Bugreport: managesieve-login won't start without a ssl-key
Hello,
If you don’t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message: dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven’t enabled ssl for managesieve-login.
Infos according to http://www.dovecot.org/bugreport.html:
Filesystem: ext4 doveconf -n: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 auth_default_realm = toppoint.de auth_mechanisms = plain login auth_username_format = %Ln mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = dovecot driver = pam } plugin { sieve = ~/.sieve/dovecot.sieve sieve_dir = ~/.sieve } protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 ssl = yes } } ssl = required ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/imap.toppoint.de.pem ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv3 !SSLv2 userdb { driver = passwd } protocol lmtp { mail_plugins = sieve } protocol imap { ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_key = </etc/ssl/private/imap.toppoint.de.pem } protocol pop3 { ssl_cert = </etc/ssl/private/pop3.toppoint.de.crt ssl_key = </etc/ssl/private/pop3.toppoint.de.pem }
P.S I used doveconf -n to generate the config output, the website says you should use dovecot -n, is this an error or intentional?
Op 10/27/2016 om 9:55 PM schreef Moritz Fago:
Hello,
If you don’t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message: dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven’t enabled ssl for managesieve-login.
I must say I don't really know what that error means. I see a few things though:
Infos according to http://www.dovecot.org/bugreport.html:
Filesystem: ext4 doveconf -n: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 auth_default_realm = toppoint.de auth_mechanisms = plain login auth_username_format = %Ln mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = dovecot driver = pam } plugin { sieve = ~/.sieve/dovecot.sieve sieve_dir = ~/.sieve } protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 ssl = yes }
This means that you're making a 'sieves' protocol, i.e. ManageSieve with TLS from the start. It doesn't exist by the standard. ManageSieve only uses the STARTTLS command. Leave out the ssl=yes here.
} ssl = required ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/imap.toppoint.de.pem ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv3 !SSLv2 userdb { driver = passwd } protocol lmtp { mail_plugins = sieve } protocol imap { ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_key = </etc/ssl/private/imap.toppoint.de.pem } protocol pop3 { ssl_cert = </etc/ssl/private/pop3.toppoint.de.crt ssl_key = </etc/ssl/private/pop3.toppoint.de.pem }
I see you have these set for imap and pop3, but not for "protocol sieve". Is that intentional?
Regards,
Stephan.
On 28.10.2016 10:18, Stephan Bosch wrote:
Hello,
If you don’t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message: dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven’t enabled ssl for managesieve-login. I must say I don't really know what that error means. I see a few things
Op 10/27/2016 om 9:55 PM schreef Moritz Fago: though:
Infos according to http://www.dovecot.org/bugreport.html:
Filesystem: ext4 doveconf -n: # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 auth_default_realm = toppoint.de auth_mechanisms = plain login auth_username_format = %Ln mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = dovecot driver = pam } plugin { sieve = ~/.sieve/dovecot.sieve sieve_dir = ~/.sieve } protocols = " imap lmtp sieve pop3" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 ssl = yes } This means that you're making a 'sieves' protocol, i.e. ManageSieve with TLS from the start. It doesn't exist by the standard. ManageSieve only uses the STARTTLS command. Leave out the ssl=yes here.
} ssl = required ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/imap.toppoint.de.pem ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv3 !SSLv2 userdb { driver = passwd } protocol lmtp { mail_plugins = sieve } protocol imap { ssl_cert = </etc/ssl/private/imap.toppoint.de.crt ssl_key = </etc/ssl/private/imap.toppoint.de.pem } protocol pop3 { ssl_cert = </etc/ssl/private/pop3.toppoint.de.crt ssl_key = </etc/ssl/private/pop3.toppoint.de.pem } I see you have these set for imap and pop3, but not for "protocol sieve". Is that intentional?
Regards,
Stephan.
I can also see that imap.toppoint.de.crt is specified in main config body and inside imap protocol as well.
Aki
participants (3)
-
Aki Tuomi
-
Moritz Fago
-
Stephan Bosch