Hi Timo,
for next testing i change the file permission to
# ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
-r--r--r-- 1 vmail vmail 1703 Feb 27 09:55
/etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pemand no connection error occurs - BUT - the Warnings are still present:
---- %< ----
Apr 02 12:50:32 vml080 dovecot[6490]: imap-login: Logged in: user=<klaus@tachtler.net>, method=DIGEST-MD5, rip=fd00::10:10:0:0:80, lip=fd00::10:10:0:0:80, mpid=6545, TLS, session=<hfkc+HdOHKn9AAAAAAAAEAAQAAAAAACA> Apr 02 12:51:06 vml080 dovecot[6490]: lmtp(6556): Connect from 10.0.0.60 Apr 02 12:51:06 vml080 dovecot[6490]: lmtp(klaus@tachtler.net)<6556><sNYwORpKzmmcGQAAhuu2+w>: Mailbox INBOX: save: box=INBOX, uid=49395, msgid=<ac5KE5mw1qwhm7_O@vml080.idmz.tachtler.net>, size=4103, vsize=4184, from=Klaus Tachtler <klaus@tachtler.net> Apr 02 12:51:07 vml080 dovecot[6490]: lmtp(klaus@tachtler.net)<6556><sNYwORpKzmmcGQAAhuu2+w>: sieve: msgid=<ac5KE5mw1qwhm7_O@vml080.idmz.tachtler.net>: stored mail into mailbox 'INBOX' Apr 02 12:51:07 vml080 dovecot[6490]: lmtp(6556): Disconnect from 10.0.0.60: Logged out (state=READY) Apr 02 12:51:07 vml080 dovecot[6490]: lmtp(6556): Warning: Leaked settings: ssl-settings.c:234 Apr 02 12:51:07 vml080 dovecot[6490]: lmtp(6556): Warning: Leaked settings: ssl-settings.c:231
---- >% ----
Greetings Klaus.
On 4/2/26 14:33, Klaus Tachtler via dovecot wrote:
Hi Timo,
next try - permission vmail:vmail to the key - works - BUT ERROR still in LOG file:
Here is my directory structure with ownership and file permissions: ==================================================================
# ls -lad /etc/dovecot/ssl/ drwxr-xr-x 1 root root 24 Feb 27 09:55 /etc/dovecot/ssl/
# ls -l /etc/dovecot/ssl/ total 0 drwxr-xr-x 1 root root 204 Feb 27 09:55 certs drwxr-xr-x 1 root root 116 Feb 27 09:55 private
# ls -l /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem -r--r--r-- 1 vmail vmail 11627 Feb 27 09:55 /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
# ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem -r-------- 1 vmail vmail 1703 Feb 27 09:55 /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
---- %< (STRACE) ----
openat(AT_FDCWD, "/etc/dovecot/ssl/private/ wildcard.idmz.tachtler.net.key.pem", O_RDONLY) = 23 lseek(23, 0, SEEK_CUR) = 0 lseek(23, 0, SEEK_CUR) = 0 brk(0x5615e41d6000) = 0x5615e41d6000 lseek(23, 0, SEEK_CUR) = 0 lseek(23, 0, SEEK_CUR) = 0 fstat(23, {st_mode=S_IFREG|0400, st_size=1703, ...}) = 0 lseek(23, 0, SEEK_SET) = 0 read(23, "-----BEGIN PRIVATE KEY----- \nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDkRF5N07iRZLw4\nUbXO8ah"..., 4096) = 1703 read(23, "", 4096) = 0 close(23)
---- >% (STRACE) ----
---- %< (LOG) ----
Apr 02 12:27:34 vml080 dovecot[5767]: imap-login: Logged in: user=<klaus@tachtler.net>, method=DIGEST-MD5, rip=fd00::10:10:0:0:80, lip=fd00::10:10:0:0:80, mpid=5862, TLS, session=<u4f5pXdO6qP9AAAAAAAAEAAQAAAAAACA> Apr 02 12:28:20 vml080 dovecot[5767]: lmtp(5867): Connect from fd00::10:10:0:0:60 Apr 02 12:28:20 vml080 dovecot[5767]: lmtp(klaus@tachtler.net)<5867><UGBJAcREzmnrFgAAhuu2+w>: Mailbox INBOX: save: box=INBOX, uid=49393, msgid=<ac5EvPLt4PIT2ohg@vml080.idmz.tachtler.net>, size=4116, vsize=4197, from=Klaus Tachtler <klaus@tachtler.net> Apr 02 12:28:20 vml080 dovecot[5767]: