Cannot send or receive email after attempting to use SSL certificate

Dovecot version 1.0.7
Postfix Version 2.3.3
Centos 5.11
Webmin version 1.73
Virtualmin version 4.14

Email was working fine, however I’m currently unable to send or receive email, this all started after attempting to copy the SSL certificate from a domain over to dovecot and postfix (under server configuration -> manage SSL certificate).

When I look in /var/log/maillog, i see the following error messages which I think are pertinent:

Feb 18 18:16:54 ns1 dovecot: pop3-login: Can’t set cipher list to ‘ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM’: error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command

Feb 18 18:16:54 ns1 dovecot: child 18014 (login) returned error 89

Can anyone provide any advice?

I was able to “fix” the problem and have connections again by commenting out the following line in /etc/dovecot.conf:

SSL ciphers to use

ssl_cipher_list = ECDHE-RSA-AES256-SHA384:AES256-SHA256:AES256-SHA256:RC4:HIGH:MEDIUM:+TLSv1:+TLSv1.1:+TLSv1.2:!MD5:!ADH:!aNULL:!eNULL:!NULL:!DH:!ADH:!EDH:!AESGCM

and replacing it with:

SSL ciphers to use

ssl_cipher_list = ALL:!LOW

That said, something tells me this is not right. Any advice would be greatly appreciated.

Howdy,

It sounds like Virtualmin is attempting to set the cipher list to something that isn’t working properly for Dovecot. You could try keeping that current cipher list, and perhaps adding this protocol list to that as well:

ssl_protocols = !SSlv2 !SSLv3

That should set it up with secure settings.

I’ll talk to Jamie to try and work out why it’s doing that… though I believe he’s aware of that issue and is working on a fix in a future Webmin/Virtualmin version.

-Eric