Am 14.08.2015 um 13:22 schrieb dravion.smith@gmx.net:
Hi, I want to say hello and here is my big problem ;D
Iam trying to archive a Postfix/Dovecot 2.2.10 CentOS7 Multidomain Setup with multiple (valid StartSSL Certs), but iam only able to run a single Domain Cert server only.
ps: I need a multiple domainssetup for every customer and it is not an option for me redirecting any email to a single domain server. I really need this setup working.
IMHO: I think it SELinux could interfere with multiple Certs in diffrent folders (it is activated in CentOs7 by default and is needed by other apps)
What have you done to exclude that SELinux interferes?
Run "ausearch -m avc" to check for AVCs.
Ok, here is my logfile data:
systemctl start postfix.service [OK] systemctl start dovecot.service [OK]
/var/log/messages *systemd: Stopping Dovecot IMAP/POP3 email server... *systemd: Starting Dovecot IMAP/POP3 email server... *systemd: Started Dovecot IMAP/POP3 email server.
/var/log/maillog *dovecot: master: Dovecot v2.2.10 starting up for imap, pop3, lmtp (core dumps disabled)
### This works (Thunderbird, Outlook 2013, Opera Mail ect.) ####
local mydomain01.tld {
protocol imap { ssl_cert =
}
You are leaving the terrain of your distribution. That's not the intended path. /etc/pki/tls/{certs,private}/ is.
### this 10-ssl.conf ### --- FAILS (the error occurs after an email client accesses IMAP Folders) local mydomain01.tld {
protocol imap { ssl_cert =
}
local mydomain02.tld {
protocol imap { ssl_cert =
}
See above.
Why 2 times the same certificate pair files?
Make sure the permissions (and not only of the files itself) and the SELinux context is set properly. You gave zero information about that.
/var/log/mailog ### Error log ### Aug 14 12:50:38 matrix dovecot: imap-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Aug 14 12:50:38 matrix dovecot: master: Error: service(imap-login): command startup failed, throttling for 60 secs
The key file contains "-----BEGIN PRIVATE KEY-----" as first line and "-----END PRIVATE KEY-----" as last line?
I really dont know why a single domain is no problem but if i enable multiple domains dovecots start with any error, even if i set debug verbose leven to extrem high but if i access dovecot with Thunderbird my server loggile explodes with something like this Couldn't parse private ssl_key: error:0906D06C:PEM but the certs are 100% valid and checked over and over again.
Any help is greatly appreciated!
Greetings, Dravion
Alexander