Hi,
The long version, I have 2 dovecot (2 postfix for submission and 2 nginx for webmail --those a re related -- ) servers behind relayd, both were running 2.3.4 on Debian 9 (stretch). Yesterday I upgraded one of the servers to Debian 10 (buster), with the same version of dovecot (I picked the previous one from sterch-backports)
The minute the server restarted relayd failed the check for pop3s (port 995), for with the chedck was a send expecting +OK over ssl. Not only that, but both https servers (the nginx mentioned above, nothig has changed on those for quiet sometime)
I started if with -dv expecting more information but there was nothing more that what was int the logs, it juste kept saying that relayd has quit .
meanwhile in dovecot kept logging this message every time relayd tried to check the service :
Oct 2 16:42:53 mail02 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=172.31.2.3, lip=172.31.2.38, TLS handshaking: SSL_accept() failed: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter: SSL alert number 47, session=<RUFDLbawCn+sHwID>
The other mail server I didn't upgrade, while relayd was running the same check (SEND expect +OK over ssl) didn't fail.
I changed the check to a simple tcp_connect and the problem went away.
The only thing that I can think of, tha has chaned, and is relevant is the version of openssl on debian (1.1.0l -> 1.1.1d)
Hi, The long version, I have 2 dovecot (2 postfix for submission and 2 nginx for webmail --those a re related -- ) servers behind relayd, both were running 2.3.4 on Debian 9 (stretch). Yesterday I upgraded one of the servers to Debian 10 (buster), with the same version of dovecot (I picked the previous one from sterch-backports)
The minute the server restarted relayd failed the check for pop3s (port 995), for with the chedck was a send expecting +OK over ssl. Not only that, but both https servers (the nginx mentioned above, nothig has changed on those for quiet sometime) I started if with -dv expecting more information but there was nothing more that what was int the logs, it juste kept saying that relayd has quit .
meanwhile in dovecot kept logging this message every time relayd tried to check the service :
Oct 2 16:42:53 mail02 dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=172.31.2.3, lip=172.31.2.38, TLS handshaking: SSL_accept() failed: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter: SSL alert number 47, session=<RUFDLbawCn+sHwID>
The other mail server I didn't upgrade, while relayd was running the same check (SEND expect +OK over ssl) didn't fail.
I changed the check to a simple tcp_connect and the problem went away. The only thing that I can think of, tha has chaned, and is relevant is the version of openssl on debian (1.1.0l -> 1.1.1d)