search for: snakeoil

...conf Error: ssl_key_file: Can't use /etc/ssl/private/ssl-mail.key: Permission denied Fatal: Invalid configuration in /etc/dovecot/dovecot.conf ~$ sudo ls -dl /etc/ssl/private/ssl-mail.key lrwxrwxrwx 1 root root 38 2013-11-27 08:35 /etc/ssl/private/ssl-mail.key -> /etc/ssl/private/ssl-cert-snakeoil.key Why is dovecot happily delivering mail to local accounts ( thats all i use atm) without being able to access the ssl key, and how can i fix this problem so i can run dovecot -n successfully. i have tried 'chown dovecot' etc but there was no change in dovecot -n output. Any and all...

...quot; passdb { driver = pam } plugin { fts = squat fts_squat = partial=4 full=10 mail_log_events = save delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size from subject } protocols = " imap" ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key userdb { driver = passwd } Thank you all -- peter

...em and to /etc/ssl/certs/dovecot.pem. next I get from managesieve-login, pop3-login and imap-login the following log entries: Fatal: Can't load private key file /etc/ssl/private/dovecot.pem: Key is for a different cert than /etc/ssl/certs/dovecot.pem some googling brought up the file ssl-cert-snakeoil.key in /etc/ssl/private and /etc/ssl/certs that some people change in that context. As I also have a symlink /etc/ssl/private/ssl-mail.key that points to /etc/ssl/private/ssl-cert-snakeoil.key I'm starting to be confused (even more). dovecot is using the dovecot.pem-files, who/what uses the ssl...

...dex.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob) From dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-25-generic i686 Ubuntu 10.04.1 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks: fcntl dotlock auth default: passdb: driver: pam userdb:...

...'t use /etc/ssl/private/ssl-mail.key: Permission > denied > Fatal: Invalid configuration in /etc/dovecot/dovecot.conf > > ~$ sudo ls -dl /etc/ssl/private/ssl-mail.key > lrwxrwxrwx 1 root root 38 2013-11-27 08:35 /etc/ssl/private/ssl-mail.key -> > /etc/ssl/private/ssl-cert-snakeoil.key You show us the symbolic link, which has all Unix permissions usually. The interessting file is the final target, e.g. /etc/ssl/private/ssl-cert-snakeoil.key if that is no symlink as well, and the permissions of all directories to it. For instance, Debian uses the perms for the private dir...

Good. I am going to focus on the IMAP configuration and worry about SMTP later. The following is the relevant documentation. This is very straightforward: https://doc.dovecot.org/admin_manual/ssl/dovecot_configuration/ My file 10-ssl.conf is untouched. However, this is the part that I would like to better understand: https://doc.dovecot.org/admin_manual/ssl/certificate_creation/ Before

...group = postfix } } service auth-worker { } service dict { unix_listener dict { } } -------------- main.cf smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no append_dot_mydomain = no readme_directory = no compatibility_level = 2 smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated def...

...pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service pop3-postlogin { executable = script-login /usr/local/etc/popafter.sh user = $default_internal_user } service pop3 { executable = pop3 pop3-postlogin } ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:EC...

...es >> } >> } >> service pop3-postlogin { >> executable = script-login /usr/local/etc/popafter.sh >> user = $default_internal_user >> } >> service pop3 { >> executable = pop3 pop3-postlogin >> } >> ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem >> ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-E...

...webmark.fr): maildir: data=/export/vmail/webmark.fr/info/Maildir dovecot: IMAP(info at webmark.fr): maildir: root=/export/vmail/webmark.fr/info/Maildir, index=/export/vmail/webmark.fr/info/Maildir, control=, inbox= My file dovecot.conf is the following. ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key mail_location = maildir:/export/vmail/%d/%u/Maildir mail_extra_groups = mail first_valid_uid = 5000 last_valid_uid = 5000 maildir_copy_with_hardlinks = yes disable_plaintext_auth = no mail_debug = yes protocols = imap pop3 protocol imap {...

...ead slapd.conf(5) for possible values loglevel 3 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb ####################################################################### # SSL: # Uncomment the following lines to enable SSL and use the default # snakeoil certificates. #TLSCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #TLSCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Chemin vers le certificat du serveur LDAP #TLSCertificateFile /etc/ldap/cert/servercert.pem # Chemin vers la clef priv??e du serveur LDAP #TLSCertificat...

...eating my own certificate (which I have done in the past for > my > old server), I am curious. Is there anything wrong with the one that > comes with the distribution? The certificate which comes with either dovecot, or your distribution (in Debian it's "/etc/ssl/certs/ssl-cert-snakeoil.pem") is a self signed certificate, which most clients will force you to accept (permanently, or temporarily). Personally I am using Lets Encrypt ( https://letsencrypt.org/) wildcard certificates (since I am not just using them for email purposes), and I have scripts that restart the relevant...

...l_domain = $myhostname smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth # TLS parameters . . Dovecot dovecot.conf ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key mail_location = maildir:/var/vmail/%d/%u/Maildir mail_extra_groups = mail first_valid_uid = 5000 last_valid_uid = 5000 maildir_copy_with_hardlinks = yes disable_plaintext_auth = no mail_debug = no dotlock_use_excl=yes protocols = imap pop3 p...

...I sure could use some help. Thanks much. I've included my relevant config info below -- Matthew Thorley dovecot --version 1.0.beta3 grep -v \# /etc/dovecot/dovecot.conf | grep -vE "^$" protocols = imaps pop3s listen = * ssl_disable = no ssl_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file = /etc/ssl/private/ssl-cert-snakeoil.key disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " login_user = dovecot mail_extra_groups = mail mail_debug = yes default_mail_env = maildir:/var/mail/%u protocol imap { } protocol pop3 { pop3_uidl_format = %v-%u...

...he lock file, but it keeps coming back. Any idea what else to do? This is the dovecot file: dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-28-server x86_64 Ubuntu 10.04.3 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group:...

Trying to get ACLs working, very basic setup: Virtual users are put into different acl_group via passdb. > u:{PLAIN}B::::::userdb_acl_groups=g The global acl file restricts what they can do. > * group-override=g > * group=g lr Shouldn't this mean, that the group rights override the user rights? The effect that I see though is, that the user "u" then may not do

...urn code: 18 (self signed certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready. The output of dovecot -n is: # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-23-generic x86_64 Ubuntu 10.04 LTS ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mbox_write_locks: fcntl dotlock auth default: passdb: driver: pam userdb: driver: passwd

On 09.03.2012 15:09, yahoo2 wrote: > Uncompressed FLAC is called WAV. really? ;-) the problem is that there is no standarized way to store metadata in a WAVE file, like with FLAC tags / vorbis comments in flac files.... greets KoS

...onvenience, but it is not > recommended (obviously) and in no way required. Getting a CA to sign a > CSR in no way exposes keys to that CA, and therefore not to any government. > > While there are weakness in the CA trust system, they aren't anything > related to replacing a snakeoil cert with one from Let's Encrypt. > > [rest of ignorant rant trimmed] Some facts for you, as obviously you have not understood what a CA is worth that is compromised by either hackers or "authorities". If you want to know more, read articles about closing of CA DigiNotar, like...

...mode = 0666 user = } } service imap-login { inet_listener imap { port = 143 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = avvmail } ssl = required ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128 :+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDE A:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/ssl-cert-snakeoil.k...