On 8/15/2010 5:06 PM, Marc Perkel wrote:
Since my old config had this:
protocols = imap imaps pop3 pop3s
ssl_cert_file = /usr/share/ssl/certs/imapd.pem
ssl_key_file = /usr/share/ssl/certs/imapd.pem
then the convert script should have added
ssl = yes
Just trying to document all the little issues as I find them.
We use SSL and the convert script didn't add ssl=yes but, as Timo said,
ssl=yes is the default. Anyway, without ssl=yes even existing, our SSL
worked from the start.
We did have a slight problem with the convert script though. As of 2.0,
dovecot uses a different chrooted user for the login processes. In
dovecot 1.2.x we were already doing the same thing in chrooting the
login processes; we know our security :) (We keep telling people on
here that defining the home directory for each user logging in is a
security must, for chrooting that user, as well as implementing the uid
and gid differences.)
Our dovecot 1.2 config, in the end of "auth default" had user=dauth,
which we used for the sockets in /var/run/dovecot, but this conflicted
with the new 2.0's authuser. Doveconf should have remove that user=dauth
but I don't think this will be an issue for anyone else unless they did
their own chrooting as well, which they should know how to undo.
Jerrale G.
SC Senior Admin
