Bugreport: managesieve-login won't start without a ssl-key

Fri Oct 28 07:18:17 UTC 2016

Op 10/27/2016 om 9:55 PM schreef Moritz Fago:
> Hello,
>
> If you don’t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message:  dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven’t enabled ssl for managesieve-login.

I must say I don't really know what that error means. I see a few things
though:

> Infos according to http://www.dovecot.org/bugreport.html:
>
> Filesystem: ext4
> doveconf -n:
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6
> auth_default_realm = toppoint.de
> auth_mechanisms = plain login
> auth_username_format = %Ln
> mail_location = maildir:~/Maildir
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = dovecot
>   driver = pam
> }
> plugin {
>   sieve = ~/.sieve/dovecot.sieve
>   sieve_dir = ~/.sieve
> }
> protocols = " imap lmtp sieve pop3"
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>     group = postfix
>     mode = 0600
>     user = postfix
>   }
> }
> service managesieve-login {
>   inet_listener sieve {
>     port = 4190
>     ssl = yes
>   }

This means that you're making a 'sieves' protocol, i.e. ManageSieve with
TLS from the start. It doesn't exist by the standard. ManageSieve only
uses the STARTTLS command. Leave out the ssl=yes here.

> }
> ssl = required
> ssl_cert = </etc/ssl/private/imap.toppoint.de.crt
> ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES
> ssl_dh_parameters_length = 2048
> ssl_key = </etc/ssl/private/imap.toppoint.de.pem
> ssl_prefer_server_ciphers = yes
> ssl_protocols = !SSLv3 !SSLv2
> userdb {
>   driver = passwd
> }
> protocol lmtp {
>   mail_plugins = sieve
> }
> protocol imap {
>   ssl_cert = </etc/ssl/private/imap.toppoint.de.crt
>   ssl_key = </etc/ssl/private/imap.toppoint.de.pem
> }
> protocol pop3 {
>   ssl_cert = </etc/ssl/private/pop3.toppoint.de.crt
>   ssl_key = </etc/ssl/private/pop3.toppoint.de.pem
> }

I see you have these set for imap and pop3, but not for "protocol
sieve". Is that intentional?

Regards,

Stephan.