[Dovecot] Removing configured SSL certificate file from disk while Dovecot is running spams syslog
Hi!
[root@mikan ~]# dovecot --version 2.1.12
When I remove the SSL certificate from disk while Dovecot is running, it spams syslog with the following log message over and over:
Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/private/dovecot.pem: No such file or directory Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/private/dovecot.pem: No such file or directory Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/private/dovecot.pem: No such file or directory [...]
Reporting that the certificate went away is fine and useful, but spamming the syslog over and over with hundreds of entries per second(!) is annoying. :(
I know what I'm doing, so reporting it once per connection attempt or something is enough. Even if Dovecot just decides to terminate, that would be fine. But a denial of service attack on syslog is not nice.
Configuration output follows below.
All the best,
Nils
[root@mikan ~]# dovecot -n # 2.1.12: /etc/dovecot/dovecot.conf # OS: Linux 3.5.4-1-ARCH x86_64 auth_failure_delay = 5 secs auth_mechanisms = plain login auth_verbose = yes listen = *,:: login_greeting = mail_location = maildir:~/.maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = pop3 service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { process_limit = 10 } ssl_cert = </etc/ssl/private/dovecot.pem ssl_key = </etc/ssl/private/dovecot.key userdb { driver = passwd } protocol imap { imap_idle_notify_interval = 2 mins mail_max_userip_connections = 5 } protocol pop3 { mail_max_userip_connections = 5 pop3_logout_format = pop3_save_uidl = no pop3_uidl_format = %08Xu%08Xv }
On Thu, 2012-12-06 at 18:13 +0900, Nils wrote:
[root@mikan ~]# dovecot --version 2.1.12
When I remove the SSL certificate from disk while Dovecot is running, it spams syslog with the following log message over and over:
Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/private/dovecot.pem: No such file or directory .. Reporting that the certificate went away is fine and useful, but spamming the syslog over and over with hundreds of entries per second(!) is annoying. :(
participants (2)
-
Nils
-
Timo Sirainen