Dovecot and IMAP issues on Windows 10 Mobile

2
Thursday January 14th 2016 at 9:45 PM
Linux Microsoft Windows Servers
dovecotLogo

Lately Outlook Mail on my Lumia 950 XL which runs Windows 10 Mobile has been throwing lots of notifications regarding my personal IMAP mailbox account having out of date settings. This has been occurring sporadically and becoming quite a pain. Sometimes up to 7 or 8 notifications are generated in the Action Centre within short periods of time. Interestingly my mail account settings are correct and the mailbox is syncing email with no problems. After doing some investigation on the server side I believe I’ve found the cause of the issue and its related to the maximum number of IP connections available to the Dovecot daemon. Read more to find out how I fixed it.

Your account settings are out of date!

Yeah, but are they REALLY though?

CYh81WKWAAA1P_6

Actually this error notification can be rather misleading and in some cases not actually the problem at all. Outlook Mail in Windows 10 seems to be quite picky to certain configurations/internet connectivity scenarios. In fact you can often trigger this error quite easily on Windows 10 mobile devices when switching between a data connection and WiFi where by the WiFI connection needs authentication or opens a web browser to complete the connection. WiFi Sense will cause notifications like to be generated A LOT.

In general I think Microsoft need to review Outlook Mail in this regard because its way too sensitive and certainly wasn’t like this in Windows Phone 8. I rarely experienced any email sync related errors on my Lumia 925. In addition to IMAP, this also happens on Exchange mailboxes as well.

Having this error appear on a mobile device doesn’t really help much either because there is very little debugging possible or any logs available to view directly. As my personal mailbox is a IMAP account hosted on my own web server, I decided to check out the email server itself and comb through some Dovecot server logs to see what I could find to try and track down the source of this error.

Check if Dovecot has enough connections available

After checking out my Dovecot logs at /var/log/maillog (Your log path may vary), I noticed many entries that looked like this:

dovecot[30591]: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10):
dovecot[30591]: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10):
dovecot[30591]: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10):
dovecot[30591]: imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10):

I have redacted the additional rip and lip parts which reveal the client and server IPv4/IPv6 address (depending on if your client/mail server supports IPv6).

Sure enough I noticed the IP address of my Lumia 950 XL attached to these log errors, so this strongly hinted that the maximum connections that Dovecot has available is not enough when it attempted to sync, note the imap-login part in the log.

Taking a further look at the configuration of Dovecot I came across the following settings:

mail_max_userip_connections = 10

remote 127.0.0.1 {
mail_max_userip_connections = 150
}

The first value is the maximum connection per IP across all protocols as a global setting, not just for IMAP. Right off the bat this seems very low, given I have multiple devices syncing this mailbox. The second reference is more of a conditional statement for requests made to Dovecot locally i.e. the request originating from the web server itself. This is set to a value much higher for webmail clients (such as RoundCube or Squirrel Mail) which tend to send a lot of requests more frequently. My fix was to add a new value specifically for IMAP. I could change the global value, but as this is specially related to IMAP I’ve left this setting as was packaged when first installed (in my case from the custombuild system of DirectAdmin).

I added this additional block to my Dovecot config:

protocol imap {
mail_max_userip_connections = 50
}

Followed by a restart of the Dovecot daemon. I then confirmed the change was picked up by running the dovecot binary with the -a parameter, making sure I saw the new value of 50 for the IMAP protocol:

service dovecot restart
dovecot -a

This change seems to have stopped the “settings out of date” errors from appearing. Be aware that the higher you raise the value of mail_max_userip_connections the more server resources i.e. CPU/RAM will be required as your allowing more concurrent connections to the Dovecot daemon. Typically having this set to a lower value might be more of a problem on IPv4 only networks where you could have multiple devices syncing the same mailbox behind one single external IPv4 address. With IPv6 you should be able to mostly avoid this issue as each device would be given a global IPv6 address and hence not be under the same IP address despite coming from the same network (unless you are using a IPv6 proxy). IPv6 support is down to both your client device and mail server supporting IPv6 however.

Another factor that could cause all available connections being used up is some mail clients might not release connections to Dovecot and instead keep taking up connections per each synchronised IMAP folder. Outlook Mail could be in this category and might be connection heavy, but I haven’t tested this.

Additional troubleshooting

As well as maximum IP connections there are other Dovecot configuration issues that can generate this error on Windows 10 as well.

Misconfigured SSL certificates

Another potential explanation for this behaviour is if you happen to use SSL for incoming and/or outgoing but don’t have a valid SSL certificate/chain correctly setup or if you happen to use a self signed certificate. Outlook Mail tends to throw the same error in this situation and you should only enable the SSL settings when configuring your mailbox on a Windows 10 device if the mail server address you use has valid SSL, especially on a mobile device, as its quite difficult to install self signed certificates on these devices.

You can use a tool like SSL-Tools to check your mail server for valid SSL.

You can also use OpenSSL and connect to your mail server via smtp(s)/imap(s) to confirm the right certificate chain is in place. Here are some examples:

// SMTP test (note the diffrent ports)
openssl s_client -starttls smtp -connect mail.example.com:25
openssl s_client -starttls smtp -connect mail.example.com:465
openssl s_client -starttls smtp -connect mail.example.com:587
// IMAPS
openssl s_client -connect mail.example.com:993
// POP3S
openssl s_client -connect mail.example.com:995

Note: Dovecot does not handle SMTP in any way, this would be handled by an MTA such as Exim, Sendmail etc.

If any of the tests report an invalid or incorrect certificate chain i.e. certificate not matching the domain, you should review your setup or just uncheck the inbound/outgoing SSL settings in your mailbox configuration to avoid issues.

SSL Cipher suites

Cipher suites can also be attributed to this error. If you do use SSL and have a valid setup your server might be too strict on the ciphers allowed and you might experience sync issues on Windows 10 Mobile while other mail clients sync the same mailbox with no problems. Its all down to what cipher suites are supported by the specific client. A good value to use for Dovecot that is a balance between compatibility and security is:

ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

Did any of the fixes work for you?

I don’t know how many Windows 10 Mobile owners that run their own mail server and happen to run Dovecot are out there, but if you are experiencing this problem and managed to fix it, why not let me know in the comments?

Share This:

Tags: