IMAP over SSL has stopped working, HELP :(

[JonathanMueller]

Hey guys,

I recently upgraded PLESK on my Debian Server (v 6.0.7) from 10.x to 11.5.30 Update #13.

Since then IMAP over SSL (Port 993) has stopped working. I'm only able to receive emails when they come over a non-SSL connection (Port 143).

What to do? Where can I see what's the problem? Has anyone else experienced this issue?

I don't want the NSA to read my emails :'(

I'm not an expert, once in a while I connect over ssh, so please explain everything

 

[JonathanMueller]

No one?

 

[Nikolay.]

To receive additional information watch # plesk log maillog while you attempt to connect over SSL. Most likely the issue is in missing certificates. Check parameters with 'CERT' in their name is /etc/courier-imap. Does STARTTLS still work (I would expect that it does not)?

 

[JonathanMueller]

Hey,

I checked "/usr/local/psa/var/log/maillog" but when trying to connect over SSL no new log entry is created.

 

[JonathanMueller]

C'mon guys, this can't be so hard

Please..

 

[Faris Raouf]

If you are absolutely sure there's nothing in the maillog then I'd check your firewall to make sure port 993 is open.

iptables -v -n -L | less

or maybe if you want to be more specific:

iptables -v -n -L | grep 'dpt:993'

If it is open, look to see how many packets might have hit that port (first number in the list)

You are looking for something like this:

20697 1847K ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993

Also check out http://kb.parallels.com/en/112316 which explains how to enable debugging for IMAP and POP3 - it might help.

Note, however, that using TLS/SSL will not prevent the NSA from reading your email.

 

[JonathanMueller]

Hey Faris,

the first command gives me this output:

Chain INPUT (policy ACCEPT 7126K packets, 4389M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 5747K packets, 702M bytes)
 pkts bytes target     prot opt in     out     source               destination

The second doesn't give any output.


BTW: When trying to restart "Courier IMAP server with SSL/TLS support"

with "/etc/init.d/courier-imaps restart" I get the following error message:

Stopping Courier IMAP server with SSL/TLS support: courierloggerUnknown option '-pid='
 failed!
Starting Courier IMAP server with SSL/TLS support: courierloggerUnknown option '-pid='
 failed!

 

[Nikolay.]

BTW: When trying to restart "Courier IMAP server with SSL/TLS support"

with "/etc/init.d/courier-imaps restart" I get the following error message:

Stopping Courier IMAP server with SSL/TLS support: courierloggerUnknown option '-pid='
 failed!
Starting Courier IMAP server with SSL/TLS support: courierloggerUnknown option '-pid='
 failed!

Well... would have been much easier if you started from this.

Check whether there is SSLPIDFILE parameter in "/etc/courier-imap/imapd-ssl". There would not be one. This means that either you removed it yourself (which is unlikely, I suppose), or Courier configuration was not properly upgraded.

Please post output of # head -n 1 /etc/courier-imap/{imapd,pop3d}{,-ssl}

To override your current configuration with default (valid) one, replace following files in /etc/courier-imap/ with their versions with .dist suffix: imapd, imapd-ssl, pop3d, pop3d-ssl.

Good luck.

 

[JonathanMueller]

To override your current configuration with default (valid) one, replace following files in /etc/courier-imap/ with their versions with .dist suffix: imapd, imapd-ssl, pop3d, pop3d-ssl.

THANK YOU so much! This fixed the problem for me. I'm also now able to restart "Courier IMAP server with SSL/TLS support".

I did not modify these files by hand. Seems to be a Plesk issue.


Thanks again *happy* <3

 

[Nikolay.]

I did not modify these files by hand. Seems to be a Plesk issue.

Please post output of # head -n 1 /etc/courier-imap/{imapd,pop3d}{,-ssl}

Forgot to post this information? Well, I guess we'll never know what happened then.

THANK YOU so much! This fixed the problem for me. I'm also now able to restart "Courier IMAP server with SSL/TLS support".

You're welcome.

 

[JonathanMueller]

Forgot to post this information? Well, I guess we'll never know what happened then.

==> /etc/courier-imap/imapd <==
##VERSION: $Id: imapd.dist.in 159 2011-11-14 02:07:00Z mrsam $

==> /etc/courier-imap/imapd-ssl <==
##VERSION: $Id: imapd-ssl.dist.in 226 2012-06-22 12:20:43Z mrsam $

==> /etc/courier-imap/pop3d <==
##VERSION: $Id: pop3d.dist.in 159 2011-11-14 02:07:00Z mrsam $

==> /etc/courier-imap/pop3d-ssl <==
##VERSION: $Id: pop3d-ssl.dist.in 226 2012-06-22 12:20:43Z mrsam $

 

[Nikolay.]

Thanks, but did you run the command before or after you fixed the problem with IMAP?