<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body><div>Tim, Daniel, Aki, all. Problem solved. Well, sort of:</div><div><br></div><div>It is AppArmor.</div><div><br></div><div>I disabled AppArmor based on another sufferer's experience, and I quote:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span><a href="https://forums.opensuse.org/showthread.php/531740-Unexpected-permissions-issue-with-Dovecot">https://forums.opensuse.org/showthread.php/531740-Unexpected-permissions-issue-with-Dovecot</a></div><div><span class="Apple-tab-span" style="white-space:pre"> </span><span style="color: rgb(51, 51, 51); font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; font-size: 13px; orphans: 2; widows: 2; background-color: rgb(254, 254, 254);"><i>I have made some progress on solving this and tracked down the problem to apparmor which is some sort of application based security system. </i></span></div><div><i style="margin: 0px; padding: 0px; border: 0px; outline: 0px; font-size: 13px; background-color: rgb(254, 254, 254); color: rgb(51, 51, 51); font-family: Verdana, Arial, Tahoma, Calibri, Geneva, sans-serif; orphans: 2; widows: 2;"><span class="Apple-tab-span" style="white-space:pre"> </span>(How I wish Linux followed KISS principals, this appears to be yet another security layer on top of the chmod/chown layer, and not an intuitive/obvious thing either...)</i></div><div><br></div><div>So once again, a victim of political correctness. This was all more <a href="https://truthcourage.org/index.php/truth-courage-commitment/top-view/meta-data/opinions/screwtape-moments/">Screwtape distraction</a>:</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>There is <i>nothing</i> wrong with dovecot 3.2.1, there is <i>nothing</i> wrong with my "configuration", I am <i>not</i> being rude, but AppArmor got hosed by the OS upgrade.</div><div><span class="Apple-tab-span" style="white-space:pre"> </span><a href="https://www.suse.com/documentation/sles11/book_security/data/sec_aaintro_enable.html">https://www.suse.com/documentation/sles11/book_security/data/sec_aaintro_enable.html</a></div><div><br></div><div>Tomorrow is another day, I'll fight the AppArmor alligator then. In the meantime, on to that G&T! Woohoo! :-)</div><div><br></div><div>Thanks again to all.</div><div><br></div><div>Kind regards, Andy</div><div><br></div><div>On Sun, 2018-12-16 at 18:41 +0000, Tim Dickson wrote:</div><blockquote type="cite">
permissions should be 644 or 444 owned by root.<br>
if the permissions are too open, ssl/dovecot will refuse to load
them.<br>
you may even see a message about it if you have verbose messages/
check your sys logs.<br>
I had this problem once with certs that checked out fine, correct
< in dovcot config but didn't load.<br>
chmod 644 /etc/ssl/certs/dovecot.cert /etc/ssl/private/dovecot.key<br>
fixed the problem<br>
regards, Tim<br>
<br>
<div class="moz-cite-prefix">On 16/12/2018 14:33, C. Andrews Lavarre
wrote:<br>
</div>
<blockquote type="cite" cite="mid:1544970790.4571.38.camel@gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div>For what it's worth, this gives the server an A:</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span><a href="https://www.ssllabs.com/ssltest/analyze.html?d=mail.privustech.com" moz-do-not-send="true">https://www.ssllabs.com/ssltest/analyze.html?d=mail.privustech.com</a></div>
<div><br>
</div>
<div>So there is no problem with the certificates and key...</div>
<div><br>
</div>
<div>Thanks again.</div>
<div><br>
</div>
<div>On Sun, 2018-12-16 at 09:19 -0500, C. Andrews Lavarre wrote:</div>
<blockquote type="cite">So it's something else. </blockquote>
</blockquote>
<br>
</blockquote></body></html>