Bugreport: managesieve-login won't start without a ssl-key

Aki Tuomi aki.tuomi at dovecot.fi
Fri Oct 28 07:28:11 UTC 2016


On 28.10.2016 10:18, Stephan Bosch wrote:
> Op 10/27/2016 om 9:55 PM schreef Moritz Fago:
>> Hello,
>>
>> If you don’t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message:  dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven’t enabled ssl for managesieve-login.
> I must say I don't really know what that error means. I see a few things
> though:
>
>> Infos according to http://www.dovecot.org/bugreport.html:
>>
>> Filesystem: ext4
>> doveconf -n:
>> # 2.2.13: /etc/dovecot/dovecot.conf
>> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6
>> auth_default_realm = toppoint.de
>> auth_mechanisms = plain login
>> auth_username_format = %Ln
>> mail_location = maildir:~/Maildir
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
>> namespace inbox {
>>   inbox = yes
>>   location =
>>   mailbox Drafts {
>>     special_use = \Drafts
>>   }
>>   mailbox Junk {
>>     special_use = \Junk
>>   }
>>   mailbox Sent {
>>     special_use = \Sent
>>   }
>>   mailbox "Sent Messages" {
>>     special_use = \Sent
>>   }
>>   mailbox Trash {
>>     special_use = \Trash
>>   }
>>   prefix =
>> }
>> passdb {
>>   args = dovecot
>>   driver = pam
>> }
>> plugin {
>>   sieve = ~/.sieve/dovecot.sieve
>>   sieve_dir = ~/.sieve
>> }
>> protocols = " imap lmtp sieve pop3"
>> service auth {
>>   unix_listener /var/spool/postfix/private/auth {
>>     group = postfix
>>     mode = 0660
>>     user = postfix
>>   }
>> }
>> service lmtp {
>>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>     group = postfix
>>     mode = 0600
>>     user = postfix
>>   }
>> }
>> service managesieve-login {
>>   inet_listener sieve {
>>     port = 4190
>>     ssl = yes
>>   }
> This means that you're making a 'sieves' protocol, i.e. ManageSieve with
> TLS from the start. It doesn't exist by the standard. ManageSieve only
> uses the STARTTLS command. Leave out the ssl=yes here.
>
>> }
>> ssl = required
>> ssl_cert = </etc/ssl/private/imap.toppoint.de.crt
>> ssl_cipher_list = HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES
>> ssl_dh_parameters_length = 2048
>> ssl_key = </etc/ssl/private/imap.toppoint.de.pem
>> ssl_prefer_server_ciphers = yes
>> ssl_protocols = !SSLv3 !SSLv2
>> userdb {
>>   driver = passwd
>> }
>> protocol lmtp {
>>   mail_plugins = sieve
>> }
>> protocol imap {
>>   ssl_cert = </etc/ssl/private/imap.toppoint.de.crt
>>   ssl_key = </etc/ssl/private/imap.toppoint.de.pem
>> }
>> protocol pop3 {
>>   ssl_cert = </etc/ssl/private/pop3.toppoint.de.crt
>>   ssl_key = </etc/ssl/private/pop3.toppoint.de.pem
>> }
> I see you have these set for imap and pop3, but not for "protocol
> sieve". Is that intentional?
>
> Regards,
>
> Stephan.

I can also see that imap.toppoint.de.crt is specified in main config
body and inside imap protocol as well.

Aki


More information about the dovecot mailing list