I had been running a previous release of of TB.
Installed vendor thunderbird-78.0.tar.bz2 and had been working for a
day or so on mga7 and mga8.

Noticed mail disposition buttons I had removed were set back to showing
up. Ok I'll remove them again BUT could not get access to
the customize feature.

Fine, assumed something in current profile was causing problem, so I
deleted ~/.thunderbird and attempted to create my login.

It fails to login. In the past, I could navigate eventually to the
accept ssl certificate. That option no longer exists.

So, I created a self-signed cert, changed dovecot options and still
cannot login. Looking in the log I see

Jul 18 19:59:33 imap-login: Error: Failed to initialize SSL server context: Can't load SSL certificate: There is no valid PEM certificate.
: user=<>, rip=127.0.0.1, lip=127.0.0.2, session=<+zFA58CqtLt/AAAB>

Any suggestions welcome.


Dovecot changes
ssl_cert = </etc/pki/tls/certs/dovecot.pem
ssl_key = </etc/pki/tls/private/dovecot.pem
#* create ssl_dh file with the following line:
#* openssl dhparam -out /etc/dovecot/dh.pem 1024
#***************** end bug 22758 workaround ***********************
#* https://www.reddit.com/r/Thunderbird/comments/fnfiyy/help_i_have_the_dreaded_ss l_alert_number_42/
ssl = required
ssl_ca = </etc/ssl/certs/dovecot.pem
ssl_require_crl = yes
ssl_verify_client_cert = no
ssl_min_protocol = TLSv1.2
disable_plaintext_auth = yes
auth_ssl_require_client_cert = no
auth_mechanisms = plain login
!include auth-passwdfile.conf.ext
--------------------------

generated new cert

OPENSSLCONFIG=/etc/dovecot/self_signed.cnf
CERTFILE=/etc/dovecot/dh.pem
KEYFILE=/etc/pki/tls/private/dovecot.pem

rm --force $CERTFILE

openssl req -new -x509 -nodes -config $OPENSSLCONFIG \
-out $CERTFILE -keyout $KEYFILE -days 400 \

cat /etc/dovecot/self_signed.cnf

[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_distinguished_name
x509_extensions = cert_type
prompt = no

[ req_distinguished_name ]
C = US
ST = TX
L = xxxx
O = Citizen
OU = Myhouse
CN = mail.home.test
emailAddress=postmaster@home.test

[ cert_type ]
nsCertType = server

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Sat, 18 Jul 2020 21:20:46 -0400, Bit Twister <BitTwister@mouse-potato.com> wrote:

Guessing they've become stricter about keys that are acceptable.

Dovecot changes
ssl_cert = </etc/pki/tls/certs/dovecot.pem
ssl_key = </etc/pki/tls/private/dovecot.pem
#* create ssl_dh file with the following line:
#* openssl dhparam -out /etc/dovecot/dh.pem 1024
#***************** end bug 22758 workaround ***********************

With the Mageia package, "rpm -q --scripts dovecot" has ...

/usr/share/rpm-helper/create-ssl-certificate dovecot $1 dovecot

if [ ! -e "/etc/dovecot/dh.pem" ]; then
#Generate the dh pem file in background
echo "Generate /etc/dovecot/dh.pem with 4096 bits, please wait completion."
systemd-run -G --no-block openssl dhparam -out /etc/dovecot/dh.pem 4096;
fi

Perhaps tb is no longer accepting 1024 bit keys. The $1 in the create-ssl-certificate
is the number 1 when a package is being installed.

Regards, Dave Hodgins

--
Change dwhodgins@nomail.afraid.org to davidwhodgins@teksavvy.com for
email replies.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Sat, 18 Jul 2020 22:03:31 -0400, David W. Hodgins wrote:

On Sat, 18 Jul 2020 21:20:46 -0400, Bit Twister

<BitTwister@mouse-potato.com> wrote:

Guessing they've become stricter about keys that are acceptable.

Dovecot changes
ssl_cert = </etc/pki/tls/certs/dovecot.pem
ssl_key = </etc/pki/tls/private/dovecot.pem
#* create ssl_dh file with the following line:
#* openssl dhparam -out /etc/dovecot/dh.pem 1024
#***************** end bug 22758 workaround ***********************

With the Mageia package, "rpm -q --scripts dovecot" has ...

/usr/share/rpm-helper/create-ssl-certificate dovecot $1 dovecot

if [ ! -e "/etc/dovecot/dh.pem" ]; then
#Generate the dh pem file in background
echo "Generate /etc/dovecot/dh.pem with 4096 bits, please wait

completion."

systemd-run -G --no-block openssl dhparam -out /etc/dovecot/dh.pem

4096;

fi

Perhaps tb is no longer accepting 1024 bit keys. The $1 in the

create-ssl-certificate

is the number 1 when a package is being installed.

