[Dovecot] Dovecot 2.0 config bug with SSL certificate per protocol?

Andy Smith a.smith at ukgrid.net
Wed Apr 6 12:18:21 EEST 2011


   yesterday I upgraded Dovecot from 1.2 to 2.0.11. I'd seen that there was  
a config file converter to make the upgrade smooth so was expecting it to  
be pretty quick and easy. In the end I spent a long time trying to get it  
working as it just wouldn't listen on the ssl ports, imaps and pop3s. I am  
using per portocol SSL certificates, as I was in version 1.2. The part of  
my config is as follows (as generated by doveconf):

protocol imap {
   imap_client_workarounds = delay-newmail  tb-extra-mailbox-sep
   mail_plugins = fts fts_squat
   ssl = yes
   ssl_cert = </usr/local/etc/ssl.crt/imap.crt
   ssl_key = </usr/local/etc/ssl.key/imap.key
protocol pop3 {
   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
   pop3_uidl_format = %08Xu%08Xv
   ssl = yes
   ssl_cert = </usr/local/etc/ssl.crt/pop3.crt
   ssl_key = </usr/local/etc/ssl.key/pop3.key

But when I started dovecot it was only listening on the non SSL ports for  
IMAP and POP3. I went through many things, adding in a service imap-login  
section with the SSL port set via inet_listener and spent ages googling  
for how to get it to work. In the end it turns out it was that the global  
ssl setting was set to "no", but I hadn't enabled this previously as this  
requires that there are global SSL certificates, which I don't have; I  
have specific certs for IMAP and for POP3. Also this isn't how dovecot 1.2  
worked, there I specificed the protocols (pop3, pop3s, imap, imaps) and  
specificed the protocol certs and it worked.
Anyway, I ended up just specifiing my pop3 certs as the global certs, this  
is then redefined in the pop3 protcol section etc. The config seems to  
work, but to me all this doesn't seem logical and doesn't work like in  
dovecot 1.2.

Maybe this is something that can be cleaned up in the next version?

thanks Andy.

More information about the dovecot mailing list