Re: Multidomain / IP Address Setup (Dovevot 2.2.10 on CentOS7 ) is failing: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM
Am 15. August 2015 08:58:04 MESZ, schrieb "dravion.sm...@gmx.net" : > >Am 15.08.2015 um 08:16 schrieb Christian Kivalo: > >> [snip] >> >> Note that you will still need a top-level "default" ssl_key and >ssl_cert as well, or you will receive errors. >> >> in addition to your two domain specific ssl certs have you also >defined a "default" ssl_key and ssl_cert as required as required by the >documentation? >> >> regards >> - c > >Did you really read the wiki and thadt i allready said it was my main >source?? > >1) Domains works flawless >2) If i change the domainnames and certificates it works flawless >but >3) If i try (like described in the Wiki you posted) i get this > >"imap-login "parse private ssl_key: error:0906D06C:PEM" > >Its the fucking imap-login process screwing things up without any >reason if you try to configure it like >described in the damm wiki! provide your multi ssl doveconf -n output. - c
Re: Multidomain / IP Address Setup (Dovevot 2.2.10 on CentOS7 ) is failing: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM
Am 15.08.2015 um 09:04 schrieb Christian Kivalo: provide your multi ssl doveconf -n output. - c No. I leave this shit alone and running dovecot in multiinstance mode and now its works.
ipv4 imap not accepting connections in mixed ipv4/ipv6
I have two installations of dovecot 2.18, apart from the necessary
changes to allow them to replicate amongst themselves the configs are
identical. Both are running Ubuntu 14.04 and are kept up to date. One is
running 64bit and the other 32 bit (for historical reasons). Both have
ipv4 and ipv6 addresses.
The 64 bit installation allows access on port 143 and 993 on both ipv4
and ipv6.
The 32 bit installation does not allow access on 143 on ipv4, but allows
ipv4/ipv6 on 993.
Both installations happily allow connections to any other ports that
dovecot might be using on both ipv4/ipv6, as well as everything else
that is running (on other ports) on those machines.
There are firewalls, but no warning messages. Switching firewalls off
makes no difference.
Tcpdump shows the SYN packets arriving on the (correct) interface.
Any suggestions?
Dirk
# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8 (0c4ae064f307+)
# OS: Linux 3.13.0-61-generic i686 Ubuntu 14.04.3 LTS
auth_verbose = yes
doveadm_password = %Db234A!&.,@vc$
first_valid_uid = 2000
imapc_features = rfc822.size fetch-headers
imapc_host = post.tobit.co.uk
imapc_port = 993
imapc_ssl = imaps
imapc_ssl_verify = no
imapc_user = %n
lda_mailbox_autocreate = yes
login_greeting = IMAP ready.
mail_attachment_dir = %h/attachments
mail_attachment_min_size = 64 k
mail_location = mdbox:%h:INBOX=%h/mail
mail_plugins = " fts fts_lucene notify replication"
mail_prefetch_count = 20
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mdbox_rotate_size = 10 M
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
fts = lucene
fts_lucene = whitespace_chars=@.
mail_replica = tcps:
sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = postmas...@tobit.co.uk
protocols = " imap lmtp sieve sieve"
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
user = vmail
}
unix_listener replication-notify {
mode = 0666
user = vmail
}
}
service auth {
unix_listener exim-auth {
group = Debian-exim
mode = 0660
user = Debian-exim
}
}
service config {
unix_listener config {
mode = 0666
user = vmail
}
}
service doveadm {
inet_listener {
port = 23999
ssl = yes
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1
port =
}
unix_listener lmtp {
mode = 0666
}
user = vmail
}
service managesieve-login {
inet_listener sieve {
port =
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
service managesieve {
process_limit = 100
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0600
user = vmail
}
}
ssl_cert = <[key file]
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = <[key file]
ssl_protocols = !SSLv3 !SSLv2
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = sieve
}
Syncing two mail servers?
I currently have a mail server using Dovecot and sendmail. I was thinking I would like to have a backup of my mail and an additional server in case of hardware failure. Is it possible to run two identical or nearly identical server setups and sync the mail files between them? If it is possible, in general terms how would one go about this? Thanks, -- Knute Johnson
Re: Syncing two mail servers?
For sure Knute. Take a look at this: http://wiki2.dovecot.org/Replication I think a good implementation would be using a dovecot director layer + dovecot replication. On 08/15/2015 06:26 PM, Knute Johnson wrote: I currently have a mail server using Dovecot and sendmail. I was thinking I would like to have a backup of my mail and an additional server in case of hardware failure. Is it possible to run two identical or nearly identical server setups and sync the mail files between them? If it is possible, in general terms how would one go about this? Thanks,
Re: Multidomain / IP Address Setup (Dovevot 2.2.10 on CentOS7 ) is failing: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM
/etc/ssl $ sudo doveconf -n
# 2.2.15: /etc/dovecot/dovecot.conf
# OS: OpenBSD 5.7 amd64 ffs
auth_mechanisms = plain login
default_client_limit = 500
disable_plaintext_auth = no
first_valid_uid = 1000
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags
mail_location = maildir:/var/vmail/%d/%n/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave duplicate
mbox_write_locks = fcntl
mmap_disable = yes
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=BLF-CRYPT username_format=%n /etc/mail/users
driver = passwd-file
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
postmaster_address = postmaster@%d
protocols = imap pop3 lmtp sieve sieve
service auth {
unix_listener auth-userdb {
group = _smtpd
mode = 0666
user = _smtpd
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener lmtp {
mode = 0666
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
ssl_cert =
Am 15.08.2015 um 09:04 schrieb Christian Kivalo:
provide your multi ssl doveconf -n output. - c
No. I leave this shit alone and running dovecot in multiinstance mode
and now its works.
