Re: sieve-filter ignores -u argument
I have found the problem auth debug helped me sieve-filter -u test ``` Jan 27 03:38:03 mail dovecot: auth: Debug: master in: USER#0111#011test#011service=sieve-filter Jan 27 03:38:03 mail dovecot: auth: Debug: ldap(t...@domain.tld): Performing userdb lookup Jan 27 03:38:03 mail dovecot: auth: Debug: ldap(t...@domain.tld): user search: base=o=domains,dc=mail,dc=domain,dc=tld scope=subtree filter=(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=sieve-filter)(|(mail=t...@domain.tld )(&(enabledService=shadowaddress)(shadowAddress=t...@domain.tld fields=mail,mail,homeDirectory,mailboxFormat,mailboxFolder,mailQuota Jan 27 03:38:03 mail dovecot: auth: Debug: ldap(t...@domain.tld): no fields returned by the server Jan 27 03:38:03 mail dovecot: auth: ldap(t...@domain.tld): unknown user Jan 27 03:38:03 mail dovecot: auth: Debug: ldap(t...@domain.tld): Finished userdb lookup Jan 27 03:38:03 mail dovecot: auth: Debug: userdb out: NOTFOUND#0111 ``` doveadm user test ``` Jan 27 03:38:08 mail dovecot: auth: Debug: master in: USER#0111#011test#011service=doveadm#011debug Jan 27 03:38:08 mail dovecot: auth: Debug: ldap(t...@domain.tld): Performing userdb lookup Jan 27 03:38:08 mail dovecot: auth: Debug: ldap(t...@domain.tld): user search: base=o=domains,dc=mail,dc=domain,dc=tld scope=subtree filter=(&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=doveadm)(|(mail=t...@domain.tld )(&(enabledService=shadowaddress)(shadowAddress=t...@domain.tld fields=mail,mail,homeDirectory,mailboxFormat,mailboxFolder,mailQuota Jan 27 03:38:08 mail dovecot: auth: Debug: ldap(t...@domain.tld): result: mail=t...@domain.tld homeDirectory=/var/vmail/vmail1/domain.tld/t/r/a/test-2022.01.21.10.09.47/ mailQuota=1073741824 mailboxFolder=sdbox mailboxFormat=sdbox; mailboxFormat,homeDirectory,mailQuota,mail,mailboxFolder unused Jan 27 03:38:08 mail dovecot: auth: Debug: ldap(t...@domain.tld): Finished userdb lookup Jan 27 03:38:08 mail dovecot: auth: Debug: userdb out: USER#0111#011t...@domain.tld#011master_user=t...@domain.tld #011home=/var/vmail/vmail1/domain.tld/t/r/a/test-2022.01.21.10.09.47/#011mail=sdbox:~/sdbox/#011quota_rule=*:bytes=1073741824 ``` `(enabledService=sieve-filter)` is absent for users by default вт, 25 янв. 2022 г. в 20:21, Андрей Куницын : > Hm, looks like I misunderstood initial error sieve-filter(root): Fatal: > Unknown user > filter-sieve do not understand -u postma...@domain.tld > Where (root) is about who runs the command, not who is not found > > Anyway I've tried > > # cd > /var/vmail/vmail1/domain.tld/t/e/s/test-2022.01.22.05.55.26/sdbox/mailboxes/ > #sieve-filter -c /etc/dovecot/dovecot.conf -v > /var/vmail/sieve/dovecot.sieve INBOX > sieve-filter(root): Error: stat(/root/Maildir/tmp) failed: Permission > denied (euid=2000(vmail) egid=2000(vmail) missing +x perm: /root, dir owned > by 0:0 mode=0700) > sieve-filter(root): Fatal: Couldn't open source mailbox 'INBOX': Internal > error occurred. Refer to server log for more information. [2022-01-25 > 14:46:35] > > sudo -u vmail sieve-filter -c /etc/dovecot/dovecot.conf -v > /var/vmail/sieve/dovecot.sieve INBOX > > sieve-filter(vmail): Info: Mailbox created: INBOX > > /home/vmail/Maildir was created after that and not in the current > directory > > I've tried '-u test', '-u t...@domain.tld', '-u t...@mail.domain.tld' and > passed config '-c /etc/dovecot/dovecot.conf.' > And still got > Fatal: Unknown user > > How do sieve-filters understand virtual users? > > вт, 25 янв. 2022 г. в 18:31, Eric Wood : > >> I read the sieve-filter man page so I'll speculate. Granted, I still >> don't fully understand how sieve and virtual users work as I have never set >> this up. >> >> "postmaster" is an alias of root and "vmail" is probably just a directory >> name. So, from the root's command prompt, the environment variables >> probably aren't totally set up for sieve-filter to understand virtual users. >> >> So, working from the command prompt, you probably have to explicitly >> specify the .sieve path and leave off the -u argument >> >> # cd /location_of_virtual_user_INBOX >> # sieve-filter -v /opt/some_global_rules/sieve/managesieve.sieve INBOX >> >> Would is be great if seive-filter had an argument to understand the >> system's virual user's settings? Of course. I don't know why the >> developer haven't included it. >> >> -Eric >> >> On 1/24/2022 7:59 AM, Андрей Куницын wrote: >> >> Hello >> I try to test my sieve script, but found out that it is impossible to use >> a sieve-filter tool with virtual mail users. It always uses a real user >> name instead of passed via -u argument. >> >> >> # sieve-filter -v -u postmas...@domain.tld ~/sieve/managesieve.sieve >> INBOX >> sieve-filter(root): Fatal: Unknown user >> >> sudo -u vmail sieve-filter -u postmas...@domain.tld >> ~/sieve/managesieve.sieve INBOX >> sieve-filter(vmail): Fatal: Unknown user >
Dovecot installation problem (libssl_iostream_openssl.so is not portable!)
