Came across a mail server and noticed the following error in the mail logs:
Sep 22 04:26:01 mailserver dovecot: imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssl_dh=</path/to/dh.pem
This can easily be fixed by creating a DH key:
root@mailserver:~# openssl dhparam -out /etc/dovecot/dh.pem 4096
Generating DH parameters, 4096 bit long safe prime, generator 2
This is going to take a long time
.............................
And this DH key can then be added to dovecot's config using the ssl_sh option:
root@mailserver:~# grep ssl_dh /etc/dovecot/dovecot.conf
ssl_dh = </etc/dovecot/dh.pem
Note: I prefer to keep all Dovecot settings in one config file. The default on Debian and Ubuntu is to spread the configs across multiple files. The relevant config file in this case would be /etc/dovecot/conf.d/10-ssl.conf .
After a restart of Dovecot, the error is gone from the logs.
root@mailserver:~# systemctl restart dovecot
No comments yet.
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Observability Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder