Jeff A. Earickson
2006-Jul-02 17:05 UTC
[Dovecot] rc1: Questions about ssl-build-param!!??
Timo, My setup: Solaris 9, 1.0rc1, built like so: CC=gcc CFLAGS="-g -O" CPPFLAGS=-I/opt/openssl/include \ LDFLAGS=-L/opt/openssl/lib ./configure --prefix=/opt/dovecot.1.0rc1 \ --with-ssl=openssl --with-ssldir=/opt/openssl/ssl \ --with-sql-drivers=no --disable-ipv6 using gcc 4.1.0. Protocols are imap and imaps. My system paniced and crashed in the middle of the night, and after it came up the ssl-parameters.dat file was messed up.>From syslog:child 1965 (login) returned error 89 imap-login: Can't open SSL parameter file ssl-parameters.dat: Permission denied Nobody was getting their email via imap. So I removed the directories /opt/dovecot/var and /var/run/dovecot to get dovecot to rebuild the ssl-parameters.dat file. Questions: 1) Why on Earth does ssl-build-param take so long??!! (> 12 minutes on my E220R) What is it doing? How to speed this process up, and/or tune it? 2) Where does ssl-parameters.dat get written to? I found one copy in the /opt/dovecot/var/lib/dovecot directory, and one copy in /var/run/dovecot/login. Which copy gets used? 3) What are the permissions supposed to be for ssl-parameters.dat? The copy in /var/run was chown root:other and chmod 640. I could not get rid of the syslog "permission denied" until I made it chmod 644. 4) Likewise the directories /opt/dovecot/var and below get created chown root:other and chmod 750, with ssl-parameters.dat chmod 640. What should these perms be? Jeff Earickson Colby College
On Sun, 2006-07-02 at 13:05 -0400, Jeff A. Earickson wrote:> imap-login: Can't open SSL parameter file ssl-parameters.dat: Permission denied > > Nobody was getting their email via imap. So I removed the directories > /opt/dovecot/var and /var/run/dovecot to get dovecot to rebuild the > ssl-parameters.dat file. Questions:Yea, this was a problem if directories are in different filesystems..> 1) Why on Earth does ssl-build-param take so long??!! (> 12 minutes on > my E220R) What is it doing? How to speed this process up, and/or tune it?It does. :) But once it's created, it's by default updated only once a week. You can also disable updating it completely.> 2) Where does ssl-parameters.dat get written to? I found one copy in > the /opt/dovecot/var/lib/dovecot directory, and one copy in > /var/run/dovecot/login. Which copy gets used?Because some systems delete everything in /var/run at startup, I changed 1.0rc1 to write it first into /opt/dovecot/var/lib/dovecot and copy it from there to /var/run.> 3) What are the permissions supposed to be for ssl-parameters.dat? The > copy in /var/run was chown root:other and chmod 640. I could not get rid > of the syslog "permission denied" until I made it chmod 644.644 is fine. This copying is fixed in CVS.> 4) Likewise the directories /opt/dovecot/var and below get created > chown root:other and chmod 750, with ssl-parameters.dat chmod 640. > What should these perms be?Isn't it created with 644 in /opt/dovecot/var? It should be, and is with me.. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060702/94c4aab5/attachment.bin>