Re: error 42 ssl certificate expired
I got forcibly renewed my certs.
dovecot -nP:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.9.0-rc5-lja-tv+ x86_64 Ubuntu 20.04.2 LTS
# Hostname: superman.sillywalk.org
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3 lmtp
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = mail
mode = 0660
user = postfix
}
}
ssl_cert = The certs are working fine and are up to date. (Apache2 with same certs
for domains works ok)
I not know howto use openssl x509 -text command, if i run it like
echo "" | openssl x509 -text
I get loads of errors.
My distro:
Distributor ID: Ubuntu
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
Aki Tuomi kirjoitti 13.4.2021 klo 7:40:
Uh. You are practically proposing that all versions after 2.3.7.2 would
be serving expired SSL certs, due to some bug? It that was the case, then
I would believe we would've been inundated with bug reports for the past year or so. Installation probably breaks because you are using expired cert, from wrong path.
Doublecheck output of `doveconf -nP` and `openssl x509 -text` to make sure you
are indeed using correct, non-expired certificate.
Aki
On 13/04/2021 07:16 gmail wrote:
Hi,
I got news: dovecot is the one that is broken, i got setup all other
stuff updated to latest BUT not dovecot, and i got working system.
if I upgrade dovecot, the installation breaks. I'm using letencrypt's certs.
The version that is good is 2.3.7.2 (3c910f64b)
Heiko Schlittermann kirjoitti 12.4.2021 klo 23:20:
Hi,
In our case this is an internally used Dovecot Mail server that's used for
…
certificates worth the expense? Just curious on what everyone's opinion is
of Digital Certs signed by certificate authorities that are only used inside
the LAN. Thoughts?
Aki is right. On the long run it's easier to use "offcial" certs. Since
the advent of Let's encrypt it is cheap.
Of course, getting a certificate from Let's Encrypt for an internal
service isn't as easy as for a public HTTP server, but it is possible.
(We use a dedicated machine, requesting certs for all our internal
services, employing the DNS challenge with Let's Encrypt. From this
dedicated machine then we deploy the certs into our internal
infrastructure using https://gitea.schlittermann.de/heiko/cert-proxy.git)
I also tried creating new .crt and key files using this tutorial:
https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/
No need to use tech blogs. Use "man req" and brain.
openssl req -x509 -new \
-out ssl.pem \
-keyout ssl.pem -newkey rsa:4096 -nodes \
-subj /CN=example.com -days 365
(or two distinct files for crt and key).
Re: error 42 ssl certificate expired
Hi, I got news: dovecot is the one that is broken, i got setup all other stuff updated to latest BUT not dovecot, and i got working system. if I upgrade dovecot, the installation breaks. I'm using letencrypt's certs. The version that is good is 2.3.7.2 (3c910f64b) Heiko Schlittermann kirjoitti 12.4.2021 klo 23:20: Hi, In our case this is an internally used Dovecot Mail server that's used for … certificates worth the expense? Just curious on what everyone's opinion is of Digital Certs signed by certificate authorities that are only used inside the LAN. Thoughts? Aki is right. On the long run it's easier to use "offcial" certs. Since the advent of Let's encrypt it is cheap. Of course, getting a certificate from Let's Encrypt for an internal service isn't as easy as for a public HTTP server, but it is possible. (We use a dedicated machine, requesting certs for all our internal services, employing the DNS challenge with Let's Encrypt. From this dedicated machine then we deploy the certs into our internal infrastructure using https://gitea.schlittermann.de/heiko/cert-proxy.git) I also tried creating new .crt and key files using this tutorial: https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/ No need to use tech blogs. Use "man req" and brain. openssl req -x509 -new \ -out ssl.pem \ -keyout ssl.pem -newkey rsa:4096 -nodes \ -subj /CN=example.com -days 365 (or two distinct files for crt and key).
Re: Latest dovecot does not work with latest MUA (thunderbird)
Running and working installation by following:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.9.0-rc5-lja-tv+ x86_64 Ubuntu 20.04.2 LTS
# Hostname: superman.sillywalk.org
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %Ln
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3 lmtp
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = mail
mode = 0660
user = postfix
}
}
ssl_cert = mydestination = $myhostname $mydomain paxsudos.fi paxsudos.com
localhost.$mydomain localhost.localdomain localhost
mydomain = lja.fi
myhostname = mail.lja.fi
mynetworks = 127.0.0.0/8 192.168.1.0/24
myorigin = lja.fi
recipient_delimiter = +
relayhost = [smtp.dnainternet.net]:465
smtp_tls_ciphers = high
smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtp_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/letsencrypt/live/lja.fi/chain.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/lja.fi/fullchain.pem
smtpd_tls_ciphers = high
smtpd_tls_key_file = /etc/letsencrypt/live/lja.fi/privkey.pem
smtpd_tls_loglevel = 2
virtual_maps = hash:/etc/postfix/virtual
virtual_transport = lmtp:unix:private/dovecot-lmtp
WORKS LIKE A CHARM :) ... thank you for pointing me the lmtp :) ..
Works with Thunderbird 78.8.1 (latest release)
-- Lauri Jakku
Marc kirjoitti 15.3.2021 klo 10:43:
I assume you are refering to incomming mail. I had sometimes similar issues
with mbox and having sendmail deliver straight to the mbox file. When I
switched to delivering to lmtp, I never encountered it anymore. Just put this
lmtp inbetween.
-Original Message-
From: dovecot On Behalf Of gmail
Sent: 14 March 2021 23:30
To: dovecot@dovecot.org
Subject: Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38:
On 2021-03-14, lja@koti wrote:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
That's nowhere near the latest Dovecot.
Updated dovecot to bleeding edge, and still got same issue.
# 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS
# Hostname: superman.sillywalk.org
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
}
ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
I think i found cultpir: PAM is not compiled in, now i'm compiling new
version that has PAM in.
Marc kirjoitti 15.3.2021 klo 10.43:
I assume you are refering to incomming mail. I had sometimes similar issues
with mbox and having sendmail deliver straight to the mbox file. When I
switched to delivering to lmtp, I never encountered it anymore. Just put this
lmtp inbetween.
-Original Message-
From: dovecot On Behalf Of gmail
Sent: 14 March 2021 23:30
To: dovecot@dovecot.org
Subject: Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38:
On 2021-03-14, lja@koti wrote:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
That's nowhere near the latest Dovecot.
Updated dovecot to bleeding edge, and still got same issue.
# 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS
# Hostname: superman.sillywalk.org
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
}
ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
I think i found cultpir: PAM is not compiled in, now i'm compiling new version that has PAM in. Aki Tuomi kirjoitti 15.3.2021 klo 9.18: On 15/03/2021 00:33 gmail wrote: Stuart Henderson kirjoitti 14.3.2021 klo 23.38: > On 2021-03-14, lja@koti wrote: >> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf > That's nowhere near the latest Dovecot. > >Updated dovecot to bleeding edge, and still got same issue. # 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf Some basic debug things to do: Check your /var/log/dovecot*.log to see what happens with that folder. Also check the filesystem if "postfix" is really delivering mail to the Sent folder. Although normally MUA stores sent mails. Aki
Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38:
On 2021-03-14, lja@koti wrote: >> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf > That's nowhere
near the latest Dovecot. > > Updated dovecot to bleeding edge, and still
got same issue.
# 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS
# Hostname: superman.sillywalk.org
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
}
ssl_cert =
On 2021-03-14, lja@koti wrote:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
That's nowhere near the latest Dovecot.
Updated dovecot to bleeding edge, and still got same issue.
# 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS
# Hostname: superman.sillywalk.org
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
}
ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38:
On 2021-03-14, lja@koti wrote:
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
That's nowhere near the latest Dovecot.
Updated dovecot to bleeding edge, and still got same issue.
# 2.4.devel (b0f498b69): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 5.9.0-rc5 x86_64 Ubuntu 20.04.2 LTS
# Hostname: superman.sillywalk.org
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = plain
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = mail
mode = 0660
user = postfix
}
}
ssl_cert =
Re: Latest dovecot does not work with latest MUA (thunderbird)
Stuart Henderson kirjoitti 14.3.2021 klo 23.38: On 2021-03-14, lja@koti wrote: # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf That's nowhere near the latest Dovecot. Ok, i check where to get latest sources from and test.
Re: Massive /tmp files
On Jan 22, 2021, at 8:02 AM, @lbutlr wrote: > On 21 Jan 2021, at 18:08, MRob wrote: >> Hello, >> I just found user who has single folder (standard maildir format) that >> filled with over 8mil files and 800GB in the /tmp subdirectory of that >> folder: > > Are they real files or hard links? How would you distinguish a hard link from a “real file”? rg
Migrate maildir between servers dovecot
Hi to all, i have two servers with dovecot 2.2.15 one is actualy on production (server A) and another that i put on production soon (server B) My goal is migrate maildir from server A and server B. How can i achieve that? I read http://wiki2.dovecot.org/Migration/Dsync but i haven't understand well where to put such configuration (in which server). Thanks in advance for any help.
[Dovecot] disable auth-worker logging
Hello all, Can someone please give me a hint about how can I disable such messages to be inserted into log file(maillog this case as syslog_facility = mail)? >> dovecot: auth-worker(13377): mysql(localhost): Connected to database postfix All the '_debug' and '_verbose' statements bear the 'no' value. Thank you. -- Best regards, Gmail-teopro mailto:teo...@gmail.com
