Could not use SSL mode to ues docker email with DDNS

[suli3]

Hey:

I wanna set a email server with SSL at home, but the 80 port not open by Telecom operator, so i used acme.sh with DNS mode to get the letsencrypt pem certificate for SSL. The test on https://www.checktls.com/TestReceiver looks okay.

··· seconds		test stage and result
[000.265]		Connected to server
[001.222]	<--	220 mail.esradio.cc ESMTP Postfix (Debian)
[001.222]		We are allowed to connect
[001.223]	-->	EHLO www6.CheckTLS.com
[001.501]	<--	250-mail.esradio.cc250-PIPELINING250-SIZE 10240000250-ETRN250-STARTTLS250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250 SMTPUTF8
[001.501]		We can use this server
[001.501]		TLS is an option on this server
[001.502]	-->	STARTTLS
[001.767]	<--	220 2.0.0 Ready to start TLS
[001.767]		STARTTLS command works on this server
[002.326]		Connection converted to SSL
		SSLVersion in use: TLSv1_2
		Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
		Certificate 1 of 3 in chain: Cert VALIDATED: ok
		Cert Hostname VERIFIED (mail.esradio.cc = mail.esradio.cc | DNS:mail.esradio.cc)
		Not Valid Before: Aug 8 15:02:17 2019 GMT
		Not Valid After: Nov 6 15:02:17 2019 GMT
		subject= /CN=mail.esradio.cc
		issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
		Certificate 2 of 3 in chain: Cert VALIDATED: ok
		Not Valid Before: Mar 17 16:40:46 2016 GMT
		Not Valid After: Mar 17 16:40:46 2021 GMT
		subject= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
		issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
		Certificate 3 of 3 in chain: Cert VALIDATED: ok
		Not Valid Before: Sep 30 21:12:19 2000 GMT
		Not Valid After: Sep 30 14:01:15 2021 GMT
		subject= /O=Digital Signature Trust Co./CN=DST Root CA X3
		issuer= /O=Digital Signature Trust Co./CN=DST Root CA X3
[002.405]	~~>	EHLO www6.CheckTLS.com
[002.669]	<~~	250-mail.esradio.cc250-PIPELINING250-SIZE 10240000250-ETRN250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250 SMTPUTF8
[002.669]		TLS successfully started on this server
[002.669]	~~>	MAIL FROM:test@checktls.com
[002.969]	<~~	250 2.1.0 Ok
[002.970]		Sender is OK
[002.970]	~~>	QUIT
[003.235]	<~~	221 2.0.0 Bye

··· But, I still could use my account with foxmail, and the server could not get the loggin account information.

mail    | Aug  9 22:27:03 mail postfix/postscreen[1017]: CONNECT from [192.168.123.1]:62824 to [172.26.0.2]:25
mail    | Aug  9 22:27:03 mail postfix/postscreen[1017]: HANGUP after 0.01 from [192.168.123.1]:62824 in tests before SMTP handshake
mail    | Aug  9 22:27:03 mail postfix/postscreen[1017]: DISCONNECT [192.168.123.1]:62824
mail    | Aug  9 22:27:03 mail dovecot: imap-login: Disconnected (disconnected before auth was ready, waited 0 secs): user=<>, rip=192.168.123.1, lip=172.26.                                                    0.2, session=<qNPa96+PZfXAqHsB>
mail    | Aug  9 22:27:03 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.123.1, lip=172.26.0.2, TLS handshaking: C                                                    onnection closed, session=<GyDb96+PZPXAqHsB>
mail    | Aug  9 22:27:07 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.123.1, lip=172.26.0.2, TLS handshaking: S                                                    SL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher, session=</tcY+K+Pa/XAqHsB>

my docker-compose.yml is like below:

version: '2'
services:
  mail:
    image: tvial/docker-mailserver:latest
    hostname: mail
    domainname: esradio.cc
    container_name: mail
    ports:
    - "25:25"
    - "143:143"
    - "465:465"
    - "587:587"
    - "993:993"
    volumes:
    - ./maildata:/var/mail
    - ./mailstate:/var/mail-state
    - ./config/:/tmp/docker-mailserver/
    - /etc/localtime:/etc/localtime:ro
    - /etc/letsencrypt:/etc/letsencrypt/live/mail.esradio.cc/:ro
    environment:
    - DMS_DEBUG=1
    - ENABLE_CLAMAV=0
    - ONE_DIR=1
    - ENABLE_POP3=0
    - ENABLE_FAIL2BAN=0
    - ENABLE_MANAGESIEVE=0
    - SSL_TYPE=letsencrypt
    - PERMIT_DOCKER=network
    - SPOOF_PROTECTION=0
    cap_add:
    - NET_ADMIN
    - SYS_PTRACE
    restart: always
# volumes:
#   maildata:
#     driver: local
#   mailstate:
#     driver: local

