On 8/15/2010 5:06 PM, Marc Perkel wrote:
Since my old config had this:
protocols = imap imaps pop3 pop3s
ssl_cert_file = /usr/share/ssl/certs/imapd.pem ssl_key_file = /usr/share/ssl/certs/imapd.pem
then the convert script should have added
ssl = yes
Just trying to document all the little issues as I find them.
We use SSL and the convert script didn't add ssl=yes but, as Timo said, ssl=yes is the default. Anyway, without ssl=yes even existing, our SSL worked from the start.
We did have a slight problem with the convert script though. As of 2.0, dovecot uses a different chrooted user for the login processes. In dovecot 1.2.x we were already doing the same thing in chrooting the login processes; we know our security :) (We keep telling people on here that defining the home directory for each user logging in is a security must, for chrooting that user, as well as implementing the uid and gid differences.)
Our dovecot 1.2 config, in the end of "auth default" had user=dauth, which we used for the sockets in /var/run/dovecot, but this conflicted with the new 2.0's authuser. Doveconf should have remove that user=dauth but I don't think this will be an issue for anyone else unless they did their own chrooting as well, which they should know how to undo.
Jerrale G. SC Senior Admin