On 2. Apr 2026, at 13.56, Klaus Tachtler <klaus@tachtler.net> wrote:
Hi Timo,
first of all, thank you for your patience.
Here is my directory structure with ownership and file permissions:
ls -lad /etc/dovecot/ssl/
drwxr-xr-x 1 root root 24 Feb 27 09:55 /etc/dovecot/ssl/
ls -l /etc/dovecot/ssl/
total 0 drwxr-xr-x 1 root root 204 Feb 27 09:55 certs drwxr-xr-x 1 root root 116 Feb 27 09:55 private
ls -l /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
-r--r--r-- 1 dovecot dovecot 11627 Feb 27 09:55 /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
-r-------- 1 dovecot dovecot 1703 Feb 27 09:55 /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
All looks ok, so I guess next step would be to try stracing auth process to see what is really happening:
service auth { executable = /usr/bin/strace -D -o /tmp/auth.strace -s 100 /usr/libexec/dovecot/auth }
And fix the auth binary path to whichever location it exists in. Then grep for wildcard.idmz.tachtler.net.key.pem in the auth.strace to see what happens to it.
dovecot[9974]: lmtp(10078): Warning: Leaked settings: ssl-settings.c:234 dovecot[9974]: lmtp(10078): Warning: Leaked settings: ssl-settings.c:231 I don't see how these can happen based on the code. What's your doveconf -n? Are you connecting to LMTP using SSL?
I tried with your lmtp/ssl settings, but still can't reproduce this. Do they keep happening all the time?
On 2. Apr 2026, at 13.56, Klaus Tachtler <klaus@tachtler.net> wrote:
Hi Timo,
first of all, thank you for your patience.
Here is my directory structure with ownership and file permissions:
==================================================================
# ls -lad /etc/dovecot/ssl/
drwxr-xr-x 1 root root 24 Feb 27 09:55 /etc/dovecot/ssl/
# ls -l /etc/dovecot/ssl/
total 0
drwxr-xr-x 1 root root 204 Feb 27 09:55 certs
drwxr-xr-x 1 root root 116 Feb 27 09:55 private
# ls -l /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
-r--r--r-- 1 dovecot dovecot 11627 Feb 27 09:55
/etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
# ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
-r-------- 1 dovecot dovecot 1703 Feb 27 09:55
/etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pemAll looks ok, so I guess next step would be to try stracing auth process to see what is really happening: service auth { executable = /usr/bin/strace -D -o /tmp/auth.strace -s 100 /usr/libexec/dovecot/auth } And fix the auth binary path to whichever location it exists in. Then grep for wildcard.idmz.tachtler.net.key.pem in the auth.strace to see what happens to it.
dovecot[9974]: lmtp(10078): Warning: Leaked settings:
ssl-settings.c:234
dovecot[9974]: lmtp(10078): Warning: Leaked settings:
ssl-settings.c:231
I don't see how these can happen based on the code. What's your
doveconf -n? Are you connecting to LMTP using SSL?I tried with your lmtp/ssl settings, but still can't reproduce this. Do they keep happening all the time?