> In the logs it looks like this: > > ------------------------------------------------------- > Jan 13 15:22:30 mx0 dovecot: master: Dovecot v2.1.13 starting up (core dumps > disabled) > Jan 13 15:23:11 mx0 dovecot: auth: Debug: Loading modules from directory: > /usr/lib64/dovecot/auth > Jan 13 15:23:11 mx0 dovecot: auth: Debug: passwd-file > /etc/dovecot/master-users: Read 1 users in 0 secs > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_extended_operation_s > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_extended_operation > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_send_initial_request > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_new_connection 1 1 0 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_int_open_connection > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_connect_to_host: TCP > db.roessner-net.de:389 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_new_socket: 17 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_prepare_socket: 17 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_connect_to_host: Trying > 193.239.107.37:389 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_pvt_connect: fd: 17 tm: -1 > async: 0 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_open_defconn: successful > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_send_server_request > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_result ld 0x35d6dd481c0 msgid 1 > Jan 13 15:23:11 mx0 dovecot: auth: Error: wait4msg ld 0x35d6dd481c0 msgid 1 > (infinite timeout) > Jan 13 15:23:11 mx0 dovecot: auth: Error: wait4msg continue ld 0x35d6dd481c0 > msgid 1 all 1 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ** ld 0x35d6dd481c0 Connections: > Jan 13 15:23:11 mx0 dovecot: auth: Error: * host: db.roessner-net.de port: > 389 (default) > Jan 13 15:23:11 mx0 dovecot: auth: Error: refcnt: 2 status: Connected > Jan 13 15:23:11 mx0 dovecot: auth: Error: last used: Sun Jan 13 15:23:11 > 2013 > Jan 13 15:23:11 mx0 dovecot: auth: Error: > Jan 13 15:23:11 mx0 dovecot: auth: Error: > Jan 13 15:23:11 mx0 dovecot: auth: Error: ** ld 0x35d6dd481c0 Outstanding > Requests: > Jan 13 15:23:11 mx0 dovecot: auth: Error: * msgid 1, origid 1, status > InProgress > Jan 13 15:23:11 mx0 dovecot: auth: Error: outstanding referrals 0, parent > count 0 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ld 0x35d6dd481c0 request count 1 > (abandoned 0) > Jan 13 15:23:11 mx0 dovecot: auth: Error: ** ld 0x35d6dd481c0 Response Queue: > Jan 13 15:23:11 mx0 dovecot: auth: Error: Empty > Jan 13 15:23:11 mx0 dovecot: auth: Error: ld 0x35d6dd481c0 response count 0 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_chkResponseList ld > 0x35d6dd481c0 msgid 1 all 1 > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_chkResponseList returns ld > 0x35d6dd481c0 NULL > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_int_select > Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: ld 0x35d6dd481c0 msgid 1 > all 1 > Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: ld 0x35d6dd481c0 msgid 1 > message type extended-result > Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: ld 0x35d6dd481c0 0 new > referrals > Jan 13 15:23:11 mx0 dovecot: auth: Error: read1msg: mark request completed, > ld 0x35d6dd481c0 msgid 1 > Jan 13 15:23:11 mx0 dovecot: auth: Error: request done: ld 0x35d6dd481c0 > msgid 1 > Jan 13 15:23:11 mx0 dovecot: auth: Error: res_errno: 0, res_error: <>, > res_matched: <> > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_free_request (origid 1, msgid > 1) > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_parse_extended_result > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_parse_result > Jan 13 15:23:11 mx0 dovecot: auth: Error: ldap_msgfree > > > Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: could not use key file > `/etc/ssl/private/mx0.roessner-net.de.key.pem'. > Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: error:0200100D:system > library:fopen:Permission denied bss_file.c:398 > Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: error:20074002:BIO > routines:FILE_CTRL:system lib bss_file.c:400 > Jan 13 15:23:11 mx0 dovecot: auth: Error: TLS: error:140B0002:SSL > routines:SSL_CTX_use_PrivateKey_file:system lib ssl_rsa.c:648
strace shows also the permission problem: 6536 1020 munmap(0x769b665ae000, 4096) = 0 6537 1020 open("/etc/ssl/private/mx0.roessner-net.de.key.pem", O_RDONLY) = -1 EACCES (Permission denied) 6538 1020 write(2, "TLS: could not use key file `/et"..., 76) = 76 6539 991 <... epoll_wait resumed> {{EPOLLIN, {u32=2782493808, u64=17315795663984}}}, 27, -1) = 1 6540 1020 write(2, "TLS: error:0200100D:system libra"..., 74 <unfinished ...> 6541 991 gettimeofday( <unfinished ...> 6542 1020 <... write resumed> ) = 74 6543 991 <... gettimeofday resumed> {1358096769, 965239}, NULL) = 0 6544 1020 write(2, "TLS: error:20074002:BIO routines"..., 69 <unfinished …> Is there any some Linux command, where I could find out which user tries to open the cert file? -Christian Rößner -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich