问题：

从昨天起，thunderbird客户端无法连接到邮件服务器，

在邮件日志文件中，我有以下行：

Nov 26 13:24:46 LinuxWebServer dovecot: imap-login: Error: SSL: Stacked error: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42


Nov 26 13:24:46 LinuxWebServer dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=*.*.*.*, lip=*.*.*.*, TLS: SSL_read() failed: Unknown error, session=<MGGQqAa1aMhFRiQi>


Nov 26 13:24:51 LinuxWebServer dovecot: imap-login: Error: SSL: Stacked error: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42


Nov 26 13:24:51 LinuxWebServer dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=*.*.*.*, lip=*.*.*.*, TLS: SSL_read() failed: Unknown error, session=<W7viqAa1achFRiQi>

我已经检查了证书的有效性，它仍然有效

使用Sylpheed邮件客户端，我得到以下对话框：

The SSL certificate of mail.somedomain.com cannot be verified by the following reason:


 unable to get local issuer certificate



Subject: /CN=LinuxWebServer


Issuer: /OU=generated by Avast Antivirus for self-signed certificates/O=Avast Web/Mail Shield/CN=Avast Web/Mail Shield Self-signed Root


Issued date: Feb 9 20:02:57 2017 GMT


Expire date: Feb 7 20:02:57 2027 GMT



SHA1 fingerprint: 70:0C:A4:FA:25:11:1F:2B:27:A8:66:99:89:11:A7:21:04:26:52:54


MD5 fingerprint: 45:0E:2B:CF:FA:AD:7C:D6:A8:18:DE:2C:36:B8:FA:20

编辑：

在10-ssl.conf中：

ssl = required


ssl_cert = </etc/ameloracerts/mailsrvs.ca.crt


ssl_key = </etc/ameloracerts/mailsrvs.key

在99-mail-stack-delivery.conf中：

99-mail-stack-delivery.conf


protocols = imap pop3 lmtp


disable_plaintext_auth = yes


ssl = yes


ssl_cert = </etc/dovecot/dovecot.pem


ssl_key = </etc/dovecot/private/dovecot.pem


ssl_cipher_list = 


ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM


ssl_protocols = !SSLv2 !SSLv3

答案1：

使用了两个不同的证书(一个self-signed和paid)，其中一个已经过期。

我购买了一个新的证书，并在10-ssl.conf中配置它，然后我删除了99-mail-stack-delivery.conf中的SSL配置，这显然是问题的主要原因。

邮件服务器现在按预期工作。