doveadm/doveconf as user tries and fails to read host key
jimc at jfcarter.net
Tue Aug 25 02:48:23 EEST 2020
On 2020-08-23 21:59, Arjen de Korte wrote:
> Citeren jimc <jimc at jfcarter.net>:
>> Failing version: dovecot23-22.214.171.124-1.1.x86_64 Install Date:
> This was mentioned before on this list. See
> https://dovecot.org/pipermail/dovecot/2020-August/119650.html how to
> solve this.
@Arjen, thanks for the quick and useful reply. I implemented it and it
works. For explicitness here's what I did: In /etc/dovecot/conf.d I put
these 3 files, most comments redacted:
# Everyone gets the dummy config that turns off SSL
# Only root can read this file (and the host key it mentions) (mode 600)
ssl = no
10-ssl.root: (owned by root, mode 600)
ssl = yes
ssl_key = </etc/ssl/private/hostw.key
# etc. etc. This is the original SSL configuration.
* Upgraded to dovecot23-126.96.36.199-1.1.x86_64 and friends, and restarted
* doveadm expunge mailbox Spam37 savedbefore 3day
As user: works. strace shows doveconf silently skips 10-ssl.root,
* doveadm who
My bad -- this command doesn't call doveconf, testing nothing.
* sleep 1 | openssl s_client -connect jacinth.jfcarter.net:143 -starttls
--or-- sleep 1 | openssl s_client -connect jacinth.jfcarter.net:993
Verify return code: 0 (ok) and TLS session ticket was granted for
both. Be careful to use the ports and hostname (IP) that the
firewall is expecting.
* Normal use from Roundcube: connects and gets/deletes mail normally.
TLS is required for this.
James F. Carter Email: jimc at jfcarter.net
Web: http://www.math.ucla.edu/~jimc (q.v. for PGP key)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the dovecot