Error connecting to IMAP

[mkaito]

I went through the Complete Setup guide and configured a new mail server. I can't seem to connect to IMAP though.

SNM Version: v2.1.3

Nixos Version: 18.03

Relevant part of the config to reproduce:

{
    certificateScheme = 3;
    enableImap = true;
}

What I expected to happen:

Mail to sync

What happened:

Socket error: secure connect to adalind.mkaito.net (147.75.80.235:143): error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Relevant journald log:

imap-login: Error: Failed to initialize SSL server context: Couldn't parse DH parameters: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: DH PARAMETERS: user=<>, rip=88.21.81.204, lip=147.75.80.235, session=<WvvVak5qiI9YFVHM>

[mkaito]

Possibly relevant: https://dovecot.org/pipermail/dovecot/2017-December/110280.html

Might be an issue with the Dovecot module in nixpkgs.

[mkaito]

In addition: https://github.com/nixcloud/nixcloud-webservices/issues/21

[mkaito]

And I've confirmed that the following snippet fixes it:

{
  # Temporary fix for Dovecot 2.3
  security.dhparams = {
    enable = true;
    params = {
      dovecot = 2048;
    };
  };

  services.dovecot2.extraConfig = ''
    ssl_dh = </var/lib/dhparams/dovecot.pem
  '';

  systemd.services.dovecot2.requires = [ "dhparams-gen-dovecot.service" ];
  systemd.services.dovecot2.after = [ "dhparams-gen-dovecot.service" ];
}

But this should, of course, be fixed in the nixpkgs module.

[r-raymond]

Hi, thanks for using SNM. In theory this fix should be in SNM already. Could be that the the generation has timed out. Also the solution you propose is definitely cleaner. If you want to send a PR we could make this way more awesome.

[mkaito]

https://github.com/NixOS/nixpkgs/pull/39288

I'll see if I can get this merged upstream.