Bugreport: managesieve-login won't start without a ssl-key
Aki Tuomi
aki.tuomi at dovecot.fi
Fri Oct 28 07:28:11 UTC 2016
On 28.10.2016 10:18, Stephan Bosch wrote:
> Op 10/27/2016 om 9:55 PM schreef Moritz Fago:
>> Hello,
>>
>> If you don’t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message: dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven’t enabled ssl for managesieve-login.
> I must say I don't really know what that error means. I see a few things
> though:
>
>> Infos according to http://www.dovecot.org/bugreport.html:
>>
>> Filesystem: ext4
>> doveconf -n:
>> # 2.2.13: /etc/dovecot/dovecot.conf
>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6
>> auth_default_realm = toppoint.de
>> auth_mechanisms = plain login
>> auth_username_format = %Ln
>> mail_location = maildir:~/Maildir
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
>> namespace inbox {
>> inbox = yes
>> location =
>> mailbox Drafts {
>> special_use = \Drafts
>> }
>> mailbox Junk {
>> special_use = \Junk
>> }
>> mailbox Sent {
>> special_use = \Sent
>> }
>> mailbox "Sent Messages" {
>> special_use = \Sent
>> }
>> mailbox Trash {
>> special_use = \Trash
>> }
>> prefix =
>> }
>> passdb {
>> args = dovecot
>> driver = pam
>> }
>> plugin {
>> sieve = ~/.sieve/dovecot.sieve
>> sieve_dir = ~/.sieve
>> }
>> protocols = " imap lmtp sieve pop3"
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0660
>> user = postfix
>> }
>> }
>> service lmtp {
>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> group = postfix
>> mode = 0600
>> user = postfix
>> }
>> }
>> service managesieve-login {
>> inet_listener sieve {
>> port = 4190
>> ssl = yes
>> }
> This means that you're making a 'sieves' protocol, i.e. ManageSieve with
> TLS from the start. It doesn't exist by the standard. ManageSieve only
> uses the STARTTLS command. Leave out the ssl=yes here.
>
>> }
>> ssl = required
>> ssl_cert = </etc/ssl/private/imap.toppoint.de.crt
>> ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES
>> ssl_dh_parameters_length = 2048
>> ssl_key = </etc/ssl/private/imap.toppoint.de.pem
>> ssl_prefer_server_ciphers = yes
>> ssl_protocols = !SSLv3 !SSLv2
>> userdb {
>> driver = passwd
>> }
>> protocol lmtp {
>> mail_plugins = sieve
>> }
>> protocol imap {
>> ssl_cert = </etc/ssl/private/imap.toppoint.de.crt
>> ssl_key = </etc/ssl/private/imap.toppoint.de.pem
>> }
>> protocol pop3 {
>> ssl_cert = </etc/ssl/private/pop3.toppoint.de.crt
>> ssl_key = </etc/ssl/private/pop3.toppoint.de.pem
>> }
> I see you have these set for imap and pop3, but not for "protocol
> sieve". Is that intentional?
>
> Regards,
>
> Stephan.
I can also see that imap.toppoint.de.crt is specified in main config
body and inside imap protocol as well.
Aki
More information about the dovecot
mailing list