unmatched entries for courier

Another unmatched line found:

**Unmatched Entries**
couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number: 1 Time(s)

More unmatched lines for Courier:

**Unmatched Entries**
  couriertls: connect: Connection reset by peer: 3 Time(s)
  couriertls: connect: Success: 1 Time(s)
  couriertls: connect: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher: 5 Time(s)
  couriertls: connect: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number: 2 Time(s)
  couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number: 1 Time(s)
  message repeated 17 times: [ couriertls: connect: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher]: 1 Time(s)
  message repeated 4 times: [ couriertls: connect: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher]: 1 Time(s)

Thank you already for taking the time to report this bug and helping to make Ubuntu better.

It is really great that you identified and split up all these issues, but given that up to now neither Debian nor Ubuntu add tremendous functional delta to the upstream logwatch content I think the right way to address is to file them upstream (https://sourceforge.net/p/logwatch/bugs/).

Despite on sourceforge they seem to be still active there - Debian as well as Ubuntu can eventually pick it up on the next merge then.

If you are so kind and file them upstream it would be great if you drop us a note here or even link the upstream bug via "also affects project" above in Launchpad.

As far as I can tell, nothing from couriertls: connect is actually logwatch'd upstream.

I believe the original bug report's entry is unmatched because it is not under:

   # ESMTP, including all delivery
   elsif ( $service =~ /^(courierd|courieresmtpd|courieresmtp|courierlocal|courieruucp|courierfax|courierdsn)$/ ){

-Nish

From my research into this issue, the specific error messages listed in this bug report are due to credential and/or certificate mismatches between the server and client. It can indicate a misconfigured server, but more commonly indicate a misbehaved mail client. Without seeing the actual log files, and/or knowing the specific conditions that produced them it's hard to figure out how to reproduce the exact failure.

However, I did work out how to configure couriertls and test logwatch's handling of its error logs:

Install logwatch & couriertls
  $ sudo apt-get install -y logwatch
  $ sudo apt-get install -y courier-imap
      • Create directories for web-based admin? No
      • SSL cert generation required. Ok
      • Courier MTA user:group changed to courier:courier. Ok
  $ [optional] sudo apt-get install -y gamin

Setup postfix
  $ sudo debconf-set-selections <<< "postfix postfix/mailname string <hostname>"
  $ sudo debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Local only'"

Setup courier
  # In /etc/courier/imapd, set:
      ADDRESS=127.0.0.1
      #ADDRESS=0
  $ sudo maildirmake /etc/skel/Maildir
  $ sudo maildirmake /etc/skel/Maildir/.Drafts
  $ sudo maildirmake /etc/skel/Maildir/.Sent
  $ sudo maildirmake /etc/skel/Maildir/.Trash
  $ sudo maildirmake /etc/skel/Maildir/.Templates
  $ sudo cp -r /etc/skel/Maildir /home/${USER}/
  $ sudo chown -R ${USER}:${USER} /home/${USER}/Maildir
  $ sudo chmod -R 700 /home/${USER}/Maildir
  $ sudo service courier-imap-authdaemon start
  $ sudo service courier-imap start
  $ sudo service courier-imap-ssl start

Verify installation is working
  $ sudo service courier-imap status
    [...]
    Active: active (running) [...]
    [...]
  $ telnet localhost imap
    ...
    * OK [CAPABILITY IMAP4rev1 ... ACL ACL2=UNION STARTTLS ENABLE UTF8=ACCEPT] Courier-IMAP ready.[...]
    01 login <USER> <PASSWORD>
    01 OK LOGIN Ok.
    02 select Inbox

    * FLAGS (\Draft \Answered \Flagged \Deleted \Seen \Recent)
    * OK [PERMANENTFLAGS (\* \Draft \Answered \Flagged \Deleted \Seen)] Limited
    * 0 EXISTS
    * 0 RECENT
    * OK [UIDVALIDITY 591130030] Ok
    * OK [MYRIGHTS "acdilrsw"] ACL
    02 OK [READ-WRITE] Ok
    03 logout
    * BYE Courier-IMAP server shutting down
    03 OK LOGOUT completed

    Send test email(s)
    $ mail ${USER}@localhost
    Cc:
    Subject: Testing to localhost

    test
    ^D

    Run logwatch
    + sudo logwatch --detail Med --service imapd --service courier --range all

Like I mentioned above, I could not sort out how to get courier to emit the exact error messages that the user reported. However, it's possible to inject these into the mail log synthetically, and then check logwatch's behavior. Download the 'fake_couriertls_entries.log' file attached to this bug report, then:

  $ sudo cat /tmp/fake_couriertls_entries.log >> /var/log/mail.log
  $ sudo logwatch --detail High --service imapd --service courier --range "all"

This will show a number of **Unmatched Entries** shown in the imapd section. Nothing gets shown in the courier section (except for some authdaemond stuff, but think that's an orthogonal issue).

Given the above test case, I worked out patches to suppress the error messages, which are available now in this MP:

  https://code.launchpad.net/~bryce/ubuntu/+source/logwatch/+git/logwatch/+merge/385237

And this PPA:

  https://launchpad.net/~bryce/+archive/ubuntu/logwatch-sru-lp1578004-unmatched-entries

I've forwarded the patches upstream in this pull request:

  https://sourceforge.net/p/logwatch/git/merge-requests/42/

I had originally considered this may be a good candidate for SRU, but since a default installation of logwatch + couriertls do not appear to reproduce the error messages, the impact of this is low, and so I don't think an SRU is warranted.

This bug was fixed in the package logwatch - 7.5.2-1ubuntu2

---------------
logwatch (7.5.2-1ubuntu2) groovy; urgency=medium

  * 0006-imapd-Handle-SSL3-connection-errors.patch: Handle SSL3
    connection errors for couriertls in imapd.
  * 0005-Match-connection-shutdown-by-couriertls.patch: Match connection
    shutdown entries by couriertls. These are likely just client errors
    and do not represent real problems.
    (LP: #1578004)

 -- Bryce Harrington <email address hidden> Fri, 05 Jun 2020 23:16:23 +0000