Since yesterday my Thunderbird client can't connect to my mail server but two other clients I tried have no problem to retrieve email.
In my mail log file I have these lines:
Nov 26 13:24:46 LinuxWebServer dovecot: imap-login: Error: SSL: Stacked error: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
Nov 26 13:24:46 LinuxWebServer dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=*.*.*.*, lip=*.*.*.*, TLS: SSL_read() failed: Unknown error, session=<MGGQqAa1aMhFRiQi>
Nov 26 13:24:51 LinuxWebServer dovecot: imap-login: Error: SSL: Stacked error: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42
Nov 26 13:24:51 LinuxWebServer dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=*.*.*.*, lip=*.*.*.*, TLS: SSL_read() failed: Unknown error, session=<W7viqAa1achFRiQi>
I have checked the validity of my certificate and it's still valid up to 2027.
With Sylpheed mail client I get the following dialog:
The SSL certificate of mail.somedomain.com cannot be verified by the following reason:
unable to get local issuer certificate
Subject: /CN=LinuxWebServer
Issuer: /OU=generated by Avast Antivirus for self-signed certificates/O=Avast Web/Mail Shield/CN=Avast Web/Mail Shield Self-signed Root
Issued date: Feb 9 20:02:57 2017 GMT
Expire date: Feb 7 20:02:57 2027 GMT
SHA1 fingerprint: 70:0C:A4:FA:25:11:1F:2B:27:A8:66:99:89:11:A7:21:04:26:52:54
MD5 fingerprint: 45:0E:2B:CF:FA:AD:7C:D6:A8:18:DE:2C:36:B8:FA:20
I understands there is a clue about the issue in this warning but I just don't really understand what it technically mean
EDIT:
In 10-ssl.conf:
ssl = required
ssl_cert = </etc/ameloracerts/mailsrvs.ca.crt
ssl_key = </etc/ameloracerts/mailsrvs.key
In 99-mail-stack-delivery.conf:
99-mail-stack-delivery.conf
protocols = imap pop3 lmtp
disable_plaintext_auth = yes
ssl = yes
ssl_cert = </etc/dovecot/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_protocols = !SSLv2 !SSLv3
After some more investigation I found that I was using two different certificates (one self-signed and one paid) and one of them was expired.
I bought a new certificate and configured it in 10-ssl.conf then I removed the SSL configuration in 99-mail-stack-delivery.conf that was apparently the main cause of the issue.
My mail server now works as expected.
Thanks to Esa Jokinen who put me on the right track to find the solution.