Bug with 2.2.29-1~auto+25 back to haunt me
Ralf Hildebrandt
Ralf.Hildebrandt at charite.de
Wed May 31 17:52:02 EEST 2017
After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings
this:
May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting
May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs
May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 2 secs): user=<>, rip=141.42.206.36, lip=141.42.206.11, TLS, session=<ze1A9dJQZ8yNKs4k>
# doveconf -n
# 2.2.devel (215fd61): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.devel (403042e)
# OS: Linux 4.4.0-71-generic x86_64 Ubuntu 16.04.2 LTS
auth_mechanisms = plain login
default_vsz_limit = 1 G
imapc_host = exchange-imap.charite.de
imapc_port = 993
imapc_ssl = imaps
imapc_ssl_verify = no
listen = *,::
mail_gid = imapproxy
mail_home = /home/imapproxy/%u
mail_location = imapc:~/imapc
mail_plugins = mail_log notify
mail_uid = imapproxy
passdb {
args = host=exchange-imap.charite.de port=993 ssl=imaps
default_fields = userdb_imapc_user=%u userdb_imapc_password=%w userdb_imapc_host=exchange-imap.charite.de userdb_imapc_ssl=imaps userdb_imapc_port=993
driver = imap
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap
service auth {
inet_listener {
address = 127.0.0.1
port = 12345
}
}
ssl = required
ssl_ca = </etc/ssl/certs/ca-certificates.crt
ssl_cert = </etc/dovecot/dovecot.pem
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = prefetch
}
verbose_proctitle = yes
So I added
ssl_ca_file = /etc/ssl/certs/ca-certificates.crt
But alas:
May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file
Gnarf! As you can see I do HAVE ssl_ca in my doveconf -n output!
ssl_ca = </etc/ssl/certs/ca-certificates.crt
So what gives?
--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt at charite.de | https://www.charite.de
More information about the dovecot
mailing list