lmtp(klaus@tachtler.net)<5867><UGBJAcREzmnrFgAAhuu2+w>: sieve: msgid=<ac5EvPLt4PIT2ohg@vml080.idmz.tachtler.net>: stored mail into mailbox 'INBOX' Apr 02 12:28:20 vml080 dovecot[5767]: dict(5868): Error: mysql: dict(sql): mysql(db.idmz.tachtler.net): Connect failed to database (postfixadmin): File '/etc/dovecot/ssl/private/ wildcard.idmz.tachtler.net.key.pem' not found (Errcode: 1294103494) - waiting for 1 seconds before retry Apr 02 12:28:20 vml080 dovecot[5767]: dict(5868): Error: mysql: dict(sql): mysql(db.idmz.tachtler.net): Connect failed to database (postfixadmin): File '/etc/dovecot/ssl/private/ wildcard.idmz.tachtler.net.key.pem' not found (Errcode: 1294103494) - waiting for 1 seconds before retry Apr 02 12:28:20 vml080 dovecot[5767]: dict(5868): Error: mysql: dict(sql): mysql(db.idmz.tachtler.net): Connect failed to database (postfixadmin): File '/etc/dovecot/ssl/private/ wildcard.idmz.tachtler.net.key.pem' not found (Errcode: 1294103494) - waiting for 1 seconds before retry Apr 02 12:28:20 vml080 dovecot[5767]: dict(5868): Error: mysql: dict(sql): mysql(db.idmz.tachtler.net): Connect failed to database (postfixadmin): File '/etc/dovecot/ssl/private/ wildcard.idmz.tachtler.net.key.pem' not found (Errcode: 1294103494) - waiting for 1 seconds before retry
---- >% (LOG) ----
On 4/2/26 14:23, Timo Sirainen wrote:
Maybe you have SELinux or something preventing the access? You could run service auth { user=root } if nothing else works.
On 2. Apr 2026, at 15.14, Klaus Tachtler <klaus@tachtler.net> wrote:
Hi Timo,
sorry my fault, found the file inside systemd:
/tmp/systemd-private-ab22c74fcf994418a96bd0422a864ab3- dovecot.service- J0Z3EJ/tmp/auth.strace
---- %< ----
openat(AT_FDCWD, "/etc/dovecot/ssl/private/ wildcard.idmz.tachtler.net.key.pem", O_RDONLY) = -1 EACCES (Permission denied) close(22)
---- <% ----
Here is my directory structure with ownership and file permissions: ==================================================================
# ls -lad /etc/dovecot/ssl/ drwxr-xr-x 1 root root 24 Feb 27 09:55 /etc/dovecot/ssl/
# ls -l /etc/dovecot/ssl/ total 0 drwxr-xr-x 1 root root 204 Feb 27 09:55 certs drwxr-xr-x 1 root root 116 Feb 27 09:55 private
# ls -l /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem -r--r--r-- 1 dovecot dovecot 11627 Feb 27 09:55 /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
# ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem -r-------- 1 dovecot dovecot 1703 Feb 27 09:55 /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
Thank you,
Klaus.
On 4/2/26 14:07, Timo Sirainen wrote:
On 2. Apr 2026, at 15.03, Klaus Tachtler <klaus@tachtler.net> wrote:
Hi Timo,
now I have:
service auth { executable = /usr/bin/strace -D -o /tmp/auth.strace -s 100 /usr/lib/dovecot/auth group = vmail user = vmail inet_listener auth { port = 12345 listen = 10.0.0.80 fd00::10:10:0:0:80 } }
The problem is, no strace file will be written?
ls -l /tmp/auth.strace
ls: cannot access '/tmp/auth.strace': No such file or directory
With systemd the /tmp directory is actually under /tmp/systemd- something/. Try find /tmp -name auth.strace or use some other directory than /tmp.
--
e-Mail :klaus@tachtler.net <mailto:klaus@tachtler.net> Homepage:https://www.tachtler.net <https://www.tachtler.net/> DokuWiki:https://dokuwiki.tachtler.net <https://dokuwiki.tachtler.net/>
--