Hi there, i try to install dovecot from source with the following configuration: > ./configure --prefix=/test/core/dovecot --with-ssldir=/test/core/dovecot/tls the configuration runs fine with the following output at the end: > Install prefix . : /test/core/dovecot > File offsets ... : 64bit > I/O polling : epoll > I/O notifys : inotify > SSL : yes (OpenSSL) > GSSAPI . : no > passdbs : static passwd passwd-file shadow checkpassword > : -pam -bsdauth -ldap -sql > userdbs : static prefetch passwd passwd-file checkpassword > : -ldap -sql > CFLAGS . : -std=gnu99 -g -O2 -fstack-protector-strong > -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=keep > -mindirect-branch=keep -Wall -W -Wmissing-prototypes -Wmissing-declarations > -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast > -fno-builtin-strftime -Wstrict-aliasing=2 -I/test/dep/openssl/include > SYSTEMD : notify - /lib/systemd/system/dovecot.service > SQL drivers : > : -pgsql -mysql -sqlite -cassandra > Full text search : squat > : -lucene -solr But when i start to build (make) after a while i get the following error: > *** Warning: Linking the executable test-iostream-ssl against the loadable > module > *** libssl_iostream_openssl.so is not portable! > libtool: link: gcc -std=gnu99 -g -O2 -fstack-protector-strong > -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -mfunction-return=keep > -mindirect-branch=keep -Wall -W -Wmissing-prototypes -Wmissing-declarations > -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast > -fno-builtin-strftime -Wstrict-aliasing=2 -I/test/dep/openssl/include -o > .libs/test-iostream-ssl test-iostream-ssl.o > ./.libs/libssl_iostream_openssl.so ./.libs/libssl_iostream.a > ../lib-test/.libs/libtest.a ../lib/.libs/liblib.a -L/test/dep/openssl/lib64 > -lssl -lcrypto -ldl -Wl,-rpath -Wl,/test/core/dovecot/lib/dovecot > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `ERR_free_strings' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `ENGINE_cleanup' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `SSL_library_init' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `OBJ_cleanup' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `CRYPTO_cleanup_all_ex_data' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `OpenSSL_add_all_algorithms' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `SSL_CTX_set_tmp_rsa_callback' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `EVP_cleanup' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `SSL_load_error_strings' > /usr/bin/ld: ./.libs/libssl_iostream_openssl.so: undefined reference to > `SSL_CTX_need_tmp_RSA' > collect2: error: ld returned 1 exit status > make[3]: *** [Makefile:655: test-iostream-ssl] Error 1 > make[3]: Leaving directory '/test/tmp/dovecot-2.3.17.1/src/lib-ssl-iostream' > make[2]: *** [Makefile:573: all-recursive] Error 1 > make[2]: Leaving directory '/test/tmp/dovecot-2.3.17.1/src' > make[1]: *** [Makefile:702: all-recursive] Error 1 > make[1]: Leaving directory '/test/tmp/dovecot-2.3.17.1' > make: *** [Makefile:546: all] Error 2 I've searched for the error and find some posts about set explicitly CPPFLAGS and LDFLAGS and something about missing shared libraries of openssl. My openssl have shared libraries (libcrypto.so libssl.so ...) and the explicit use of CPPFLAGS and LDFLAGS to my openssl hasn't changed anything I use Openssl 3.0 but i've tested also 1.1.1m and 1.1.1g for example, same error! Dovecot is the latest 2.3.17.1 Can anyone help me with this please? Thanks!
