Hi!

[root@mikan ~]# dovecot --version
2.1.12

When I remove the SSL certificate from disk while Dovecot is running, it spams syslog with the following log message over and over:

Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/private/dovecot.pem: No such file or directory Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/private/dovecot.pem: No such file or directory Dec 6 17:41:41 mikan dovecot: config: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/ssl/private/dovecot.pem: No such file or directory
[...]

Reporting that the certificate went away is fine and useful, but spamming the syslog over and over with hundreds of entries per second(!) is annoying. :(

I know what I'm doing, so reporting it once per connection attempt or something is enough. Even if Dovecot just decides to terminate, that would be fine. But a denial of service attack on syslog is not nice.

Configuration output follows below.

All the best,

Nils


[root@mikan ~]# dovecot -n
# 2.1.12: /etc/dovecot/dovecot.conf
# OS: Linux 3.5.4-1-ARCH x86_64
auth_failure_delay = 5 secs
auth_mechanisms = plain login
auth_verbose = yes
listen = *,::
login_greeting =
mail_location = maildir:~/.maildir
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
protocols = pop3
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
service pop3 {
  process_limit = 10
}
ssl_cert = </etc/ssl/private/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.key
userdb {
  driver = passwd
}
protocol imap {
  imap_idle_notify_interval = 2 mins
  mail_max_userip_connections = 5
}
protocol pop3 {
  mail_max_userip_connections = 5
  pop3_logout_format =
  pop3_save_uidl = no
  pop3_uidl_format = %08Xu%08Xv
}

Reply via email to