Nils
2012-Dec-06 09:13 UTC
[Dovecot] Removing configured SSL certificate file from disk while Dovecot is running spams syslog
Hi!
[root at mikan ~]# dovecot --version
2.1.12
When I remove the SSL certificate from disk while Dovecot is running, it
spams syslog with the following log message over and over:
Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration
file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file
/etc/ssl/private/dovecot.pem: No such file or directory
Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration
file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file
/etc/ssl/private/dovecot.pem: No such file or directory
Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration
file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file
/etc/ssl/private/dovecot.pem: No such file or directory
[...]
Reporting that the certificate went away is fine and useful, but
spamming the syslog over and over with hundreds of entries per second(!)
is annoying. :(
I know what I'm doing, so reporting it once per connection attempt or
something is enough. Even if Dovecot just decides to terminate, that
would be fine. But a denial of service attack on syslog is not nice.
Configuration output follows below.
All the best,
Nils
[root at mikan ~]# dovecot -n
# 2.1.12: /etc/dovecot/dovecot.conf
# OS: Linux 3.5.4-1-ARCH x86_64
auth_failure_delay = 5 secs
auth_mechanisms = plain login
auth_verbose = yes
listen = *,::
login_greeting mail_location = maildir:~/.maildir
namespace inbox {
inbox = yes
location mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix }
passdb {
driver = pam
}
protocols = pop3
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service pop3 {
process_limit = 10
}
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.key
userdb {
driver = passwd
}
protocol imap {
imap_idle_notify_interval = 2 mins
mail_max_userip_connections = 5
}
protocol pop3 {
mail_max_userip_connections = 5
pop3_logout_format pop3_save_uidl = no
pop3_uidl_format = %08Xu%08Xv
}
Timo Sirainen
2012-Dec-18 19:38 UTC
[Dovecot] Removing configured SSL certificate file from disk while Dovecot is running spams syslog
On Thu, 2012-12-06 at 18:13 +0900, Nils wrote:> [root at mikan ~]# dovecot --version > 2.1.12 > > When I remove the SSL certificate from disk while Dovecot is running, it > spams syslog with the following log message over and over: > > Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration > file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file > /etc/ssl/private/dovecot.pem: No such file or directory..> Reporting that the certificate went away is fine and useful, but > spamming the syslog over and over with hundreds of entries per second(!) > is annoying. :(Fixed: http://hg.dovecot.org/dovecot-2.1/rev/bc11033ef035