Re: doveadm stateful backup
Hi all,
just wanted to mention that the backup process described below seems to
work. The 100 files gap is still about the same and I further
investigated the cause. It is related to the meta information like
indices and caches that are present in some but not all folders.
Counting only files that contain the sequence ,S= and even summing all
file sizes led to the same number and the exactly same size of raw mail
data.
I also didn't receive any notification about really failed backups,
therefore I believe that the backup works correctly.
Regards
Christian
On 09.01.2022 21:57, Christian wrote:
Hi all,
first: I'm using version 2.3.4.1
I manage some rather large imap mailboxes which I want to backup on a
regular basis. Some of them have relatively heavy traffic and one of
them is greater than 30GB in size.
I studied the docs for doveadm backup
(https://wiki2.dovecot.org/Tools/Doveadm/Sync) and even did some code
research to better understand the process.
The docs state that using stateful synchronization is the most
efficient way to synchronize mailboxes, therefore I chose this approach.
Highlevel overview:
- store a copy of the whole maildir in a separate directory
(/var/vmail/backup)
- backup to this directory once a minute (trying to make most use of
transaction logs) using the last state stored within a file
- create a backup once a day using tar (full, differential and
incremental ones) blocking the backup process of the before mentioned
step
I quite often receive notifications that doveadm backup returned an
exit code of 2, which should be quite normal. These notifications look
like that:
dsync(another_address@my.domain): Warning: Failed to do incremental
sync for mailbox INBOX, retry with a full sync (Modseq 171631 no
longer in transaction log (highest=177818, last_common_uid=177308,
nextuid=177309))
dsync(another_address@my.domain): Warning: Mailbox changes caused a
desync. You may want to run dsync again: Remote lost mailbox GUID
e9149d0ae4e02d53250526ca4352 (maybe it was just deleted?)
Synced another_address@my.domain successfully but missing some
changes. Took 3 seconds. Starting retry 1...
The first message seems to point out that the transaction log got
rolled and no more contains the messages from the backup dir, right? I
thought about setting mail_index_log_rotate_min_age to 1hour to
prevent rolling transaction logs too often, but abandoned this thought
and increased the backup interval to once a minute. The warnings still
appear so maybe my thoughts about transactions logs are wrong. The
second message seems less alarming to me.
How does doeveadm backup behave in such situations? Does it directly
fall back to a less efficient way of syncing mails? Does the state
store the information "retry with a full sync" and the next run uses
this mode? To investigate on this I simply measured runtimes an saw
that the second/retry run takes a bit longer (up to about 15 seconds)
to sync the dir.
I'm afraid of losing messages using my approach. Is it safe to always
use doveadm backup -s $state? Simply counting one maildirs files
within the live directory and the backup copy shows a 100 fewer files
within the backup dir although the script runs only since a few days.
For reference, see my backup script below.
Regards
Christian
#!/bin/bash
# * * * * * /root/bin/backup.sh --sync-only
# 12 2 1-7 * * test $(date +\%u) -eq 6 && /root/bin/backup.sh --full
# 12 2 8-31 * * test $(date +\%u) -eq 6 && /root/bin/backup.sh
--differential
# 12 2 * * * test $(date +\%u) -ne 6 && /root/bin/backup.sh
synconly=0
differential=0
fullbackup=0
if [ $# -gt 0 ] ; then
if [ "$1" == "--sync-only" ] ; then
synconly=1
elif [ "$1" == "--differential" ] ; then
differential=1
elif [ "$1" == "--full" ] ; then
fullbackup=1
fi
fi
basedir="/var/vmail/backup"
targetdir="/var/vmail/backup/done"
mailaddresses="one_address@my.domain another_address@my.domain
yet_another@my.domain"
if [ ! -d "$basedir" ] ; then
mkdir -p "$basedir"
chown vmail:vmail "$basedir"
fi
if [ ! -d "$targetdir" ] ; then
mkdir -p "$targetdir"
chown vmail:vmail "$targetdir"
fi
for mailaddr in ${mailaddresses} ; do
#echo "Creating backup for $mailaddr."
domainpart=${mailaddr#*@}
localpart=${mailaddr%%@*}
lockfile="$basedir/$mailaddr.lock"
statefile="$basedir/$mailaddr.state"
backupdir="$domainpart/$localpart/Maildir"
snapshotfile_full="$basedir/$mailaddr.full.snar"
snapshotfile="$basedir/$mailaddr.snar"
backup_basename="$basedir/${mailaddr}_$(date '+%Y%m%d_%H%M%S')"
(
if [ $synconly -eq 1 ] ; then
flock -xn 200
if [ $? -eq 1 ] ; then
# failed to acquire lock. Skip mailbox silently.
exit
fi
fi
# try to acquire exclusive lock for one minute
flock -xw 60 200
if [ $? -eq 1 ] ; then
echo "Failed to acquire write lock within 60 seconds. Skipping
$mailaddr."
exit
fi
retri
How to use virtual "All" and "Flagged" mailbox?
