[Dovecot] dovecot 2.0 convert script
Jerrale G
jerralegayle at sheltoncomputers.com
Tue Aug 17 21:49:49 EEST 2010
On 8/15/2010 5:06 PM, Marc Perkel wrote:
> Since my old config had this:
>
> protocols = imap imaps pop3 pop3s
>
> ssl_cert_file = /usr/share/ssl/certs/imapd.pem
> ssl_key_file = /usr/share/ssl/certs/imapd.pem
>
> then the convert script should have added
>
> ssl = yes
>
> Just trying to document all the little issues as I find them.
>
>
We use SSL and the convert script didn't add ssl=yes but, as Timo said,
ssl=yes is the default. Anyway, without ssl=yes even existing, our SSL
worked from the start.
We did have a slight problem with the convert script though. As of 2.0,
dovecot uses a different chrooted user for the login processes. In
dovecot 1.2.x we were already doing the same thing in chrooting the
login processes; we know our security :) (We keep telling people on
here that defining the home directory for each user logging in is a
security must, for chrooting that user, as well as implementing the uid
and gid differences.)
Our dovecot 1.2 config, in the end of "auth default" had user=dauth,
which we used for the sockets in /var/run/dovecot, but this conflicted
with the new 2.0's authuser. Doveconf should have remove that user=dauth
but I don't think this will be an issue for anyone else unless they did
their own chrooting as well, which they should know how to undo.
Jerrale G.
SC Senior Admin
More information about the dovecot
mailing list