[Dovecot] Dovecot 2.0b4 configuration issue, listen config option?
Hi,
In my 1.2 setup I have pop3 running on ip x.x.x.2 and imap on x.x.x.7
In 2.0 how do I say listen x.x.x.2:110 x.x.x.7:143 so that pop3 is not listening on the .7 ip? I tried putting a listen = ip in the listener section but it complained. I cant figure it out and cant seem to find any 2.0 specific documentation, trying to search in the wiki directory of /usr/local/share/doc/dovecot/wiki but so far no help.
I realize I can firewall that off but I dont want to rely on that. Is this no longer possible?
Am 13.04.2010 22:23 schrieb Brandon Lamb:
Hi,
In my 1.2 setup I have pop3 running on ip x.x.x.2 and imap on x.x.x.7
In 2.0 how do I say listen x.x.x.2:110 x.x.x.7:143 so that pop3 is not listening on the .7 ip? I tried putting a listen = ip in the listener section but it complained. I cant figure it out and cant seem to find any 2.0 specific documentation, trying to search in the wiki directory of /usr/local/share/doc/dovecot/wiki but so far no help.
I realize I can firewall that off but I dont want to rely on that. Is this no longer possible?
that works for me:
service imap-login { inet_listener imap { address = imap01.t6-isa.de } inet_listener imaps { address = imap01.t6-isa.de } }
service pop3-login { inet_listener pop3 { address = pop01.t6-isa.de } inet_listener pop3s { address = pop01.t6-isa.de } } an in case you like different certs:
protocol imap { ssl = yes ssl_cert =
protocol pop3 { ssl = yes ssl_cert =
-- Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On Tue, Apr 13, 2010 at 10:36 PM, Andreas Schulze andreas.schulze@datev.de wrote:
Am 13.04.2010 22:23 schrieb Brandon Lamb:
Hi,
In my 1.2 setup I have pop3 running on ip x.x.x.2 and imap on x.x.x.7
In 2.0 how do I say listen x.x.x.2:110 x.x.x.7:143 so that pop3 is not listening on the .7 ip? I tried putting a listen = ip in the listener section but it complained. I cant figure it out and cant seem to find any 2.0 specific documentation, trying to search in the wiki directory of /usr/local/share/doc/dovecot/wiki but so far no help.
I realize I can firewall that off but I dont want to rely on that. Is this no longer possible?
that works for me:
service imap-login { inet_listener imap { address = imap01.t6-isa.de } inet_listener imaps { address = imap01.t6-isa.de } }
service pop3-login { inet_listener pop3 { address = pop01.t6-isa.de } inet_listener pop3s { address = pop01.t6-isa.de } } an in case you like different certs:
protocol imap { ssl = yes ssl_cert =
protocol pop3 { ssl = yes ssl_cert =
-- Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iJwEAQECAAYFAkvFVFgACgkQGXQ4Obkc43nWJwP9HOZ/A3q6SKIJKQL23we7KwVG hwmxiT6ayhy73s6oE5VKCSwSdNH452FPbQsB+Qg3lEvdmX7MhKDbNIc2N2qEGCPS CmED/q7V6ppQPaPeBw4tdfOMlCJ0EEsmYWFrIyakyQiRcDbLDsK/3D5VnAdLLxCS a5tXfsTxT1ZqZKvPv8w= =yx2R -----END PGP SIGNATURE-----
Ohhhh address, very good thank you!!
Am 14.04.2010 07:36 schrieb Andreas Schulze:
an in case you like different certs:
protocol imap { ssl = yes ssl_cert =
protocol pop3 { ssl = yes ssl_cert =
Hello Timo,
I like one service per ip/dnsname which needs one cert per service. If I have different certs I think the writing above is much clearer then writing one cert in the main configsection an overwrite it in one protocol section.