Hello,
I'm trying to use the virtual "All" and "Flagged" mailboxes as described in
15-mailboxes.conf.
The information here (
https://doc.dovecot.org/configuration_manual/virtual_plugin/) doesn't
really touch on how to actually interact with the virtual mailboxes.
My presumption is that when I mark an email message in the Inbox as FLAGGED
(and I can confirm the \Flagged flag has been set) then I should then be
able to either (1) see a copy of that message in the virtual.Flagged
folder, or (2) when I use an imap command to get the message nums or
whatever from the virtual.Flagged folder/mailbox, it should return the
message that is flagged in the inbox as a result.
Additionally, I'm presuming that for each new user that automatically gets
added, I would have to create my own script that would add the
dovecot-virtual file, dovecot doesn't do that on its own.
When I view the user's directory I see these folders were created:
---
[snippet]
drwxrwx---. 5 vmail vmail 135 Jan 25 17:01 .virtual.All/
drwxrwx---. 5 vmail vmail 158 Jan 25 17:14 .virtual.Flagged/
[.virtual.Flagged]# ll
total 20
drwxrwx---. 5 vmail vmail 158 Jan 25 17:14 ./
drwxrwx---. 20 vmail vmail 4096 Jan 25 17:33 ../
drwxrwx---. 2 vmail vmail6 Jan 25 16:58 cur/
-rw-rw. 1 vmail vmail 868 Jan 25 16:58 dovecot.index.cache
-rw-rw. 1 vmail vmail 384 Jan 25 17:01 dovecot.index.log
-rw-rw. 1 vmail vmail 51 Jan 25 17:01 dovecot-uidlist
-rw-r--r--. 1 vmail vmail8 Jan 25 17:14 dovecot-virtual
-rw-rw. 1 vmail vmail0 Jan 25 16:58 maildirfolder
drwxrwx---. 2 vmail vmail6 Jan 25 16:58 new/
drwxrwx---. 2 vmail vmail6 Jan 25 16:58 tmp
[.virtual.Flagged]# cat dovecot-virtual
*
flagged
---
Side note: This set-up uses the php-imap library to interact with Dovecot.
Any help, or just concept of how the virtual/All virtual/Flagged
directories work would be really appreciated.
CONFIGURATION:
dovecot -n
# 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf
# OS: Linux 4.18.0-348.2.1.el8_5.x86_64 x86_64 CentOS Linux release
8.5.2111 xfs
# Hostname: [DOMAIN REDACTED]
auth_debug = yes
auth_verbose = yes
auth_verbose_passwords = yes
first_valid_uid = 1000
lda_mailbox_autocreate = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n/Maildir
mail_plugins = " quota"
mbox_write_locks = fcntl
namespace {
location = virtual:/home/vmail/%d/%n/Maildir/virtual:LAYOUT=maildir++
prefix = virtual.
separator = .
type = private
}
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox virtual.All {
auto = create
comment = All my messages
special_use = \All
}
mailbox virtual.Flagged {
auto = create
comment = All my flagged messages
special_use = \Flagged
}
prefix = INBOX.
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
driver = pam
}
plugin {
quota = maildir:User quota
quota_grace = 10%%
quota_max_mail_size = 30M
quota_rule = *:storage=100M
quota_rule2 = INBOX.Trash:storage=+10M
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
}
protocols = imap pop3
service auth-worker {
user = root
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
service pop3-login {
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
service stats {
unix_listener stats-reader {
group = vmail
mode = 0660
user = vmail
}
unix_listener stats-writer {
group = vmail
mode = 0660
user = vmail
}
}
ssl = required
ssl_cert =
Errors: Failed to map transaction log, Corrupted transaction log, imeout (180s) while waiting for lock for transaction log
Hi all,
I am using dovecot-2.3.17_1 on FreeBSD system.
This server offers webmail, pop3 and imap access for users.
Today I am receiving several complaints from users about slowness and/or access
issues.
