Am 14.08.2015 um 13:22 schrieb dravion.sm...@gmx.net:
Hi,
I want to say hello and here is my big problem ;D
Iam trying to archive a Postfix/Dovecot 2.2.10 CentOS7 Multidomain Setup
with multiple (valid
StartSSL Certs), but iam only able to run a single Domain Cert server only.
ps: I need a multiple domainssetup for every customer and it is not an
option for me redirecting any email
to a single domain server. I really need this setup working.
IMHO: I think it SELinux could interfere with multiple Certs in diffrent
folders (it is activated in CentOs7 by
default and is needed by other apps)
What have you done to exclude that SELinux interferes?
Run "ausearch -m avc" to check for AVCs.
Ok, here is my logfile data:
systemctl start postfix.service [OK]
systemctl start dovecot.service [OK]
/var/log/messages
*systemd: Stopping Dovecot IMAP/POP3 email server...
*systemd: Starting Dovecot IMAP/POP3 email server...
*systemd: Started Dovecot IMAP/POP3 email server.
/var/log/maillog
*dovecot: master: Dovecot v2.2.10 starting up for imap, pop3, lmtp (core
dumps disabled)
### This works (Thunderbird, Outlook 2013, Opera Mail ect.) ####
local mydomain01.tld {
protocol imap {
ssl_cert =
</etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.crt.pem
ssl_key =
</etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.key.pem
}
}
You are leaving the terrain of your distribution. That's not the
intended path. /etc/pki/tls/{certs,private}/ is.
### this 10-ssl.conf ### --- FAILS (the error occurs after an email
client accesses IMAP Folders)
local mydomain01.tld {
protocol imap {
ssl_cert =
</etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.crt.pem
ssl_key =
</etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.key.pem
}
}
local mydomain02.tld {
protocol imap {
ssl_cert =
</etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.crt.pem
ssl_key =
</etc/ssl/domains/mydomain.tld/imap/imap.mydomain02.tld.key.pem
}
}
See above.
Why 2 times the same certificate pair files?
Make sure the permissions (and not only of the files itself) and the
SELinux context is set properly. You gave zero information about that.
/var/log/mailog ### Error log ###
Aug 14 12:50:38 matrix dovecot: imap-login: Fatal: Couldn't parse
private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line:
Aug 14 12:50:38 matrix dovecot: master: Error: service(imap-login):
command startup failed, throttling for 60 secs
The key file contains "-----BEGIN PRIVATE KEY-----" as first line and
"-----END PRIVATE KEY-----" as last line?
I really dont know why a single domain is no problem but if i enable
multiple domains dovecots
start with any error, even if i set debug verbose leven to extrem high
but if i access dovecot with
Thunderbird my server loggile explodes with something like this Couldn't
parse private ssl_key: error:0906D06C:PEM but the certs are 100% valid
and checked over and over again.
Any help is greatly appreciated!
Greetings,
Dravion
Alexander
