しばらく実行されてきたメールサーバーがあります。私の顧客のほとんどは、Apple以外のデバイスを使用したり、Webクライアントにアクセスしたりできます。新しい顧客がAppleアプリを使用して電子メールを読むことを好むので、今はこれらの障害に直面しています。彼らは最大のパフォーマンスを発揮する古いiPadを持っています。iOS 9.3.5。かなり古いことだと気づきました。
私の設定は最新のiOSでも動作しますか?
- 以前のiOSデバイスでIMAPに接続しようとすると、次のメッセージが表示されます。間違い。
Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL alert: where=0x4008, ret=582: fatal protocol version Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: error Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol Jan 8 17:59:40 host dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol (no auth attempts in 0 secs): user=<>, rip=x.x.x.x, lip=y.y.y.y, TLS handshaking: SSL_accept() failed: error:0A000102:SSL routines::unsupported protocol, session=<7Ag79nIO3MBMFhjy> Jan 8 17:59:40 host dovecot: imap-login: Debug: SSL error: SSL_accept() syscall failed: Invalid argument
- RoundcubeとOutlookの場合、以下はログの結果です(両方とも同様)。クライアントの IMAP アクセスが正常に動作します。:
Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data Jan 8 18:19:14 host dovecot: message repeated 2 times: [ imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data] Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully Jan 8 18:19:14 host dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, mpid=421260, TLS, session=<9gkwPHMOyLNChwcP> Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: TLSv1.3 early data Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: TLSv1.3 early data Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify Jan 8 18:19:14 host dovecot: imap-login: Debug: SSL alert: close notify Jan 8 18:19:14 host dovecot: imap([email protected])<421260><9gkwPHMOyLNChwcP>: Disconnected: Logged out in=316 out=1699 deleted=0 expunged=0 trashed=0 hdr_count=1 hdr_bytes=250 body_count=0 body_bytes=0</pre>
これは私の設定です。
- Ubuntu 22.04.3 LTS
- カーネル 5.15.0-91-一般
- ピジョン2.3.16(7e2e900c1a)
- OpenSSL 3.0.2
- 証明書ロボット 2.8.0
構成ファイル
- SSLの設定
$ cat /etc/dovecot/conf.d/10-ssl.conf ssl = yes verbose_ssl = yes ssl_cert = </etc/letsencrypt/live/host.domain.net/fullchain.pem ssl_key = </etc/letsencrypt/live/host.domain.net/privkey.pem ssl_client_ca_dir = /etc/ssl/certs ssl_dh = </etc/ssl/private/dhparam.pem # I've also tried: ssl_min_protocol = TLSv1.3 ssl_min_protocol = TLSv1.2 # I've also tried: SSL ciphers to use, the default is: #ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH # To disable non-EC DH, use: ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH</pre>
- 鳩ロフト:
$ cat /etc/dovecot/conf.d/10-master.conf service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 0 } inet_listener pop3s { port = 995 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } } service imap { } service pop3 { } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service auth-worker { user = vmail } service dict { unix_listener dict { } }
SSLラボテスト結果
包括的な評価。いくつかのハイライト構成部分。
規約 | |
---|---|
TLS1.3 | はい |
TLS1.2 | はい |
TLS1.1 | いいえ |
TLS1.0 | いいえ |
SSL 3 | いいえ |
SSL2 | いいえ |
暗号スイート - TLS 1.3(サーバーのデフォルト設定なし) | |
---|---|
TLS_AES_128_GCM_SHA256(0x1301) ECDH x25519(3072 ビット RSA) FS | 128 |
TLS_AES_256_GCM_SHA384(0x1302) ECDH x25519(3072 ビット RSA) FS | 256 |
TLS_CHACHA20_POLY1305_SHA256(0x1303)ECDH x25519(3072ビットRSAに対応)FS | 256 |
暗号スイート - TLS 1.2(サーバーのデフォルト設定なし) | |
---|---|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xc02b)ECDH secp521r1(15360ビットRSAに対応)FS 128 | 128 |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xc02c)ECDH secp521r1(15360ビットRSAに対応)FS 256 | 256 |
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256(0xcca9)ECDH secp521r1(15360ビットRSAに対応)FS 256 | 256 |