I checked on my /var/log/maillog and I see lots of:
Error: Timeout (180s) while waiting for lock for transaction log file
/var/domains/domain.it/username/Maildir/dovecot.list.index.log (WRITE lock held
by pid 84939)
Error: Corrupted transaction log file
/var/domains/domain.it/otherusername/Maildir/dovecot.list.index.log seq 2:
indexid changed: 1643184505 -> 1643205059 (sync_offset=0)
Error: Transaction log file
/var/domains/otherdomain.net/otheruser/Maildir/dovecot.list.index.log: marked
corrupted
Not all users seem affected. My mailbox, for example, is working fine.
I checked on my disks (this is a ZFS volume) and I didn't find errors/warnings.
Any suggestion?
This is my dovecot configuration:
# dovecot -n
# 2.3.17 (e2aa53df5b): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 13.0-RELEASE-p6 amd64 zfs
# Hostname: mailserver.domain.it
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
default_client_limit = 2000
default_process_limit = 500
default_vsz_limit = 512 M
disable_plaintext_auth = no
first_valid_gid = 125
first_valid_uid = 125
imap_id_log = *
mail_gid = 1003
mail_location = maildir:/mail/domains
mail_privileged_group = postfix
mail_uid = 1003
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
driver = sql
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
}
}
service imap {
process_limit = 1536
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl_cert =
Re: Sync via ssh fails when ssl is active
I have set privileges to 755 for letsencrypt/live and letsencrypt/archive and sync now seems to function properly. BUT, I shouldn't have to change privileges as it's a serious SECURITY issue. My *private* keys becomes visible to any user in the system. Dovecot obviously can access the cert when it comes to imap/ssl, then why does sync between dovecot servers require extended privileges to the same certs the server is already using? /Johan Pålsson Den 2022-01-25 kl. 14:35, skrev Christian Mack: Hello Am 20.01.22 um 16:32 schrieb Johan: Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission denied Check permission on /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem Kind regards, Christian Mack
Re: Sync via ssh fails when ssl is active
I realize I forgot some information... Im running Debian 11 on both servers and dovecot is installed using debian-packages, version 2.3.13 (89f716dc2) /Johan Pålsson Den 2022-01-20 kl. 16:32, skrev Johan: I have computers at two different locations and one computer running dovecot at each place. I sync my emails between these two servers using ssh and I haven't had any problems with this lately until I upgraded dovecot recently. I now get the following error at location "alfa" when trying to sync with dovecot at location "delta" Jan 20 16:13:09 doveadm: Error: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 16: ssl_cert: Can't open file /etc/letsencrypt/live/delta.oxyl.net/fullchain.pem: Permission denied Jan 20 16:13:09 dsync-local(jo...@oxyl.net): Error: read(vmail@192.168.119.12) failed: EOF (version not received) Jan 20 16:13:09 dsync-local(jo...@oxyl.net): Error: Remote command returned error 89: ssh -q -p 22 -o StrictHostKeyChecking=no -i /datastorage/epost/vmail/.ssh/id_ecdsa -lvmail 192.168.119.12 doveadm dsync-server -ujo...@oxyl.net Trying to sync from "delta" i get the same error but the domain is changed in the error-message to 'alfa.oxyl.net' I can read mail at both locations using STARTTLS. There is no error in dovecot.log when I restart the service. If I disable ssl and comment out ssl_cert/ssl_key in 10-ssl.conf I have no trouble performing sync between servers. If I run the ssh-command in the error-message as user vmail I get the same ssl-error as above. Any ideas how to solve this? /Johan Pålsson
Re: Received invalid SSL certificate: unable to get certificate CRL
Hi Laura, On Wed, 26 Jan 2022 at 12:09:04AM +, Laura Smith wrote: ‐‐‐ Original Message ‐‐‐ I thought that ssl_ca = Does ssl_ca even apply to dsync/imapc ? as I wrote: I cannot test your scenario and the link to the documentation I sent was only a rough idea. Looking at the docs its all about client certificate authentication ? Something which does not apply to my environment, and even if it did, it would not apply to dsync/imapc because I am initiating the connection, not the remote end ? In my understanding this parameter is not only about client certificate authentication. If you want, then please have a look at this: https://doc.dovecot.org/settings/core/#core_setting-ssl_ca [...] These CAs are also used by some processes for validating outgoing SSL connections, i.e. performing the same function as ssl_client_ca_file. [...] And that's why I wrote: it's worth a try (it takes only two minutes to test it ...). IMHO of course. If you don't want to test it, OK. But I have no further ideas, sorry. Regards, Markus
