similar to: 10-ssl ssl = no but dovecot still reads certs

Working with SSL on fresh install of latest Ubuntu Artful + Dovecot seems broken somehow. Application is Dovecot listening for many SSL sites... Likely I've missed adding something simple to the config, related to local_name usage. Be great if someone can point out what I've missed, to setup multiple SSL certs for different host.domain entries in config. Thanks. _______ This works as

hello trying to install dovecot 2 on a fresh installed machine I get this error message : doveconf -n > dovecot-new.conf doveconf: Error: ssl enabled, but ssl_cert not set doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set the ssl config file look like the following : Thanks for any info. ## ## SSL settings ## # SSL/TLS

I don't understand how to use multiple keys/certs on different IPs without SNI. http://wiki2.dovecot.org/SSL/DovecotConfiguration explains how to use different keys for different protocols like POP3 and IMAP. But how to bind those keys/ on IPs/Ports? Looks like it is not possible to use ssl_cert inside service { inet_listener {} } Is it still necessary to run multiple instances like

Hello, is it possible to use differnent ssl certs for pop3 and imap ? I like to have differnet dnsnames for pop3 an imap services configured at customers clients. I tried to configure ssl_key and ssl_cert inside a <protocol>-login {} section but this failed. Of course I know sslcerts containing multiple dnsnames. But this seemes not a real, clean solution to me. Thanks, Andreas --

Hi, I've been trying to get dovecot2 running and kept having this error message: May 13 13:38:32 mail systemd[1]: Started Dovecot IMAP/POP3 email server. May 13 13:38:32 mail dovecot[2178]: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 61: Unknown setting: ssl # dovecot --build-options Build options: ioloop=epoll notify=inotify ipv6 openssl

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

Hi Stefan, My apologies for the long delay. Been ill. I tried this and had an error, # mv /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.bak # cp -p /usr/share/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/ # /etc/init.d/dovecot restart /var/log/daemon.log Jun 4 11:05:55 mail systemd[1]: Starting Dovecot IMAP/POP3 email server... Jun 4 11:05:55 mail systemd[1]: Started

Hi, I recognised some funny behaviour on my server. IMAP clients which won't send an Server Name Indication (SNI) sometimes get the wrong certificate. I would expect that those clients always get the default certificate (of my new domain), instead in about 20 to 50% of connections the certificate of my old domain will be presented. (sample rate was 3 times 30 connections) Clients sending SNI

# doveconf -a # 2.2.13: /etc/dovecot/dovecot.conf doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 6: Unknown setting: ssl doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 35: Invalid size: $default_vsz_limit # grep default_vsz_limit

Hi Aki, # dovecot --build-options Build options: ioloop=epoll notify=inotify ipv6 openssl io_block_size=8192 Mail storages: shared mdbox sdbox maildir mbox cydir imapc pop3c raw fail SQL driver plugins: mysql postgresql sqlite Passdb: checkpassword ldap pam passwd passwd-file shadow sql Userdb: checkpassword ldap(plugin) nss passwd prefetch passwd-file sql -- On June 5, 2017 8:59:08 AM

Hello, If you don?t have a ssl_key and ssl_cert configured in your dovecot config managesieve-login will fail to start with the following error message: dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY, even if you haven?t enabled ssl for managesieve-login. Infos according to

After upgrading to 2.31 I'm getting this error. Not sure what I'm doing wrong. No (No signatures could be verified because the chain contains only one certificate and it is not self signed.) ssl = yes ssl_cert = </etc/exim/certs/ctyme.com.crt ssl_key = </etc/exim/certs/ctyme.com.key ssl_ca = </etc/exim/certs/ca.crt local mail.ctyme.com { ? protocol imap { ??? ssl_cert =

Can you create file /etc/dovecot/conf.d/10-ssl.conf and type in 'ssl = yes' and nothing else? does it work after this? leave the default_vsz_limit off for now. Aki On 05.06.2017 10:34, Aki Tuomi wrote: > Can you remove the offending settings, and then send it? > > Aki > > > On 05.06.2017 10:30, Sophie Loewenthal wrote: >> # doveconf -a >> # 2.2.13:

Sophie ( ?? ?? ??) > On 5 Jun 2017, at 09:42, Matthias Sitte <matthias at familie-sitte.org> wrote: > > I have the feeling that the config file is incorrect and loading > subsequent files results in reading in entries at the wrong level? > > Could you attach the full 10-master.conf? > > Matthias > > > On 06/05/2017 09:30 AM, Sophie Loewenthal wrote:

I think you should post doveconf -n output. On 08/14/15 20:30, dravion.smith at gmx.net wrote: > > ### CORRECTION > Am 15.08.2015 um 03:22 schrieb dravion.smith at gmx.net: >> >> #### BUT #### >> If i try something like this in /etc/dovecot/conf.d/10-ssl.conf >> >> local imap.mydomain01.tld { >> protocol imap { >> ssl_cert = >>

Hello, while investigating a report from Jan-Piet Mens (resulting in http://wiki.powerdns.com/trac/changeset/3109), we discovered that NSD (both 3.2.15 and 4.0.0b4) compresses labels in RP content. As far as I can see, this is not allowed by RFC3597 section 4 paragraph 1/2. PowerDNS Recursor, like Unbound and BIND, now deals with this as 3597 section 4 paragraph 4 says we SHOULD. Nevertheless,

Hi Timo, I've got a weird problem on our dovecot. We're trying to setup private shared folder access. I have 2 users. tom at mailbox.com and system at mailbox.com. I have set the ACL's on all the folders (and subfolders) on system at mailbox.com. However, I'm not getting any of them listed when I check tom at mailbox.com <mailto:tom at mailbox.com's> 's IMAP

Hi, In my 1.2 setup I have pop3 running on ip x.x.x.2 and imap on x.x.x.7 In 2.0 how do I say listen x.x.x.2:110 x.x.x.7:143 so that pop3 is not listening on the .7 ip? I tried putting a listen = ip in the listener section but it complained. I cant figure it out and cant seem to find any 2.0 specific documentation, trying to search in the wiki directory of /usr/local/share/doc/dovecot/wiki but

Hello, I'm using dovecot v2.0.21. According to http://wiki2.dovecot.org/SSL/DovecotConfiguration,dovecot 2.x supports different SSL certificate for different virtual hosts by using "local_name" directive, but I can't get it to work. When testing the certificate using "openssl s_client -connect domain.com:pop3s" I get the default certificate instead of

* Aki Tuomi <aki.tuomi at dovecot.fi>: > > > On 20.03.2017 14:30, Ralf Hildebrandt wrote: > > ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt > > Leave the < out. It is misleading, I know, but it does say file. =) Makes no difference: # doveconf |fgrep ssl_client_ca ssl_client_ca_dir = ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt and with