[Dovecot] IMAP Proxying and SSL Certificates on OpenBSD
Hi list, I am currently trying to configure dovecot to act as a imap proxy in front of a Groupwise server. Because of a policy no services of the gw server may be directly served to the web. So currently this is only a security measure. Dovecot was previously used for providing sasl-auth capabilities to postfix. IMAP proxy features should be added now. Authentication backend is LDAP. OS is OpenBSD 5.2. Dovecot version is 2.1.8. Currently I am fighting with the following error in the logs:
dovecot: master: Dovecot v2.1.8 starting up
dovecot: auth: Warning: userdb passwd: Move templates args to override_fields setting
dovecot: auth: Error: passwd(username,78.104.X.X,
# openssl s_client -connect mail.example.com:143 -starttls imap CONNECTED(00000003) didn't found STARTTLS in server response, try anyway... 15096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_clnt.c:607: As postfix is already using the certificates, they should be okay ….
# dovecot -n # 2.1.8: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.2 i386 disable_plaintext_auth = no imapc_host = 10.0.0.2 mail_gid = vmail mail_home = /home/vmail/%u mail_location = imapc:~/imapc mail_uid = vmail passdb { args = scheme=plain-md5 username_format=%n /etc/dovecot/passwd driver = passwd-file } passdb { args = /etc/dovecot/dovecot-ldap.conf default_fields = userdb_imapc_user=%u userdb_imapc_password=%w driver = ldap } protocols = imap service auth { unix_listener /var/spool/postfix/private/auth { group = _postfix mode = 0660 user = _postfix } user = root } service imap-login { chroot = login } service pop3-login { chroot = login } ssl = no ssl_ca =
On 15.8.2013, at 20.23, dago@quantentunnel.de wrote:
dovecot: imap(username): Error: user username: Initialization failed: Initializing mail storage from mail_location setting failed: imapc: missing imapc_password .. passdb { args = /etc/dovecot/dovecot-ldap.conf default_fields = userdb_imapc_user=%u userdb_imapc_password=%w driver = ldap }
Here you are setting the userdb_* fields, which work only with userdb prefetch.
userdb { args = username_format=%n /etc/dovecot/passwd driver = passwd } userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap }
But you're not using userdb prefetch.
Thank you.. Sorry, seem to have missed that ... It's working now. Still any ideas on the SSL thing? STARTLS is not available and dovecot is not listening on 993. There is no info in the logs, even with verbose_ssl ... Certificates are working in postfix ... Thanks in advance! Best regards
Gesendet: Donnerstag, 15. August 2013 um 22:05 Uhr Von: "Timo Sirainen" tss@iki.fi An: "Dovecot Mailing List" dovecot@dovecot.org Betreff: Re: [Dovecot] IMAP Proxying and SSL Certificates on OpenBSD On 15.8.2013, at 20.23, dago@quantentunnel.de wrote:
dovecot: imap(username): Error: user username: Initialization failed: Initializing mail storage from mail_location setting failed: imapc: missing imapc_password .. passdb { args = /etc/dovecot/dovecot-ldap.conf default_fields = userdb_imapc_user=%u userdb_imapc_password=%w driver = ldap }
Here you are setting the userdb_* fields, which work only with userdb prefetch.
userdb { args = username_format=%n /etc/dovecot/passwd driver = passwd } userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap }
But you're not using userdb prefetch.
Am 15.08.2013 23:43, schrieb dago@quantentunnel.de:
Sorry, seem to have missed that ... It's working now. Still any ideas on the SSL thing?
STARTLS is not available and dovecot
have you configured ssl?
is not listening on 993
has nothiung to do with STARTTLS
There is no info in the logs, even with verbose_ssl ...
again: have you configureed it and if why not show how?
[root@testserver:~]$ cat /etc/dovecot/dovecot.conf | grep ssl # configure ssl ssl = yes ssl_cert =
Certificates are working in postfix ...
has *nothing* to do with dovecot
On 2013-08-15 5:43 PM, dago@quantentunnel.de dago@quantentunnel.de wrote:
Thank you..
Sorry, seem to have missed that ... It's working now. Still any ideas on the SSL thing?
STARTLS is not available and dovecot is not listening on 993. There is no info in the logs, even with verbose_ssl ... Certificates are working in postfix ...
Earlier you posted doveconf -n, wherein:
# dovecot -n # 2.1.8: /etc/dovecot/dovecot.conf # OS: OpenBSD 5.2 i386 <snip> ssl = no
So, maybe try enabling it?
--
Best regards,
*/Charles/*
participants (4)
-
Charles Marcus
-
dago@quantentunnel.de
-
Reindl Harald
-
Timo Sirainen