Re: Multidomain / IP Address Setup (Dovevot 2.2.10 on CentOS7 ) is failing: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM
Hi Ed, Interresting setup. I like the way you striped it all down to just one single file :-) But can you explain why you use globally: ssl_cert = I configured it the way you do, but within the default /etc/dovecot/confd structure but i had no luck. I testet local_name (SNI), local, local (dedicated IPv6 Address but had no lock Configinfo: 1) MTA (Postfix 2.10.1) and MDA (Dovecot 2.2.10) configured on IPv6 Addresses 2) The MTA and MDA are connected to MariaDB (the default MySQL replacement on CentOS7 now for virtual domains, users, passwords, aliaes ect 3) Postfix uses Dovecots SASL Implementation and Postfix and Dovecot talking via LMTP and UNIX Sockets. Details: ### yum info postfix ### Name: postfix Arch: x86_64 Epoche : 2 Version : 2.10.1 Release : 6.el7 Size: 12 M From: installed From Source : debian.n-ix.net_centos_7_os_x86_64_ Summary : Postfix Mail Transport Agent URL : http://www.postfix.org License : IBM and GPLv2+ Description : Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS ### yum info dovecot ### Name: dovecot Arch: i686 Epoche : 1 Version : 2.2.10 Ausgabe : 4.el7_0.1 Größe : 3.2 M Quelle : debian.n-ix.net_centos_7_os_x86_64_ Summary : Secure imap and pop3 server URL : http://www.dovecot.org/ Lizenz : MIT and LGPLv2 Description : Dovecot is an IMAP server for Linux/UNIX-like systems, written with security : primarily in mind. It also contains a small POP3 server. It supports mail : in either of maildir or mbox formats. Cheers, Drav
Re: Multidomain / IP Address Setup (Dovevot 2.2.10 on CentOS7 ) is failing: Fatal: Couldn't parse private ssl_key: error:0906D06C:PEM
>But can you explain why you use globally:
>
>ssl_cert = ssl_key =
>and certs for any additional Domain each?
>
>##
>local_name mail.pettijohn-web.com {
> ssl_cert =ssl_key = }
>##
he configured the top level "default" ssl_{cert,key} as requested by the
documentation
i may quote myself
>from the dovecot ssl wiki page
>http://wiki2.dovecot.org/SSL/DovecotConfiguration
>Multiple SSL certificates
>Different certificates per IP and protocol
>
>[snip]
>
>Note that you will still need a top-level "default" ssl_key and ssl_cert as
>well, or you will receive errors.
i think, but untested, this default ssl_{cert,key} are used for those clients
that don't support SNI (as with apache, which uses the cert of the first site).
>I configured it the way you do, but within the default
>/etc/dovecot/confd structure but
>i had no luck. I testet local_name (SNI), local, local
>(dedicated
>IPv6 Address but had no lock
it should make no difference whether you use one large config file or the
conf.d structure.
your doveconf -n output would really be helpful
regards
- c
>Configinfo:
>1) MTA (Postfix 2.10.1) and MDA (Dovecot 2.2.10) configured on IPv6
>Addresses
>2) The MTA and MDA are connected to MariaDB (the default MySQL
>replacement on CentOS7 now for virtual domains, users, passwords,
>aliaes ect
>3) Postfix uses Dovecots SASL Implementation and Postfix and Dovecot
>talking via LMTP and UNIX Sockets.
>
>Details:
>### yum info postfix ###
>Name: postfix
>Arch: x86_64
>Epoche : 2
>Version : 2.10.1
>Release : 6.el7
>Size: 12 M
>From: installed
> From Source : debian.n-ix.net_centos_7_os_x86_64_
>Summary : Postfix Mail Transport Agent
>URL : http://www.postfix.org
>License : IBM and GPLv2+
>Description : Postfix is a Mail Transport Agent (MTA), supporting LDAP,
>
>SMTP AUTH (SASL), TLS
>
>### yum info dovecot ###
>Name: dovecot
>Arch: i686
>Epoche : 1
>Version : 2.2.10
>Ausgabe : 4.el7_0.1
>Größe : 3.2 M
>Quelle : debian.n-ix.net_centos_7_os_x86_64_
>Summary : Secure imap and pop3 server
>URL : http://www.dovecot.org/
>Lizenz : MIT and LGPLv2
>Description : Dovecot is an IMAP server for Linux/UNIX-like systems,
>written with security
> : primarily in mind. It also contains a small POP3
>server. It supports mail
> : in either of maildir or mbox formats.
>
>Cheers,
>Drav
