search for: ssl_key_password

As this is my first message to this ML: Hello! I am using a password-protected SSL key for my dovecot MDA. When I tried to use the ssl_key_password configuration directive as follow: ssl_key_password = </path/to/passfile it did not work as I logged the following: dovecot: imap-login: Error: SSL: Stacked error: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt dovecot: imap-login: Fatal: Couldn't parse private ssl_...

...its iwn (potentioally enciphered) private key. I thus need to use the directive as port of a local_name block. I tried to create 2 blocks in 2 different files automatically loaded from conf.d: ### private.conf ### <-- prevented read permission for other than root:root local_name mydomain { ssl_key_password = mypass } ### 10-ssl.conf ### local_name mydomain { ssl_cert = <mycert sslkey = <mykey } But that failed with 'Couldn't open include file /etc/dovecot/conf.d/private.conf: Permission denied' Restricting rights directly on 10-ssl.conf failed with a similar error: 'Co...

Hi, On 2015-09-20 15:35, B. R. wrote: > As this is my first message to this ML: Hello! > > I am using a password-protected SSL key for my dovecot MDA. > When I tried to use the ssl_key_password configuration directive as > follow: > ssl_key_password = </path/to/passfile > it did not work as I logged the following: > dovecot: imap-login: Error: SSL: Stacked error: error:06065064:digital > envelope routines:EVP_DecryptFinal_ex:bad decrypt > dovecot: imap-login: Fatal:...

...th the same password protected certificate key. (doveconf -n -P shows the correct password.) ssl_ca = </usr/local/etc/site.keys/name_com.ca-bundle ssl_cert = </usr/local/etc/site.keys/name_com.crt ssl_dh = </usr/local/etc/dovecot/dh.pem ssl_key = </usr/local/etc/site.keys/name.com.key ssl_key_password = keypassword The password works with openssl. Changing the password on the key has no effect. Removing the password on the cert with openssl and running dovecot with the new key works. I installed on another system and I am experiencing the same results. The issue persists whether I install dove...

...rtificate key. (doveconf -n -P shows the correct password.) > > > ssl_ca = </usr/local/etc/site.keys/name_com.ca-bundle > ssl_cert = </usr/local/etc/site.keys/name_com.crt > ssl_dh = </usr/local/etc/dovecot/dh.pem > ssl_key = </usr/local/etc/site.keys/name.com.key > ssl_key_password = keypassword > > The password works with openssl. Changing the password on the key has no effect. Removing the password on the cert with openssl and running dovecot with the new key works. > > I installed on another system and I am experiencing the same results. The issue persists whet...

..._key = </etc/ssl/private/dovecot.pem # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often # world-readable, you may want to place this setting instead to a different # root owned 0600 file by using ssl_key_password = <path. #ssl_key_password = # PEM encoded trusted certificate authority. Set this only if you intend to use # ssl_verify_client_cert=yes. The file should contain the CA certificate(s) # followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem) #ssl_ca = # Request client to s...

...key file /etc/ssl/mailserver/mail.mydomain.tld.key: error:0906A068:PEM routines:PEM_do_header:bad password read My dovecot.conf has the following set. # Uncomment these if using SSL ssl_cert_file = /etc/ssl/mailserver/mail.mydomain.tld.crt ssl_key_file = /etc/ssl/mailserver/mail.mydomain.tld.key #ssl_key_password = #ssl_ca_file = /etc/ssl/mailserver/ca/mydomain.pem #ssl_verify_client_cert = yes ssl_parameters_regenerate = 168 verbose_ssl = no I have been playing about with it all for about 3 hours now and would greatly appreciate any help ;) Regards Adam -------------------------------------------------...

...er = pam > } > passdb { > args = scheme=CRYPT username_format=%u /etc/dovecot/users > driver = passwd-file > } > ssl_ca = </etc/dovecot/ssl/iMove_2011_CAcert.pem > ssl_cert = </etc/dovecot/ssl/postal_cert.pem > ssl_key = </etc/dovecot/ssl/postal_key+req.pem > ssl_key_password = ******** > ssl_parameters_regenerate = 12 > userdb { > driver = passwd > } > userdb { > args = username_format=%u /etc/dovecot/users > driver = passwd-file > } > verbose_proctitle = yes > protocol imap { > ssl_cert = </etc/dovecot/ssl/imap_cert.pem >...

...am new to Dovecot and I am using version1.2.12. I have included the dovecot -n output: root at ubuntuSnoopBear:/home/scott# dovecot -n \# 1.2.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.35-22-generic-pae i686 Ubuntu 10.10 log_timestamp: %Y-%m-%d %H:%M:%S protocols: pop3 pop3s listen: 995 ssl_key_password: nerdie1tech login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/pop3-login login_greeting: pilotalknet.dyndns.org ready. mail_privileged_group: mail mbox_write_locks: fcntl dotlock mail_executable: /usr/lib/dovecot/pop3 mail_plugin_dir: /usr/lib/dovecot/modules/pop3 auth default:...

...2.2 Mailbox is full ? quota_status_success = DUNNO ? quota_warning = storage=95%% quota-warning 95 %u ? quota_warning2 = storage=80%% quota-warning 80 %u } ssl_ca = /etc/ssl/certs/CA_Intermed_Lets_Encrypt.crt ssl_cert = </etc/ssl/certs/imap.mydomain.org.crt ssl_key =? # hidden, use -P to show it ssl_key_password =? # hidden, use -P to show it userdb { ? driver = passwd } userdb { ? driver = static } protocol lda { ? mail_plugins = notify replication quota } protocol imap { ? mail_plugins = notify replication quota imap_quota } -------------- next part -------------- An HTML attachment was scrubbed... U...

