debug logging
set DEBUGLOGIN=1 1 (or 2 to show passwords) in /etc/authlib/authdaemonrc
For systemd machines, use journalctl
journalctl -xef -ucourier-imap-ssl.service -ucourier-authdaemon.service
To debug IMAP over SSL
openssl s_client -connect x.x.x.x:993 a login USERNAME PASSWORD a examine inbox a logout
imapd-ssl: couriertls: connect: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Could be related to either removed ciphers from
or incorrect key file being used. In most situations you can leave TLS_CIPHER_LIST undefined
# OpenSSL: # TLS_CIPHER_LIST="TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
Sometimes, updates revert back to the default:
TLS_CERTFILE=/etc/ssl/private/imapd.pem TLS_DHPARAMS=/etc/ssl/private/dhparams.pem
But should be using own certificate:
TLS_CERTFILE=/etc/ssl/private/myprivatekey.pem #TLS_DHPARAMS=/etc/ssl/private/dhparams.pem
imapd-ssl: couriertls: /etc/ssl/private/dhparams.pem: error:2D06C06E:FIPS routines:FIPS_module_mode_set:fingerprint does not match
This is an ambiguous message and is happening becauseTLS_DHPARAMS=/etc/ssl/private/dhparams.pemis set but the file doesn’t exist