[Dovecot] Config problem: want SSL + local roundcube
Hi,
Have used dovecot for many years, happy that it worked well without me needing to do anything much! But since the upgrade from v1 to v2.1.7-7 I've come across some config probs.
I want IMAP and to force TLS for all internet connections. However, I run RoundCube on the same server (over https) and this needs access too, but this doesn't need to be TLS because it's local anyway.
The auto-config update script made some changes, it added the following to force SSL.
service imap-login { inet_listener imap { port = 0 } }
ssl = required
But this seems to forbid the local roundcube service from logging in.
Can anyone help me with my config? I had a stab, adding the following, but it didn't work. Was a complete guess anyway!
remote 127.0.0.1 { ssl = no service imap-login { inet_listener imap { port = 143 } } }
Here's my full config:
# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-amd64 x86_64 Debian 7.2 ext3 auth_default_realm = artfulrobot.com log_timestamp = "%Y-%m-%d %H:%M:%S " mail_location = maildir:/home/virtual/%d/%n mail_privileged_group = mail passdb { args = username_format=%n /etc/exim4/virtual_domains/%d/passwords driver = passwd-file } protocols = imap service auth { unix_listener auth-client { group = Debian-exim mode = 0660 } user = root } service imap-login { inet_listener imap { port = 0 } } ssl = required ssl_cert = </etc/ssl/certs/mail.artfulrobot.com-with-chain.crt ssl_key = </etc/ssl/private/mail.artfulrobot.com.key userdb { args = uid=1001 gid=1001 driver = static } userdb { driver = passwd }
Thanks,
Rich
Am 05.11.2013 16:54, schrieb Rich:
Have used dovecot for many years, happy that it worked well without me needing to do anything much! But since the upgrade from v1 to v2.1.7-7 I've come across some config probs.
I want IMAP and to force TLS for all internet connections. However, I run RoundCube on the same server (over https) and this needs access too, but this doesn't need to be TLS because it's local anyway
does it hurt? no! does it hurt make the config more complex than needed? yes!
so leave roundcube use TLS on 127.0.0.1 and you are done you are not the first one seeking a solution for this non existing problem
On Tuesday, November 5, 2013 5:35:15 PM CEST, Rich wrote:
On 05/11/13 15:56, Reindl Harald wrote:
does it hurt? no!
My SSL certificate is of course invalid for 127.0.0.1 and I could not get RC to connect on port 993 for some reason (although that's probably for a RC mailing list, granted).
I guess the question is mostly "Why isn't RC connecting to your certificate's CN like everyone else"? Why 127.0.0.1, not example.com?
Am 05.11.2013 17:35, schrieb Rich:
On 05/11/13 15:56, Reindl Harald wrote:
does it hurt? no!
My SSL certificate is of course invalid for 127.0.0.1
have you tried that it matters or do you only guess?
http://trac.roundcube.net/ticket/1485771
and I could not get RC to connect on port 993 for some reason
http://trac.roundcube.net/wiki/Howto_Config
'default_host'
By default the login screen provides a text box where you need to enter the IMAP host which you want to connect to. This box can be hidden by setting one fixed IMAP host address:
$rcmail_config['default_host'] = 'localhost';
To use SSL/TLS connection, enter the hostname with prefix "ssl://" or "tls://"
And if you want a drop-down list like it's explained in the comments you need something like this:
$rcmail_config['default_host'] = array('mail.example.com', 'webmail.example.com', 'ssl://mail.example.com:993');
Ok, thanks for your time, let's end this thread. Seems it's probably more a RC thing than a Dovecot thing. Still can't get it to work (yes I'd already RTFM'ed and tried all the various RC config options) but happy to ask over at RC instead.
Thanks.
Rich
participants (3)
-
Benjamin Podszun
-
Reindl Harald
-
Rich