Doveadm error since when run as unprivileged user

Arjen de Korte build+dovecot at
Thu Aug 13 22:16:42 EEST 2020

Citeren Timo Sirainen <timo at>:

> On 13. Aug 2020, at 11.29, Timo Sirainen <timo at> wrote:
>> On 13. Aug 2020, at 11.00, Arjen de Korte  
>> <build+dovecot at> wrote:
>>> I allow users to run 'doveadm' for mailbox maintenance (to expunge  
>>> mail for instance). Since the upgrade to, this no longer  
>>> works and results in the following error message:
>>> doveconf: Fatal: Error in configuration file  
>>> /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: Can't open file  
>>> /etc/ssl/private/ Permission denied
>>> This is no surprise, as non-privileged users are not allowed to  
>>> read the private keys of the server. Question is, why is doveadm  
>>> trying to read this key in the first place (it is not needed for  
>>> mailbox maintenance) and why is it failing now?
>> There were some ssl setting handling cleanups in v2.3.11, which  
>> caused this. I guess the proper fix for this would be to split SSL  
>> client settings and SSL server settings. So doveadm would still  
>> read the SSL client settings without trying to read the SSL server  
>> settings and failing there.
> As a workaround, it should be possible to put the ssl_key into a  
> separate config file and use !Include_try for it. For example in  
> dovecot.conf:
> !include_try ssl-keys.conf

That will only work to include an optional configuration file and  
suppress errors if it doesn't exist. I put

ssl_key = </etc/ssl/private/

in a separate configuration file and it failed in a similar fashion,  
just with another filename.

More information about the dovecot mailing list