[Dovecot] Removing configured SSL certificate file from disk while Dovecot is running spams syslog

Nils me at n-art.de
Thu Dec 6 11:13:50 EET 2012 

Hi!

[root at mikan ~]# dovecot --version
2.1.12

When I remove the SSL certificate from disk while Dovecot is running, it 
spams syslog with the following log message over and over:

Dec  6 17:41:41 mikan dovecot: config: Fatal: Error in configuration 
file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file 
/etc/ssl/private/dovecot.pem: No such file or directory
Dec  6 17:41:41 mikan dovecot: config: Fatal: Error in configuration 
file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file 
/etc/ssl/private/dovecot.pem: No such file or directory
Dec  6 17:41:41 mikan dovecot: config: Fatal: Error in configuration 
file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file 
/etc/ssl/private/dovecot.pem: No such file or directory
[...]

Reporting that the certificate went away is fine and useful, but 
spamming the syslog over and over with hundreds of entries per second(!) 
is annoying. :(

I know what I'm doing, so reporting it once per connection attempt or 
something is enough. Even if Dovecot just decides to terminate, that 
would be fine. But a denial of service attack on syslog is not nice.

Configuration output follows below.

All the best,

Nils


[root at mikan ~]# dovecot -n
# 2.1.12: /etc/dovecot/dovecot.conf
# OS: Linux 3.5.4-1-ARCH x86_64
auth_failure_delay = 5 secs
auth_mechanisms = plain login
auth_verbose = yes
listen = *,::
login_greeting =
mail_location = maildir:~/.maildir
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = pam
}
protocols = pop3
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
service pop3 {
   process_limit = 10
}
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.key
userdb {
   driver = passwd
}
protocol imap {
   imap_idle_notify_interval = 2 mins
   mail_max_userip_connections = 5
}
protocol pop3 {
   mail_max_userip_connections = 5
   pop3_logout_format =
   pop3_save_uidl = no
   pop3_uidl_format = %08Xu%08Xv
}

More information about the dovecot mailing list