dict {
      }
    }
    

SSLラボテスト結果

包括的な評価。いくつかのハイライト構成部分。

規約
TLS1.3 はい
TLS1.2 はい
TLS1.1 いいえ
TLS1.0 いいえ
SSL 3 いいえ
SSL2 いいえ
暗号スイート - TLS 1.3(サーバーのデフォルト設定なし)
TLS_AES_128_GCM_SHA256(0x1301) ECDH x25519(3072 ビット RSA) FS 128
TLS_AES_256_GCM_SHA384(0x1302) ECDH x25519(3072 ビット RSA) FS 256
TLS_CHACHA20_POLY1305_SHA256(0x1303)ECDH x25519(3072ビットRSAに対応)FS 256
暗号スイート - TLS 1.2(サーバーのデフォルト設定なし)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xc02b)ECDH secp521r1(15360ビットRSAに対応)FS 128 128
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xc02c)ECDH secp521r1(15360ビットRSAに対応)FS 256 256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xcca9)ECDH secp521r1(15360ビットRSAに対応)FS 256 256

関連情報