This is the real config for dovecot2b4 to have different certs:
ssl = yes ssl_cert =
Imagine the config if managesieve should use yet an oher cert... This is confusing while reading the config later.
my wish: use one cert/key pair for all services or allow ssl only in a protocol section
Andreas
-- Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On Thu, 2010-04-15 at 07:46 +0200, Andreas Schulze wrote:
ssl = yes ssl_cert =
Imagine the config if managesieve should use yet an oher cert... This is confusing while reading the config later.
my wish: use one cert/key pair for all services
I don't really understand what you're asking. You can use the same cert/key to all services, but of course that requires that either all of them use the same hostname or you use alt names. Or are you thinking something like:
ssl_cert =
i.e. %s expanding to imap, pop3, etc? Maybe that could be done..
or allow ssl only in a protocol section
I think you can do that already?
ssl = no protocol imap { ssl = yes .. }
Am 16.04.2010 13:19 schrieb Timo Sirainen:
or allow ssl only in a protocol section
I think you can do that already?
ssl = no protocol imap { ssl = yes .. } yes, this makes dovecot starting wihout errors, but *without* ssl listenport too :-(
-- Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
Am 16.04.2010 13:43 schrieb Andreas Schulze:
yes, this makes dovecot starting wihout errors, but *without* ssl listenport too :-(
protocols = imap pop3
service imap-login { inet_listener imap { address = imap01.t6-isa.de } inet_listener imaps { address = imap01.t6-isa.de } }
service pop3-login { inet_listener pop3 { address = pop01.t6-isa.de } inet_listener pop3s { address = pop01.t6-isa.de } }
protocol imap { # suggested by Timo ssl = yes ssl_cert =
protocol pop3 { # suggested by Timo ssl = yes ssl_cert =
################################################# # case 1: no error, but no listener ssl = no #ssl_cert =
# case 2: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set ssl = yes #ssl_cert =
# case 3: all works fine, but ssl_cert + ssl_key twice in the config ssl = yes ssl_cert =
Andreas
Andreas Schulze Internetdienste | P532
DATEV eG 90329 Nürnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 Nürnberg, Paumgartnerstr. 6-14 | Registergericht Nürnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Jörg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen
On Fri, 2010-04-16 at 13:43 +0200, Andreas Schulze wrote:
Am 16.04.2010 13:19 schrieb Timo Sirainen:
or allow ssl only in a protocol section
I think you can do that already?
ssl = no protocol imap { ssl = yes .. } yes, this makes dovecot starting wihout errors, but *without* ssl listenport too :-(
Oh. Hmm. That's a bit difficult to change. How about this then:
ssl = yes protocol pop3 { ssl = no }
service pop3 { inet_listener pop3s { port = 0 } }
On Tue, 2010-04-13 at 22:23 -0700, Brandon Lamb wrote:
Hi,
In my 1.2 setup I have pop3 running on ip x.x.x.2 and imap on x.x.x.7
In 2.0 how do I say listen x.x.x.2:110 x.x.x.7:143 so that pop3 is not listening on the .7 ip?
Did you try simply doing it the exact same way as with v1.2? It should have logged a few "obsolete setting" warnings, suggested how to change the config to new format, and finally just worked (and doveconf would have outputted the new format). If it didn't do that, send me your config and I'll fix it.
On Wed, Apr 14, 2010 at 5:27 AM, Timo Sirainen tss@iki.fi wrote:
On Tue, 2010-04-13 at 22:23 -0700, Brandon Lamb wrote:
Hi,
In my 1.2 setup I have pop3 running on ip x.x.x.2 and imap on x.x.x.7
In 2.0 how do I say listen x.x.x.2:110 x.x.x.7:143 so that pop3 is not listening on the .7 ip?
Did you try simply doing it the exact same way as with v1.2? It should have logged a few "obsolete setting" warnings, suggested how to change the config to new format, and finally just worked (and doveconf would have outputted the new format). If it didn't do that, send me your config and I'll fix it.
No I have been trying to not use the old config options, figure I might as well learn how to use the new stuff if this is the new thing.
participants (3)
-
Andreas Schulze
-
Brandon Lamb
-
Timo Sirainen