IMAPs and POP3s services get restared: Openssl syscall error: Connection reset by peer!

Created:

2016-11-16 12:41:40 UTC

Modified:

2017-04-24 12:15:05 UTC

0

Was this article helpful?


Have more questions?

Submit a request

IMAPs and POP3s services get restared: Openssl syscall error: Connection reset by peer!

Applicable to:

  • Plesk 12.5 for Linux

Symptoms

  1. Courier IMAP and POP3 server with SSL/TLS support gets restarted all the time

  2. If Watchdog extension is installed, the following errors are displayed in /var/log/plesk/modules/monit.log file:

    monit: embed_ssl_socket(): Openssl syscall error: Connection reset by peer!
    'courier_imaps' failed, cannot open a connection to INET[localhost:993]
    monit: embed_ssl_socket(): Openssl syscall error: Connection reset by peer!
    'courier_pop3s' failed, cannot open a connection to INET[localhost:995]
    'courier_pop3s' stop: /opt/psa/admin/bin/mailmng-service
    'courier_imaps' process is not running
    'courier_imaps' trying to restart
    'courier_imaps' start: /opt/psa/admin/bin/mailmng-service
  3. Path to certificates for imap and pop3 services in configuration files is correct:

    # grep '^TLS_CERTFILE' /etc/courier-imap/*ssl
    /etc/courier-imap/imapd-ssl:TLS_CERTFILE=/usr/share/imapd.pem
    /etc/courier-imap/pop3d-ssl:TLS_CERTFILE=/usr/share/pop3d.pem
  4. Support for TLSv1 is specified in /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl files:

    TLS_PROTOCOL=TLSv1

Cause

TLSv1.1 and TLSv1.2 support is not enabled in /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl configuration files

Resolution

Replace TLS_PROTOCOL=TLSv1 in /etc/courier-imap/pop3d-ssl and /etc/courier-imap/imapd-ssl configuration files with:

    TLS_PROTOCOL=TLSv1+

Additional Information

If there is other path to certificates for imap and pop3 services displayed in configuration files, visit the following article:

213366329 IMAPs and POP3s servers are crashing: Openssl syscall error: Connection reset by peer

Have more questions? Submit a request
Please sign in to leave a comment.