Avant, je n’avais pas ça sur le rapport journalier de Logwatch :

[code]--------------------- Dovecot Begin ------------------------

Dovecot disconnects:
Inactivity: 5 Time(s)
Logged out in=2558 out=2531: 1 Time(s)
in IDLE: 30 Time(s)

Unmatched Entries
dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=256: warning close notify [192.168.0.254]: 1 Time(s)
dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [192.168.0.254]: 26 Time(s)
dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [37.160.203.113]: 1 Time(s)
dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [37.163.169.242]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.254]: 30 Time(s)
dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [37.160.203.113]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [37.161.137.170]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [37.163.169.242]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.0.254]: 30 Time(s)
dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [37.160.203.113]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [37.161.137.170]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [37.163.169.242]: 1 Time(s)
d[/code]
37.160 à 163.X.X : C’est FreeMobile et j’en déduis donc que c’est mon smart qui produit ça à chaque recherche de mail. Je ne m’en inquiète pas outre mesure.
Mais pourquoi avant les misères que m’a fait mon passage à Wheezy :
https://www.debian-fr.org/quelqu-un-pour-m-aider-a-configurer-smtp-sur-seveur-perso-t46102.html
je n’avais pas ces lignes

Peut-être était-il moins prudent avant la mise à jour?

Super fil en tout cas, on en apprend beaucoup!

Ces logs ne correspondent pas aux anciens ? (càd quand dovecot était mal configuré. Compares les dates.)

Sinon que donne la commande :

openssl x509 -noout -text -in /etc/dovecot/dovecot.pem ?

=> est-ce que le Common Name correspond bien au nom d’hôte que tu as mis dans le champs hôte pour l’imap de icedove ?

Je dois sortir cet AM mais je vérifie tout ça dans la soirée.
J’ai coupé mon tel mobile hier et j’ai autant d’alertes aujourd’hui :
Je commence à me poser des questions.
Voici la totalité des alertes de ce jour sur Logwatch, concernant Dovecot :

[code]Unmatched Entries
dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=256: warning close notify [192.168.0.254]: 1 Time(s)
dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [192.168.0.254]: 10 Time(s)
dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.254]: 28 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [37.160.42.50]: 2 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [37.160.85.217]: 2 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A [192.168.0.254]: 13 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A [192.168.0.254]: 13 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.254]: 28 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [37.160.42.50]: 2 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [37.160.85.217]: 2 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [192.168.0.254]: 10 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: unknown state [37.160.85.217]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [192.168.0.254]: 14 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [37.160.42.50]: 1 Time(s)
dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [37.160.85.217]: 1 Time(s)

---------------------- Dovecot End ------------------------- [/code]

En fait ces alerts ne sont que des warnings. C’est normal car le certificat ssl est auto-signé (c’est comme pour le https avec la page d’avertisssement dans les navigateurs).

Par contre dans le fichier /etc/dovecot/conf.d/10-ssl.conf si tu commente le paramètre verbose_ssl = yes ,
tu ne devrais plus avoir ces warnings ssl dans les logs.

Ok, j’ai commenté.
C’est toi qui m’avais conseillé d’ajouter cette ligne et je ne m’en souvenais pas.
Attente réponse demain.
Merci, je mets en ‘résolu’ car ça semble évident en effet.

[quote=“fluo”]Ces logs ne correspondent pas aux anciens ? (càd quand dovecot était mal configuré. Compares les dates.)

Sinon que donne la commande :

openssl x509 -noout -text -in /etc/dovecot/dovecot.pem ?

=> est-ce que le Common Name correspond bien au nom d’hôte que tu as mis dans le champs hôte pour l’imap de icedove ?[/quote]
Mêmes ‘warning’ ce matin.
Avant la réparation, les alertes n’étaient pas les mêmes et concernaient exclusivement potfix :

Nov 24 05:19:08 serveur postfix/smtpd[4256]: warning: TLS library problem: 4256:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722: Nov 24 05:19:08 serveur postfix/smtpd[4256]: warning: SASL: Connect to private/auth failed: No such file or directory Nov 24 05:19:08 serveur postfix/smtpd[4256]: fatal: no SASL authentication mechanisms Nov 24 05:19:09 serveur postfix/master[3315]: warning: process /usr/lib/postfix/smtpd pid 4256 exit status 1 Nov 24 05:19:09 serveur postfix/master[3315]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Nov 24 05:33:24 serveur postfix/smtpd[4266]: warning: cannot get RSA certificate from file /etc/ssl/certs/ssl-cert-snakeoil.pem: disabling TLS support

La commande suivante n’est pas recevable :

Pour cette question, peux-tu préciser STP :

Que donne postconf -n et dovecot -n ?

postconf -n

serveur:~# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix home_mailbox = Maildir/ inet_interfaces = all inet_protocols = ipv4 mailbox_size_limit = 0 mydestination = rictux.fr, localhost.rictux.fr, localhost mydomain = rictux.fr myhostname = rictux.fr myorigin = $mydomain readme_directory = no recipient_delimiter = + relayhost = smtp_tls_note_starttls_offer = yes smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, sleep 1, reject_unauth_pipelining smtpd_helo_restrictions = reject_invalid_helo_hostname smtpd_recipient_restrictions = reject_unlisted_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unlisted_sender, reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender smtpd_tls_cert_file = /etc/postfix/tls/cert.pem smtpd_tls_key_file = /etc/postfix/tls/key.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
dovecot -n

[code]serveur:~# dovecot -n

2.1.7: /etc/dovecot/dovecot.conf

OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.2

auth_mechanisms = plain login
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox “Sent Messages” {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = ricardo
}
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
[/code]

[quote=“ricardo”]Nov 24 05:19:08 serveur postfix/smtpd[4256]: warning: TLS library problem: 4256:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:722: Nov 24 05:19:08 serveur postfix/smtpd[4256]: warning: SASL: Connect to private/auth failed: No such file or directory Nov 24 05:19:08 serveur postfix/smtpd[4256]: fatal: no SASL authentication mechanisms Nov 24 05:19:09 serveur postfix/master[3315]: warning: process /usr/lib/postfix/smtpd pid 4256 exit status 1 Nov 24 05:19:09 serveur postfix/master[3315]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Nov 24 05:33:24 serveur postfix/smtpd[4266]: warning: cannot get RSA certificate from file /etc/ssl/certs/ssl-cert-snakeoil.pem: disabling TLS support [/quote]
=> 24 nov 05:19:08, une fois de plus, ça correspond à des anciens logs, càd à l’époque où ta configuration postfix était mal configuré. Logwatch fait des siennes, et je ne connais pas logwatch.

Tu as raison, d’ailleurs, aucune alerte ce matin
Allez, c’est résolu une fois pour toutes concernant ce ‘warning’.
Merci encore.