...2.3.4.1 imaps mail client stop working. I?ve applied necessary migration for ssl_dh (cf https://wiki.dovecot.org/Upgrading/2.3 <https://wiki.dovecot.org/Upgrading/2.3> ) but that was not enough. The workaround I?ve setup was to remove password protection from the ssl_key file. All tests with ssl_key_password parameter failled (direct password, <path-file-with-password) searching I?ve found a message reporting a problem with that parameter and Stephan said it was tracked internally as DOP-851 Hope this will help. Regards, Franck debian updade from dovecot-core:amd64 (1:2.2.34-2~bpo9+1, 1:2.3.4.1-...

...ota_warning = storage=95%% quota-warning 95 %u >> ? quota_warning2 = storage=80%% quota-warning 80 %u >> } >> ssl_ca = /etc/ssl/certs/CA_Intermed_Lets_Encrypt.crt >> ssl_cert = </etc/ssl/certs/imap.mydomain.org.crt >> ssl_key =? # hidden, use -P to show it >> ssl_key_password =? # hidden, use -P to show it >> userdb { >> ? driver = passwd >> } >> userdb { >> ? driver = static >> } >> protocol lda { >> ? mail_plugins = notify replication quota >> } >> protocol imap { >> ? mail_plugins = notify replicat...

...-master/master-service-ssl-settings.c index 4a05045..6b43f6c 100644 --- a/src/lib-master/master-service-ssl-settings.c +++ b/src/lib-master/master-service-ssl-settings.c @@ -44,7 +44,11 @@ static const struct master_service_ssl_settings master_service_ssl_default_setti .ssl_key = "", .ssl_key_password = "", .ssl_cipher_list = "ALL:!LOW:!SSLv2:!EXP:!aNULL", - .ssl_protocols = "!SSLv2", +#ifdef SSL_TXT_SSLV2 + .ssl_protocols = "!SSLv2 !SSLv3", +#else + .ssl_protocols = "!SSLv3", +#endif .ssl_cert_username_field = "commonName", .ssl_...

...ssl_cert_file = /etc/ssl/certs/server.pem ssl_key_file = /etc/ssl/private/private.key #ssl_key_password = #ssl_ca_file = #...

...onst struct master_service_ssl_settings *set) +{ + int nid = 0; +#if !defined(OPENSSL_NO_ECDH) && OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10002000L + EVP_PKEY *pkey; + const char *password; + EC_KEY *eckey; + EC_GROUP *ecgrp; + + password = *set->ssl_key_password != '\0' ? set->ssl_key_password : + getenv(MASTER_SSL_KEY_PASSWORD_ENV); + pkey = ssl_proxy_load_key(set->ssl_key, password); + if (pkey != NULL && + (eckey = EVP_PKEY_get1_EC_KEY(pkey)) != NULL && + (ecgrp = EC_KEY_get0_group(eckey)) != NULL) + nid = EC_GROU...

...t expect quick action. The server on the other hand is in my house.) dovecot -n output: # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38-11-generic i686 Ubuntu 11.04 log_timestamp: %Y-%m-%d %H:%M:%S ssl_cert_file: /etc/ssl/certs/lordbah.com.crt ssl_key_file: /etc/ssl/private/lordbah.com.key ssl_key_password: --redacted-- disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login login_process_per_connection: no login_processes_count: 5 login_max_processes_count: 20 verbose_proctitle: yes mail_privileged_group: mail mail_location: mbox:~*...

...6 user = vmail } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } } ssl_ca = </etc/ssl/dovecot/server.in.crt ssl_cert = </etc/ssl/dovecot/server.csr.rapid ssl_key = </etc/ssl/dovecot/server.key.rapid ssl_key_password = notshown userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } -- Nikola Derikonjic Sent with Sparrow (http://www.sparrowmailapp.com/?sig)

I'm working to get Dovecot 2.0.13 working along with qmail, Vpopmail and Squirrelmail on a Debian 6.0.2 system, Dovecot compiled, not from a package. Vpopmail has a widely known assigned user/group ID of 89 and is the owner of all the mail folders. Regardless of value of first_valid_uid (1, 89, other), Dovecot denies Squirrelmail connection, saying it can't allow access to UID 89.

...xes ? } ? unix_listener auth-userdb { ??? mode = 0777 ? } } service managesieve-login { ? inet_listener sieve { ??? port = 4190 ? } } ssl_cert = </etc/pki/dovecot/certs/mailbox.onlinepolicy.net.crt ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL ssl_key =? # hidden, use -P to show it ssl_key_password =? # hidden, use -P to show it ssl_protocols = !SSLv2 !SSLv3 userdb { ? driver = passwd } userdb { ? args = /etc/dovecot/conf.d/dovecot-sql.conf.ext ? driver = sql } protocol lmtp { ? info_log_path = ? log_path = ? mail_plugins = " sieve quota" } protocol sieve { ? info_log_path =...

...is makes Dovecot now RFC 2087 compliant. Hopefully this change doesn't break anyone's Dovecot-specific quota checking code.. + Added !include and !include_try directives to config file reader. Note that !include doesn't currently work with deliver. The main point here is that ssl_key_password can be placed to a different file with !include_try that deliver can just ignore. + More error/debug message logging improvements. - v1.1.6 gave "userdb didn't return a home directory" error at startup - Some config file parsers (deliver, passwd-file, acl, trash) ignored the...