Tim, Daniel, Aki, all. Problem solved. Well, sort of: It is AppArmor. I disabled AppArmor based on another sufferer's experience, and I quote: https://forums.opensuse.org/showthread.php/531740-Unexpected-pe rmissions-issue-with-Dovecot I have made some progress on solving this and tracked down the problem to apparmor which is some sort of application based security system. (How I wish Linux followed KISS principals, this appears to be yet another security layer on top of the chmod/chown layer, and not an intuitive/obvious thing either...) So once again, a victim of political correctness. This was all more Scr ewtape distraction: There is nothing wrong with dovecot 3.2.1, there is nothing wrong with my "configuration", I am not being rude, but AppArmor got hosed by the OS upgrade. https://www.suse.com/documentation/sles11/book_security/data/se c_aaintro_enable.html Tomorrow is another day, I'll fight the AppArmor alligator then. In the meantime, on to that G&T! Woohoo! :-) Thanks again to all. Kind regards, Andy On Sun, 2018-12-16 at 18:41 +0000, Tim Dickson wrote:
permissions should be 644 or 444 owned by root. if the permissions are too open, ssl/dovecot will refuse to load them. you may even see a message about it if you have verbose messages/ check your sys logs. I had this problem once with certs that checked out fine, correct < in dovcot config but didn't load. chmod 644 /etc/ssl/certs/dovecot.cert /etc/ssl/private/dovecot.key fixed the problem regards, Tim
On 16/12/2018 14:33, C. Andrews Lavarre wrote:
For what it's worth, this gives the server an A: https://www.ssllabs.com/ssltest/analyze.html?d=mail.privustech. com
So there is no problem with the certificates and key...
Thanks again.
On Sun, 2018-12-16 at 09:19 -0500, C. Andrews Lavarre wrote:
So it's something else.