Re: [Dovecot] CaCert certificate configuration help needed

2013-07-04 Thread gw1500se 
Got it. It seems that when Dovecot tries to create the user's local mail
directory, it attempts to set the group as it is in /var/mail. This is not
mentioned in the documentation anywhere I could find. That is where it
fails. However, it turns out that if you turn off group permissions (0600)
in /var/mail/* it will not try to set the group and the local directory is
created successfully.



--
View this message in context: 
http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43148.html
Sent from the Dovecot mailing list archive at Nabble.com.

Re: [Dovecot] CaCert certificate configuration help needed

2013-07-04 Thread gw1500se 
I think I am now close on this. It appears that the user is successfully
authenticating via IMAP. However, I am getting permissions errors when it
tries to write to the Maildir.

 dovecot: imap(dap): Error: mkdir(/home/dap/Maildir/.imap/INBOX) failed:
Operation not permitted
Jul  4 15:02:04 public dovecot: imap(dap): Error:
chown(/home/dap/Maildir/.imap/INBOX, -1, 12(mail)) failed: Operation not
permitted (egid=500(dap), group based on /var/mail/dap)

What am I missing in the previously posted doveconf? TIA.



--
View this message in context: 
http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43146.html
Sent from the Dovecot mailing list archive at Nabble.com.

Re: [Dovecot] CaCert certificate configuration help needed

2013-07-04 Thread gw1500se 
FWIW, here is my doveconf output:

# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final)
auth_debug_passwords = yes
base_dir = /var/run/dovecot/
login_greeting = Dovecot on mydomain.com ready.
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl
passdb {
  driver = pam
}
protocols = imap pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
  }
}
ssl_cert = http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43142.html
Sent from the Dovecot mailing list archive at Nabble.com.

Re: [Dovecot] CaCert certificate configuration help needed

2013-07-04 Thread gw1500se 
Thanks. I think I turned on all the debug I can but the result is not at all
helpful (to me).

Jul  4 13:33:02 public dovecot: auth: Debug: auth client connected
(pid=29195)
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x10, ret=1:
before/accept initialization 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: before/accept initialization 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client hello A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server hello A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write certificate A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write key exchange A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write server done A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2002,
ret=-1: SSLv3 read client certificate A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read client key exchange A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 read finished A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write session ticket A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write change cipher spec A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 write finished A 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001,
ret=1: SSLv3 flush data 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x20, ret=1:
SSL negotiation finished successfully 
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2002,
ret=1: SSL negotiation finished successfully 
Jul  4 13:33:02 public dovecot: imap-login: Aborted login (no auth
attempts): rip=74.176.153.21, lip=69.64.71.47, TLS
Jul  4 13:33:02 public dovecot: imap-login: Warning: SSL alert:
where=0x4008, ret=256: warning close notify



--
View this message in context: 
http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43141.html
Sent from the Dovecot mailing list archive at Nabble.com.

Re: [Dovecot] CaCert certificate configuration help needed

2013-07-04 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 4 Jul 2013, gw1500se wrote:



Perhaps I am still not recognizing which specific section I should be using
in that document.


increase logging http://wiki2.dovecot.org/Logging esp. section "Logging 
verbosity", then try again and check what the MUA is displaying. If it 
disconnects because of cert errors, the MUA displays the error.


Regards,

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUdVZZV3r2wJMiz2NAQKpIwf/ZCiL2b+jDU+asctSVTHz7TlkPxzQujGf
0eoW1Rn+O+jEiTdtHC1S3KLDHqTiCQv+dnt7urH+PFymOkK4LMoZQ0omO0k3iNSY
mQp5U855vY9LgVfuEVtCyUg+yGxjXhWgUA9qbJI6bZGUMRu4/mX4aGbK/YdjTZ35
HQNvRHgK+Tg52CSumIAK+As/FDr5ftKzEwT2K5bocb250VxcE673vs+5vDphu8j9
RB+kIi2K3xKoM/sIb3ZV2QBCCs5xLF+jj1FY19+DL/tw3lTQf/zvt6ckrOAcFCi/
FQhYFIbY+yB0hLBAftiVheCrxN+s0JNNfv25NQoKMF/k5Lc98EbG0g==
=i6sh
-END PGP SIGNATURE-

Re: [Dovecot] CaCert certificate configuration help needed

2013-07-04 Thread gw1500se 
Thanks for the reply. I guess I should have been more complete in my
description. That is where I first started. Not only did that give me the
error above but an additional error telling me I was missing the root CA for
the signing authority. Searches on that error pointed me to the chained SSL
certificates section. That eliminated the root CA error but I still have the
posted error.

Perhaps I am still not recognizing which specific section I should be using
in that document.



--
View this message in context: 
http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43139.html
Sent from the Dovecot mailing list archive at Nabble.com.

Re: [Dovecot] CaCert certificate configuration help needed

2013-07-04 Thread lst_hoe02 


Zitat von gw1500se :


I was not able to find specific help for configuring the crt file for CaCert.
I gleaned from examples the following order:

server certificate
CaCert class 3 certificate
Cacert root certificate

However, when I try to configure my mail reading for IMAP, Dovecot shows the
following error in the log:

dovecot: imap-login: Aborted login (no auth attempts):

I am assuming, based on searches for this error, that my crt file is not
correct but I don't know what to do at this point. Can someone steer me in
the right direction? TIA.



The server (dovecot) needs the server certificate, the matching  
private key and the intermediate CAs, not the root-CA. The client need  
the root-CA in it's "trust store" so you have to make your client  
trusting the CaCert root-CA. For the dovcot side have a look here:

http://wiki2.dovecot.org/SSL/DovecotConfiguration

Regards

Andreas




smime.p7s
Description: S/MIME Cryptographic Signature