For a 200kb task that runs once a day/week? I think you can just run this
certbot stuff under a different user, people are probably just to 'lazy' to
adapt this.
>
> if you put all that into docker you can mitigate the privilege issue -
> you only need to chown the letsencrypt files as needed
if you put all that into docker you can mitigate the privilege issue - you only
need to chown the letsencrypt files as needed while copying them to the
directories for the dovecot certificates.
Am 23. Januar 2025 um 09:34 schrieb "Marc via dovecot" mailto:dovecot@dovecot.org?to=%22Marc%20via%20
as root, you get blocked.
> -Original Message-
> From: Benny Pedersen via dovecot
> Sent: Thursday, 23 January 2025 09:27
> To: dovecot@dovecot.org
> Subject: Re: Fwd: Fwd: [OFFLIST] Re: connection refused, no error
> anywhere
>
> Marc via dovecot sk
they consider it and apply these changes.
> -Original Message-
> From: Marc
> Sent: Thursday, 23 January 2025 09:35
> To: 'Benny Pedersen' ; dovecot@dovecot.org
> Subject: RE: Fwd: Fwd: [OFFLIST] Re: connection refused, no error
> anywhere
>
> I have 0 is
Marc via dovecot skrev den 2025-01-23 09:21:
dovecot starts as root, and drops priveleges later, so group it non
rooted is a security problem on its own :)
certbot creates letencrypt pem files owned by root and grouped root,
only the private key cant be readed by other users then root
wtf le
>
> dovecot starts as root, and drops priveleges later, so group it non
> rooted is a security problem on its own :)
>
> certbot creates letencrypt pem files owned by root and grouped root,
> only the private key cant be readed by other users then root
>
wtf letsencrypt still requires root?? Wh
Robert Nowotny via dovecot skrev den 2025-01-22 20:16:
Hey Marco,
this is what to do:
dovecot starts as root, and drops priveleges later, so group it non
rooted is a security problem on its own :)
certbot creates letencrypt pem files owned by root and grouped root,
only the private key cant
ntrol over private keys prevents silent failures.
*Von:* Marco Fioretti via dovecot
*Gesendet:* Mittwoch, 22. Januar 2025 um 17:37 MEZ
*An:* Dovecot
*Betreff:* RE: Fwd: Fwd: [OFFLIST] Re: connection refused, no error anywhere
Hi Robert, and all.
As I mentioned in a previous replay, everything
On 22/01/2025 17:04, Marco Fioretti via dovecot wrote:
Il giorno mer 22 gen 2025 alle ore 17:51 Marc ha
scritto:
guess this is because the same certificates were used by the website,
which
I also have to rebuild next week. So I will have to add dovecot and the
httpd user to that group, I th
Il giorno mer 22 gen 2025 alle ore 17:51 Marc ha
scritto:
> > guess this is because the same certificates were used by the website,
> > which
> > I also have to rebuild next week. So I will have to add dovecot and the
> > httpd user to that group, I think. No?
> >
>
> No the other way around. Add
> guess this is because the same certificates were used by the website,
> which
> I also have to rebuild next week. So I will have to add dovecot and the
> httpd user to that group, I think. No?
>
No the other way around. Add dovecot to the acme group, the certs are the least
important.
Reinstall Dovecot (Last Resort)
> If all else fails:
>
> sudo apt purge dovecot-core dovecot-imapd
> sudo rm -rf /etc/dovecot # Backup first!
> sudo apt install dovecot-core dovecot-imapd
> Then rebuild your config from scratch.
>
> Let me know what you find in the logs or after testi
dovecot-core dovecot-imapd
Then rebuild your config from scratch.
Let me know what you find in the logs or after testing the minimal config.
*Von:* Marco Fioretti via dovecot
*Gesendet:* Mittwoch, 22. Januar 2025 um 00:32 MEZ
*An:* Dovecot
*Betreff:* FW: Fwd: [OFFLIST] Re: connection re
restarted dovecot. However, the output
of ss -tuln | grep 993 is still null.
What next? Thanks
-- Forwarded message -
Da: Robert Nowotny
Date: mar 21 gen 2025 alle ore 23:47
Subject: RE: Fwd: [OFFLIST] Re: connection refused, no error anywhere
To: Marco Fioretti
To resolve the
-- Forwarded message -
Da: Marco Fioretti
Date: mar 21 gen 2025 alle ore 19:33
Subject: Re: [OFFLIST] Re: connection refused, no error anywhere
To: Michael Peddemors
Hi Michel,
I cannot say which NGO it is. What I know is that everything with that
configuration was working fine
15 matches
Mail list logo
