Tim, Daniel, Aki, all. Problem solved. Well, sort of:
It is AppArmor.
I disabled AppArmor based on another sufferer's experience, and I
quote:
https://forums.opensuse.org/showthread.php/531740-Unexpected-pe
rmissions-issue-with-Dovecot
I have made some progress on solving this and tracked down the
problem to apparmor which is some sort of application based security
system.?
(How I wish Linux followed KISS principals, this appears to be
yet another security layer on top of the chmod/chown layer, and not an
intuitive/obvious thing either...)
So once again, a victim of political correctness. This was all more Scr
ewtape distraction:
There is nothing wrong with dovecot 3.2.1, there is nothing
wrong with my "configuration", I am not being rude, but AppArmor got
hosed by the OS upgrade.
https://www.suse.com/documentation/sles11/book_security/data/se
c_aaintro_enable.html
Tomorrow is another day, I'll fight the AppArmor alligator then. In the
meantime, on to that G&T! Woohoo! :-)
Thanks again to all.
Kind regards, Andy
On Sun, 2018-12-16 at 18:41 +0000, Tim Dickson wrote:> permissions should be 644 or 444 owned by root.
> if the permissions are too open, ssl/dovecot will refuse to load
> them.
> you may even see a message about it if you have verbose messages/
> check your sys logs.
> I had this problem once with certs that checked out fine, correct <
> in dovcot config but didn't load.
> chmod 644 /etc/ssl/certs/dovecot.cert /etc/ssl/private/dovecot.key
> fixed the problem
> regards, Tim
>
> On 16/12/2018 14:33, C. Andrews Lavarre wrote:
> > For what it's worth, this gives the server an A:
> > https://www.ssllabs.com/ssltest/analyze.html?d=mail.privustech.
> > com
> >
> > So there is no problem with the certificates and key...
> >
> > Thanks again.
> >
> > On Sun, 2018-12-16 at 09:19 -0500, C. Andrews Lavarre wrote:
> > > So it's something else.?
> ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20181216/2cb261ec/attachment.html>