Hi,
I have a self signed certificate for dovecot:
> [root@rakete] /etc/dovecot
> # ll
> insgesamt 12K
> -rwxr-xr-x 1 root root 1,7K 2026-01-09@09:56 dovecot.conf
> -rw-r----- 1 root root 1,4K 2026-01-09@09:54 dovecot.crt
> -rw-r----- 1 root root 1,7K 2026-01-09@09:54 dovecot.key
in dovecot.conf I have:
ssl_server {
cert_file = /etc/dovecot/dovecot.crt
key_file = /etc/dovecot/dovecot.key
}
This works fine for the evolution email client. But when I want to use
dovecot-lda as part
of my getmail6 config I get a permission denied:
# getmail --rcfile dogado-rc -n -v
getmail version 6.19.10
Copyright (C) 1998-2025 Charles Cazabon and others. Licensed under GPL-2.0.
SimpleIMAPSSLRetriever:[email protected]:993:
Delivery error (command dovecot-lda 1510042 error (89, doveconf: Fatal: Error in
configuration file /etc/dovecot/dovecot.conf line 51: cert_file:
open(/etc/dovecot/dovecot.crt) failed: Permission denied))
[INBOX] msg 1/1 (1392 bytes), delivery error (command dovecot-lda 1510042
error (89,
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 51:
cert_file:
open(/etc/dovecot/dovecot.crt) failed: Permission denied))
1 messages (1392 bytes) retrieved, 0 skipped
dogado-rc has this delivery section:
[destination]
type = MDA_external
path = /usr/lib/dovecot/dovecot-lda
arguments = ("-d", "matthias")
When I change ownership of the certificate files it works:
# chown root:matthias /etc/dovecot/dovecot.crt /etc/dovecot/dovecot.key
[root@rakete] /etc/dovecot
# ll /etc/dovecot/dovecot.crt /etc/dovecot/dovecot.key
-rw-r----- 1 root matthias 1,4K 2026-01-09@09:54 /etc/dovecot/dovecot.crt
-rw-r----- 1 root matthias 1,7K 2026-01-09@09:54 /etc/dovecot/dovecot.key
If I do not change permissions for dovecot.key I get a similar error for that
file too.
But can this be the solution? That would mean that I need to give read access
to the
crt/key file to every user who wants to use dovecot-lda. Is that correct?
Matthias
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
