- Martin McClure via dovecot:
Is this expected behavior in 2.4, or is it considered a bug?
I'm not Aki, but since I ran into the same issue a while back: I'd like to repeat that I do consider this to be a bug. It also affects doveadm use, for example.
The problem occurs when a non-root process triggers evaluation of the Dovecot config and is unable to read the TLS key files. Protecting these files is of course important, and some random user invoking doveadm in their command shell should have no reason to access sensitive files. IMO, Dovecot should not even attempt to read TLS related files in this case. They are not needed at this time.
If it's expected behavior, why does this workaround work?
The "!include_try foo.conf" succeeds when run as root, e.g. during Dovecot startup, but fails silently for non-root owned processes. That's why it works as a workaround.
-Ralph