ERROR: Connection dropped by imap server: Query: SELECT "INBOX"
If you get the following error when trying to connect to your webmail client:
ERROR: Connection dropped by imap server Query: SELECT "INBOX"
/var/log/maillog for any dovecot clues.
It may be that the dovecot indexes are corrupted (sometimes happens between dovecot versions), so the fix is to simply purge the indexes, eg:
cd /home/username/imap/domain.com/user/Maildir rm -f dovecot*
When you login to dovecot (either via webmail or email client) the index will be re-created, and you should be good to go.
Why do I get shadow(firstname.lastname@example.org,127.0.0.1): unknown user?
Dovecot uses 2 separate login databases to authenticate.
One is for the system passwords. This is called "shadow" and uses the
/etc/shadow file. The other is for virtual accounts. They live in the
A valid email account of either type will only exist in one of these databases, not both, but both are checked to attempt to validate the user. If the email account does not exist in the first one, then the error will show up, even though it exists in the 2nd database. This is normal.
Nov 7 00:59:47 server dovecot: auth(default): shadow(email@example.com,127.0.0.1): unknown user Nov 7 00:59:47 server dovecot: auth(default): passwd(firstname.lastname@example.org,127.0.0.1): unknown user
You can hide these errors by setting
auth_verbose = no auth_debug = no
in the "## Authentication processes" section of your
How to manually check the certificate for imap on port 143 or 993
As more servers and mail clients are requiring valid certificates for mail servers, you might need to view the certificate data to see what's currently set.
To check the 143 port:
openssl s_client -connect server.hostname.com:143 -starttls imap -servername server.hostname.com
To check the 993 port:
openssl s_client -connect server.hostname.com:993 -servername server.hostname.com
The "CN" value, or "Common Name", will be the current host value set inside the certificate.
You'll be looking for the subject after the certificate output, so in the case of our mail server, we have a wildcard, so the important bits would look like:
-----END CERTIFICATE----- subject=/OU=Domain Control Validated/CN=*.directadmin.com
Once run, you'll actually be connected to the remote server, to exit the current IMAP session just type:
If it is a self-signed certificate, you'll see this in the "SSL-Session:" header:
Verify return code: 18 (self signed certificate)
Note, the "-servername" is used to specify the ssl host, if your dovecot is running SNI to allow for multiple certificates.