Your Environment

• Amount of RAM available: 1G
• Mailserver version used: latesst
• Docker version used:

  
  [root@c7docker1 mailserver]# docker version
  Client:
  Version:           18.09.7
  API version:       1.39
  Go version:        go1.10.8
  Git commit:        2d0083d
  Built:             Thu Jun 27 17:56:06 2019
  OS/Arch:           linux/amd64
  Experimental:      false

Server: Docker Engine - Community Engine: Version: 18.09.7 API version: 1.39 (minimum version 1.12) Go version: go1.10.8 Git commit: 2d0083d Built: Thu Jun 27 17:26:28 2019 OS/Arch: linux/amd64 Experimental: false [root@c7docker1 mailserver]#

I have struggel it for 2 weeks... for the letsencrypt key, but now the key seems okay, but the email server still could not be used with SSL. **(without SSL is okay)** 

the start up information shows below:

[root@c7docker1 mailserver]# docker-compose up mail Creating network "mailserver_default" with the default driver Creating mail ... done Attaching to mail mail | 2019-08-09 22:25:37,261 CRIT Supervisor running as root (no user in config file) mail | 2019-08-09 22:25:37,261 INFO Included extra file "/etc/supervisor/conf.d/saslauth.conf" during parsing mail | 2019-08-09 22:25:37,261 INFO Included extra file "/etc/supervisor/conf.d/supervisor-app.conf" during parsing mail | 2019-08-09 22:25:37,350 INFO RPC interface 'supervisor' initialized mail | 2019-08-09 22:25:37,350 CRIT Server 'unix_http_server' running without any HTTP authentication checking mail | 2019-08-09 22:25:37,356 INFO supervisord started with pid 1 mail | 2019-08-09 22:25:38,365 INFO spawned: 'mailserver' with pid 8 mail | mail | # mail | 2019-08-09 22:25:38,446 INFO success: mailserver entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | # mail | # ENV mail | # mail | # mail | mail | FETCHMAIL_POLL=300 mail | POSTGREY_DELAY=300 mail | SASLAUTHD_MECHANISMS=pam mail | SPOOF_PROTECTION=0 mail | HOSTNAME=mail.esradio.cc mail | ENABLE_MANAGESIEVE=0 mail | PERMIT_DOCKER=network mail | PWD=/ mail | HOME=/root mail | DMS_DEBUG=1 mail | ENABLE_FAIL2BAN=0 mail | SSL_TYPE=letsencrypt mail | SUPERVISOR_PROCESS_NAME=mailserver mail | SUPERVISOR_ENABLED=1 mail | ENABLE_POSTGREY=0 mail | VIRUSMAILS_DELETE_DELAY=7 mail | SASLAUTHD_MECH_OPTIONS= mail | SHLVL=1 mail | SUPERVISOR_GROUP_NAME=mailserver mail | ENABLE_CLAMAV=0 mail | POSTGREY_AUTO_WHITELIST_CLIENTS=5 mail | PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin mail | POSTGREY_TEXT=Delayed by postgrey mail | ONE_DIR=1 mail | SUPERVISOR_SERVER_URL=unix:///dev/shm/supervisor.sock mail | POSTGREY_MAX_AGE=35 mail | ENABLEPOP3=0 mail | =/usr/bin/printenv mail | mail | # mail | # mail | # docker-mailserver mail | # mail | # mail | mail | Initializing setup mail | Registering check,setup,fix,misc and start-daemons functions mail | _check_environment_variables() registered mail | _check_hostname() registered mail | _setup_default_vars() registered mail | _setup_dovecot() registered mail | _setup_dovecot_dhparam() registered mail | _setup_dovecot_local_user() registered mail | _setup_dkim() registered mail | _setup_ssl() registered mail | _setup_docker_permit() registered mail | _setup_mailname() registered mail | _setup_amavis() registered mail | _setup_dmarc_hostname() registered mail | _setup_postfix_hostname() registered mail | _setup_dovecot_hostname() registered mail | _setup_postfix_sasl() registered mail | _setup_postfix_override_configuration() registered mail | _setup_postfix_sasl_password() registered mail | _setup_security_stack() registered mail | _setup_postfix_aliases() registered mail | _setup_postfix_vhost() registered mail | _setup_postfix_dhparam() registered mail | _setup_postfix_postscreen() registered mail | _setup_postfix_sizelimits() registered mail | _setup_postfix_access_control() registered mail | _setup_environment() registered mail | _setup_logrotate() registered mail | _setup_chksum_file() registered mail | _fix_var_mail_permissions() registered mail | _fix_var_amavis_permissions() registered mail | _fix_cleanup_clamav() registered mail | _misc_save_states() registered mail | _start_daemons_cron() registered mail | _start_daemons_rsyslog() registered mail | _start_daemons_dovecot() registered mail | _start_daemons_opendkim() registered mail | _start_daemons_opendmarc() registered mail | _start_daemons_postfix() registered mail | _start_changedetector() registered mail | _start_daemons_amavis() registered mail | Checking configuration mail | Check that there are no conflicts with env variables [_check_environment_variables] mail | Check that hostname/domainname is provided or overidden (no default docker hostname/kubernetes) [_check_hostname] mail | Domain has been set to esradio.cc mail | Hostname has been set to mail.esradio.cc mail | Configuring mail server mail | Setting up default variables [_setup_default_vars] mail | Set POSTFIX_MESSAGE_SIZE_LIMIT=10240000 mail | Set ENABLE_LDAP=0 mail | Set OVERRIDE_HOSTNAME= mail | Set DMS_DEBUG=1 mail | Set POSTFIX_MAILBOX_SIZE_LIMIT=0 mail | Set ENABLE_CLAMAV=0 mail | Set POSTGREY_AUTO_WHITELIST_CLIENTS=5 mail | Set ENABLE_FAIL2BAN=0 mail | Set FETCHMAIL_POLL=300 mail | Set TLS_LEVEL=modern mail | Set ENABLE_SPAMASSASSIN=0 mail | Set DOVECOT_TLS=no mail | Set REPORT_RECIPIENT=0 mail | Set POSTGREY_DELAY=300 mail | Set POSTGREY_TEXT=Delayed by postgrey mail | Set ENABLE_POSTGREY=0 mail | Set POSTGREY_MAX_AGE=35 mail | Set POSTMASTER_ADDRESS=postmaster@esradio.cc mail | Set ENABLE_FETCHMAIL=0 mail | Set REPORT_SENDER=mailserver-report@mail.esradio.cc mail | Set REPORT_INTERVAL=daily mail | Set ENABLE_MANAGESIEVE=0 mail | Set VIRUSMAILS_DELETE_DELAY=7 mail | Set ENABLE_SRS=0 mail | Set POSTSCREEN_ACTION=enforce mail | Set ENABLE_POP3=0 mail | Set ENABLE_SASLAUTHD=0 mail | Set SMTP_ONLY=0 mail | Set LDAP_START_TLS=no mail | Set SPOOF_PROTECTION=0 mail | Setting up Dovecot mail | Setting up Dovecot dhparam mail | Use dovecot dhparams that was generated previously mail | Setting up Dovecot Local User mail | Checking file line endings mail | Regenerating postfix user list mail | * user 'test1' for domain 'esradio.cc' with password '****' mail | * user 'test2' for domain 'esradio.cc' with password '****' mail | Setting up DKIM mail | DKIM keys added for: esradio.cc mail | Changing permissions on /etc/opendkim mail | Setting up SSL mail | TLS configured with 'modern' ciphers mail | Adding mail.esradio.cc SSL certificate mail | SSL configured with 'letsencrypt' certificates mail | Setting up PERMIT_DOCKER Option mail | Adding docker network in my networks mail | Setting up Mailname mail | Creating /etc/mailname mail | Setting up Amavis mail | Applying hostname to /etc/amavis/conf.d/05-node_id mail | Setting up dmarc mail | Applying hostname to /etc/opendmarc.conf mail | Applying hostname and domainname to Postfix mail | Applying hostname to /etc/postfix/main.cf mail | Applying hostname to Dovecot mail | Applying hostname to /etc/dovecot/conf.d/15-lda.conf mail | Setting up Postfix Override configuration mail | No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided. mail | No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' not provided. mail | set the compatibility level to 2 mail | Setting up Postfix SASL Password mail | Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created. mail | Setting up Security Stack mail | Spamassassin is disabled. You can enable it with 'ENABLE_SPAMASSASSIN=1' mail | Clamav is disabled. You can enable it with 'ENABLE_CLAMAV=1' mail | Setting up Postfix Aliases mail | Warning 'config/postfix-virtual.cf' is not provided. No mail alias/forward created. mail | Configuring root alias mail | Setting up Postfix vhost mail | Setting up Postfix dhparam mail | Use dhparams that was generated previously mail | Configuring postscreen mail | Configuring postfix message size limit mail | Configuring postfix mailbox size limit mail | Configuring user access mail | Setting up /etc/environment mail | Setting up logrotate mail | Setting postfix summary interval to daily mail | Setting up configuration checksum file mail | /tmp/docker-mailserver / mail | Creating /tmp/docker-mailserver-config-chksum mail | / mail | Checking /var/mail permissions mail | Permissions in /var/mail look OK mail | Checking $amavis_state_dir permissions mail | Permissions in /var/mail-state/lib-amavis look OK mail | Cleaning up disabled Clamav mail | Starting Misc mail | Consolidating all state onto /var/mail-state mail | Destination /var/mail-state/spool-postfix exists, linking /var/spool/postfix to it mail | Destination /var/mail-state/lib-postfix exists, linking /var/lib/postfix to it mail | Destination /var/mail-state/lib-amavis exists, linking /var/lib/amavis to it mail | Destination /var/mail-state/lib-clamav exists, linking /var/lib/clamav to it mail | Destination /var/mail-state/lib-spamassassin exists, linking /var/lib/spamassassin to it mail | Destination /var/mail-state/lib-fail2ban exists, linking /var/lib/fail2ban to it mail | Destination /var/mail-state/lib-postgrey exists, linking /var/lib/postgrey to it mail | Destination /var/mail-state/lib-dovecot exists, linking /var/lib/dovecot to it mail | Fixing /var/mail-state/ permissions mail | Starting mail server mail | Starting cron2019-08-09 22:25:45,151 INFO spawned: 'cron' with pid 161 mail | 2019-08-09 22:25:45,153 INFO success: cron entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | cron: started mail | Starting rsyslog 2019-08-09 22:25:45,978 INFO spawned: 'rsyslog' with pid 163 mail | 2019-08-09 22:25:45,979 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | rsyslog: started mail | Starting dovecot services2019-08-09 22:25:46,817 INFO spawned: 'dovecot' with pid 167 mail | 2019-08-09 22:25:46,818 INFO success: dovecot entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | dovecot: started mail | Starting opendkim 2019-08-09 22:25:47,671 INFO spawned: 'opendkim' with pid 174 mail | 2019-08-09 22:25:47,672 INFO success: opendkim entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | opendkim: started mail | Starting opendmarc 2019-08-09 22:25:48,510 INFO spawned: 'opendmarc' with pid 182 mail | 2019-08-09 22:25:48,511 INFO success: opendmarc entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | opendmarc: started mail | Starting postfix2019-08-09 22:25:49,373 INFO spawned: 'postfix' with pid 189 mail | 2019-08-09 22:25:49,392 INFO success: postfix entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | postfix: started mail | Starting changedetector2019-08-09 22:25:50,317 INFO spawned: 'changedetector' with pid 298 mail | 2019-08-09 22:25:50,318 INFO success: changedetector entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | changedetector: started mail | Starting amavis2019-08-09 22:25:51,243 INFO spawned: 'amavis' with pid 432 mail | 2019-08-09 22:25:51,244 INFO success: amavis entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) mail | amavis: started mail | mail | # mail | # mail.esradio.cc is up and running mail | # mail | mail | Aug 9 22:25:53 mail amavis[432]: starting. /usr/sbin/amavisd-new at mail.esradio.cc amavisd-new-2.10.1 (20141025), Unicode aware mail | Aug 9 22:25:53 mail amavis[432]: Net::Server: Group Not Defined. Defaulting to EGID '111 111' mail | Aug 9 22:25:53 mail amavis[432]: Net::Server: User Not Defined. Defaulting to EUID '109' mail | Aug 9 22:25:53 mail amavis[432]: Module Amavis::Conf 2.404 mail | Aug 9 22:25:53 mail amavis[432]: Module Archive::Zip 1.59 mail | Aug 9 22:25:53 mail amavis[432]: Module BerkeleyDB 0.55 mail | Aug 9 22:25:53 mail amavis[432]: Module Compress::Raw::Zlib 2.069 mail | Aug 9 22:25:53 mail amavis[432]: Module Compress::Zlib 2.069001 mail | Aug 9 22:25:53 mail amavis[432]: Module Digest::MD5 2.54 mail | Aug 9 22:25:53 mail amavis[432]: Module Encode 2.80_01 mail | Aug 9 22:25:53 mail amavis[432]: Module File::Temp 0.2304 mail | Aug 9 22:25:53 mail amavis[432]: Module IO::Socket::IP 0.37 mail | Aug 9 22:25:53 mail amavis[432]: Module MIME::Entity 5.508 mail | Aug 9 22:25:53 mail amavis[432]: Module MIME::Parser 5.508 mail | Aug 9 22:25:53 mail amavis[432]: Module MIME::Tools 5.508 mail | Aug 9 22:25:53 mail amavis[432]: Module Mail::Header 2.18 mail | Aug 9 22:25:53 mail amavis[432]: Module Mail::Internet 2.18 mail | Aug 9 22:25:53 mail amavis[432]: Module Net::LibIDN 0.12 mail | Aug 9 22:25:53 mail amavis[432]: Module Net::Server 2.008 mail | Aug 9 22:25:53 mail amavis[432]: Module Scalar::Util 1.4202 mail | Aug 9 22:25:53 mail amavis[432]: Module Socket 2.020_03 mail | Aug 9 22:25:53 mail amavis[432]: Module Time::HiRes 1.9733 mail | Aug 9 22:25:53 mail amavis[432]: Module Unix::Syslog 1.1 mail | Aug 9 22:25:53 mail amavis[432]: Amavis::ZMQ code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: Amavis::DB code loaded mail | Aug 9 22:25:53 mail amavis[432]: SQL base code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: SQL::Log code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: SQL::Quarantine NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: Lookup::SQL code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: Lookup::LDAP code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: AM.PDP-in proto code loaded mail | Aug 9 22:25:53 mail amavis[432]: SMTP-in proto code loaded mail | Aug 9 22:25:53 mail amavis[432]: Courier proto code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: SMTP-out proto code loaded mail | Aug 9 22:25:53 mail amavis[432]: Pipe-out proto code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: BSMTP-out proto code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: Local-out proto code loaded mail | Aug 9 22:25:53 mail amavis[432]: OS_Fingerprint code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: ANTI-VIRUS code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: ANTI-SPAM code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: ANTI-SPAM-EXT code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: ANTI-SPAM-C code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: ANTI-SPAM-SA code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: Unpackers code loaded mail | Aug 9 22:25:53 mail amavis[432]: DKIM code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: Tools code NOT loaded mail | Aug 9 22:25:53 mail amavis[432]: Found $file at /usr/bin/file mail | Aug 9 22:25:53 mail amavis[432]: No $altermime, not using it mail | Aug 9 22:25:53 mail amavis[432]: Internal decoder for .mail mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .Z at /bin/uncompress mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .gz at /bin/gzip -d mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .bz2 at /bin/bzip2 -d mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .xz at /usr/bin/xz -dc mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .lzma at /usr/bin/xz -dc --format=lzma mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .lrz at /usr/bin/lrzip -q -k -d -o - mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .lzo at /usr/bin/lzop -d mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .lz4 at /usr/bin/lz4c -d mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .rpm at /usr/bin/rpm2cpio mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .cpio at /bin/pax mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .tar at /bin/pax mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .deb at /usr/bin/ar mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .rar at /usr/bin/unrar-free mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .arj at /usr/bin/arj mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .arc at /usr/bin/nomarch mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .zoo at /usr/bin/zoo mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .doc at /usr/bin/ripole mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .cab at /usr/bin/cabextract mail | Aug 9 22:25:53 mail amavis[432]: Internal decoder for .tnef mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .zip at /usr/bin/7za mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .kmz at /usr/bin/7za mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .7z at /usr/bin/7zr mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .jar at /usr/bin/7z mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .swf at /usr/bin/7z mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .lha at /usr/bin/7z mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .iso at /usr/bin/7z mail | Aug 9 22:25:53 mail amavis[432]: Found decoder for .exe at /usr/bin/unrar-free; /usr/bin/arj mail | Aug 9 22:25:53 mail amavis[432]: No decoder for .F mail | Aug 9 22:25:53 mail amavis[432]: Deleting db files db.001,db.002,__db.003,snmp.db,nanny.db in /var/lib/amavis/db mail | Aug 9 22:25:53 mail amavis[432]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.55, libdb 5.3 mail | Aug 9 22:25:55 mail postfix/master[937]: daemon started -- version 3.1.12, configuration /etc/postfix

