9. February 2017

Courier Mail Server stops delivering emails after upgrade to 0.76

It might seem like a minor upgrade to go from version 0.75 to 0.76. In the case of Courier Mail Server, it’s a huge change in the orchestration of services.

Courier Mail Server has a very good modular architecture which allows independent control of each aspect of mail delivery. You can separately restart or change each service like MTA, POP or IMAP. Even encrypted variants of servers are available as separate services. The version 0.76 is pushing it even further in the fashion of micro services.

There is new service ‘courier’ which is responsible for scheduling mail delivery after mail was accepted via SMTP or SMTP-SSL. If you’re not aware of this new service you might wonder why is Courier not logging any activity after accepting email. Just make sure that service is running. You can start it by:

service courier start

After the start of the service, you may see that emails are being processed, but they’re not delivered to local mail users. In the log, you can find many error messages like:

/usr/bin/maildrop: Unable to change to home directory.

The other major change is the switch from courier-maildrop to common maildrop. That might seem like a minor change, but it could render your server completely useless. Emails won’t be simply delivered to user’s mailbox:

/usr/bin/maildrop: Unable to change to home directory.

The problem is that maildrop is accepting different parameters than courier-maildrop. Package maintainers recommends to change line with maildrop in /etc/courier/esmtpd from:

DEFAULTDELIVERY='|/usr/bin/maildrop'

to:

DEFAULTDELIVERY='|/usr/bin/maildrop -w 90 -V 1 -d ""'

If you do not have time to play with maildrop, you can change to default configuration:

DEFAULTDELIVERY=./Maildir

Here is the explanation of changes from package maintainers (click image for detail):

Restart services and delivery should start. It might happen that services do not shut down, because upgrade changed user from ‘daemon‘ to ‘courier‘. Then the solution is to terminate services by:

pkill -9 -f courier

Then you can start services and everything should work ok.

9. December 2015

Thunderbird and Outlook solution of problem with Courier IMAP sslv3 alert illegal parameter

E-mail clients like Thunderbird or Outlook stopped to communicate with Courier IMAP/SMTP/POP TLS after some upgrade.

The only clue in log file was this error message:

courier couriertls: accept: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter

The problem was that certificate for IMAP (/etc/courier/imapd.pem) and /etc/courier/dhparam.pem were containing too short key. The short key was sufficient in past for encrypted communication. Unfortunately maintainers of Debian package forgot to add fix for upgrade.

It is very simple to fix the issue. Just generate DH with sufficient length.

DH_BITS=2048 mkdhparams

This command will update /etc/courier/dhparm.pem.

Make sure to update all pem files in case that they contain DH record.

Restart services and clients should be able to reconnect without problem.

If you still experience some issues with PEM files check out article PEM routines:PEM_read_bio:no start line.

24. July 2014

couriertls: /etc/courier/esmtpd.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

After upgrade of Linux distribution Courier stopped to accept emails delivered over TLS or SSL.

There was just nice error message in the log file:

couriertls: /etc/courier/esmtpd.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

Long story short. The problem was in pem file.

Previous versions of Courier-SSL were able to read files with Windows EOL. The new version is failing with this nice error.

Solution is simple: get rid of Windos EOL.

You can use e.g. dos2unix

dos2unix esmptd.pem

Restart services and everything will work 🙂

  • Where is the fish?

  • Translations

  • Further info

  • Twitter

    Follow @jurajmichalek on twitter.

  • Comments

  • Tags

  • Topics