Dovecot Debugging and Logging

How to debug problems with a Dovecot server using log files.

2025 views
d

By. Jacob

Edited: 2020-05-03 16:10

Running your own imap e-mail server can be an interesting exercise, but if a problem occurs, it can be quite difficult to debug it since the default dovecot configuration does not log enough information about problems in the /var/log/syslog.

Personally, I also find it rather annoying that the log messages specific to e-mail is logged in the syslog instead of a separate log file, as it is in Apache. Fortunately, changing the default log location is easy.

1. To change the default log location in Debian based distributions, you should edit the logging.conf file. This is probably located in /etc/dovecot/conf.d/ — you may edit the file with:

nano /etc/dovecot/conf.d/10-logging.conf

2. Then uncomment the line that says # log_path = syslog by removing the hash (#), and instead enter something like:

log_path = /var/log/dovecot/dovecot.log

Make sure the directory exists:

mkdir /var/log/dovecot
3. Finally, you should also set auth_verbose = yes to also enable logging of unsuccessful login attempts.

To save the changes, remember to press CTRL + O in the nano editor.

Debugging with dovecot

These simple steps should help you debug most errors — you can then fairly easily find out why your setup is not working.

I was having strange problems when trying to connect to my imap server through telnet and from Thunderbird — it simply exited without any explanation. This was when I had to enable logging to see what was going on and debug the issue. The default syslog does not contain information about failed login attempts, so you better improve the logging situation before you attempt to debug the issue further.

As part of your debugging process, you may use telnet to try and connect to your server:

telnet imap.example.com 993

Note that the number at the end is the port number.

Once connected successfully, you should get a message like this:

Trying 192.0.2.1...
Connected to imap.example.com.
Escape character is '^]'.

This indicates that you have successfully connected. You can then close this telnet session by hitting CTRL + C. You should now be able to connect with your e-mail client.

Further debugging and common errors

This is not a complete list of errors, but these include some of the things I have had to fix on my own server.

DH parameters

Error: Failed to initialize SSL server context: Can't load DH parameters: error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:

1. This error happened after a server update, probably because dovecot changed something in its configuration. I fixed it by running this command:

openssl dhparam 4096 < /etc/dovecot/dh.pem

2. Then add this to the 10-ssl.conf file:

ssl_dh=</etc/dovecot/dh.pem

ssl_protocols has been replaced by ssl_min_protocol

Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:50: ssl_protocols has been replaced by ssl_min_protocol

1. This also happened after a server update. I fixed it by uncommenting the ssl_protocols parameter and adding ssl_min_protocol instead:

## ssl_min_protocol has been replaced by ssl_min_protocol
## ssl_protocols = !SSLv2 !SSLv3
ssl_min_protocol = TLSv1.2

Note. TLSv1.0 is an upgraded version of SSLv3, so you will at least be usin SSLv3. This is good to know, since SSLv2 apparently has known vulnerabilities. See also: SSL and TLS Protocols

Tell us what you think:

    More in: Dovecot