Anyone could help me with it please?

[erik-wramner]

I think your mail client settings are wrong. I can't understand the non-western characters, but you should use STARTTLS with port 587 for SMTP, not port 25 without STARTTLS. IMAP should use SSL with port 993, but the check box in front of the port is not selected. Not sure if it should be as I can't understand the glyph.

[suli3]

I think your mail client settings are wrong. I can't understand the non-western characters, but you should use STARTTLS with port 587 for SMTP, not port 25 without STARTTLS. IMAP should use SSL with port 993, but the check box in front of the port is not selected. Not sure if it should be as I can't understand the glyph.

Hi That's just a try setting, In fact, in the case of starting SSL, any configuration selection on the interface will almost get the same output, I posted it to you. I tried the same client with my other email, and the result is pass, and email box could be used. So i dont know what happend...

1. i got

mail    | Aug 10 18:47:47 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=182.149.197.139, lip=172.26.0.2, TLS handshaking: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher, session=<FBh/BcGPr+S2lcWL>

2. 

   
   mail    | Aug 10 18:51:58 mail dovecot: imap-login: Login failed: Plaintext authentication disabled: user=<>, rip=182.149.197.139, lip=172.26.0.2, session=<mfZ8FMGP1ty2lcWL>
   mail    | Aug 10 18:52:03 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 0 secs): user=<test1@esradio.cc>, rip=182.149.197.139, lip=172.26.0.2, session=<mfZ8FMGP1ty2lcWL>

3. 
![image](https://user-images.githubusercontent.com/1057425/62821020-2ae01200-bba0-11e9-8f6a-bb73d74226dd.png)

mail | Aug 10 18:53:19 mail dovecot: imap-login: Login failed: Plaintext authentication disabled: user=<>, rip=182.149.197.139, lip=172.26.0.2, session= mail | Aug 10 18:53:23 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 0 secs): user=test1@esradio.cc, rip=182.149.197.139, lip=172.26.0.2, session=

4. 
![image](https://user-images.githubusercontent.com/1057425/62821025-4d722b00-bba0-11e9-9821-926ec9445b0b.png)

mail | Aug 10 18:54:23 mail dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=182.149.197.139, lip=172.26.0.2, TLS handshaking: SSL_accept() failed: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher, session=<5lobHcGPq+O2lcWL>

[erik-wramner]

I think you have the answer in the logs this time: "SSL routines:tls_post_process_client_hello:no shared cipher". That means that the client fails to agree on a cipher with the server and the most likely reason is that the server insists on TLSv1.2 or better. The client apparently does not support that.

The best solution would be if you could upgrade your client (foxmail) and/or operating system. If for some reason you really need to use an older cipher you can edit the Dovecot SSL configuration file. It may be possible to override ssl_min_protocol in config/dovecot.cf and set it to TLSv1. There is a reason why the old ciphers have been deprecated, though.

[suli3]

I think you have the answer in the logs this time: "SSL routines:tls_post_process_client_hello:no shared cipher". That means that the client fails to agree on a cipher with the server and the most likely reason is that the server insists on TLSv1.2 or better. The client apparently does not support that.

The best solution would be if you could upgrade your client (foxmail) and/or operating system. If for some reason you really need to use an older cipher you can edit the Dovecot SSL configuration file. It may be possible to override ssl_min_protocol in config/dovecot.cf and set it to TLSv1. There is a reason why the old ciphers have been deprecated, though.

that works!! Thank you very much for your kindly help. I changed the .yml and add the TLS_LEVEL config to the environment

   - TLS_LEVEL=intermediate

[erik-wramner]

Great!