Going to guess that is not it.
create-ssl-certificate will generate a key length of 2048

I have rebuilt all the dovecot openssl files and still have the problem.




--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 19/7/20 11:20 am, Bit Twister wrote:

I had been running a previous release of of TB.
Installed vendor thunderbird-78.0.tar.bz2 and had been working for a
day or so on mga7 and mga8.

Noticed mail disposition buttons I had removed were set back to showing
up. Ok I'll remove them again BUT could not get access to
the customize feature.

Fine, assumed something in current profile was causing problem, so I
deleted ~/.thunderbird and attempted to create my login.

/home/faeychild/.thunderbird
/home/faeychild/.cache/thunderbird

There are two thundebirds, Bits
You may have to kill them both


--
faeychild
Running plasmashell 5.15.4 on 5.6.14-desktop-2.mga7 kernel.
Mageia release 7 (Official) for x86_64 installed via Mageia-7-x86_64-DVD.iso


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Mon, 20 Jul 2020 07:56:14 +1000, faeychild wrote:

On 19/7/20 11:20 am, Bit Twister wrote:

I had been running a previous release of of TB.
Installed vendor thunderbird-78.0.tar.bz2 and had been working for a
day or so on mga7 and mga8.

Noticed mail disposition buttons I had removed were set back to showing
up. Ok I'll remove them again BUT could not get access to
the customize feature.

Fine, assumed something in current profile was causing problem, so I
deleted ~/.thunderbird and attempted to create my login.

/home/faeychild/.thunderbird
/home/faeychild/.cache/thunderbird

There are two thundebirds, Bits
You may have to kill them both

Very true, but thundebird will sync .cache defaults from .thunderbird
so that is not the problem.

I did run Mageia thunderbird, ok'ed cert security exception, then ran
TB-78 so my user account can access my mail.

That is not going to help my other
$ grep thunderbird /etc/passwd | wc -l
6
user accounts.

If I can not solve this I need to configure TB to get mail from
/var/mail/

I have no idea how to configure that activity.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 20/7/20 12:10 pm, Bit Twister wrote:

Very true, but thundebird will sync .cache defaults from .thunderbird
so that is not the problem.

I did run Mageia thunderbird, ok'ed cert security exception, then ran
TB-78 so my user account can access my mail.

That is not going to help my other
$ grep thunderbird /etc/passwd | wc -l
6
user accounts.

Ah yes. I see.

If I can not solve this I need to configure TB to get mail from
/var/mail/

I have no idea how to configure that activity.

I can barely manage TB and when it goes titsup I spends several hours
chasing shadows


Does this afford any clues, Bits

https://tinyurl.com/yy2hcuqo


--
faeychild
Running plasmashell 5.15.4 on 5.6.14-desktop-2.mga7 kernel.
Mageia release 7 (Official) for x86_64 installed via Mageia-7-x86_64-DVD.iso


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Mon, 20 Jul 2020 18:31:03 +1000, faeychild wrote:

On 20/7/20 12:10 pm, Bit Twister wrote:

Very true, but thundebird will sync .cache defaults from .thunderbird
so that is not the problem.

I did run Mageia thunderbird, ok'ed cert security exception, then ran
TB-78 so my user account can access my mail.

That is not going to help my other
$ grep thunderbird /etc/passwd | wc -l
6
user accounts.

Ah yes. I see.

If I can not solve this I need to configure TB to get mail from
/var/mail/

I have no idea how to configure that activity.

I can barely manage TB and when it goes titsup I spends several hours
chasing shadows

Does this afford any clues, Bits

https://tinyurl.com/yy2hcuqo

Ye gadds, Watch you go. That link was for TB 2.
Seems I could not see the forest because of all the trees in the way.


Using the same search string, picked this link
https://gist.github.com/raelgc/6031274

Couple of clicks later in TB and up pops all my messages.
No other commands needed.

I've set postfix alias to send all root messages to me.

Now I have to verify that works by deleting ~/.thunderbird
and running TB-78.

Then go back and rip out all my changes to dovecot and postfix
that I have made since I started this thread.

If that works, I may be able to remove the dovecot package.

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 20/7/20 7:32 pm, Bit Twister wrote:

Does this afford any clues, Bits

https://tinyurl.com/yy2hcuqo

Ye gadds, Watch you go. That link was for TB 2.
Seems I could not see the forest because of all the trees in the way.

Using the same search string, picked this link
https://gist.github.com/raelgc/6031274

bookmarked

Couple of clicks later in TB and up pops all my messages.
No other commands needed.

Someone once said (rightly) that relief is a much underrated emotion.

regards


--
faeychild
Running plasmashell 5.15.4 on 5.6.14-desktop-2.mga7 kernel.
Mageia release 7 (Official) for x86_64 installed via Mageia-7-x86_64-DVD.iso


--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)