Re: [Dovecot] CaCert certificate configuration help needed
Got it. It seems that when Dovecot tries to create the user's local mail directory, it attempts to set the group as it is in /var/mail. This is not mentioned in the documentation anywhere I could find. That is where it fails. However, it turns out that if you turn off group permissions (0600) in /var/mail/* it will not try to set the group and the local directory is created successfully. -- View this message in context: http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43148.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] CaCert certificate configuration help needed
I think I am now close on this. It appears that the user is successfully authenticating via IMAP. However, I am getting permissions errors when it tries to write to the Maildir. dovecot: imap(dap): Error: mkdir(/home/dap/Maildir/.imap/INBOX) failed: Operation not permitted Jul 4 15:02:04 public dovecot: imap(dap): Error: chown(/home/dap/Maildir/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=500(dap), group based on /var/mail/dap) What am I missing in the previously posted doveconf? TIA. -- View this message in context: http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43146.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] CaCert certificate configuration help needed
FWIW, here is my doveconf output: # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-358.11.1.el6.x86_64 x86_64 CentOS release 6.4 (Final) auth_debug_passwords = yes base_dir = /var/run/dovecot/ login_greeting = Dovecot on mydomain.com ready. mail_location = maildir:~/Maildir mbox_write_locks = fcntl passdb { driver = pam } protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ssl_cert = http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43142.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] CaCert certificate configuration help needed
Thanks. I think I turned on all the debug I can but the result is not at all helpful (to me). Jul 4 13:33:02 public dovecot: auth: Debug: auth client connected (pid=29195) Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write key exchange A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write session ticket A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully Jul 4 13:33:02 public dovecot: imap-login: Aborted login (no auth attempts): rip=74.176.153.21, lip=69.64.71.47, TLS Jul 4 13:33:02 public dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify -- View this message in context: http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43141.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] CaCert certificate configuration help needed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 4 Jul 2013, gw1500se wrote: Perhaps I am still not recognizing which specific section I should be using in that document. increase logging http://wiki2.dovecot.org/Logging esp. section "Logging verbosity", then try again and check what the MUA is displaying. If it disconnects because of cert errors, the MUA displays the error. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUdVZZV3r2wJMiz2NAQKpIwf/ZCiL2b+jDU+asctSVTHz7TlkPxzQujGf 0eoW1Rn+O+jEiTdtHC1S3KLDHqTiCQv+dnt7urH+PFymOkK4LMoZQ0omO0k3iNSY mQp5U855vY9LgVfuEVtCyUg+yGxjXhWgUA9qbJI6bZGUMRu4/mX4aGbK/YdjTZ35 HQNvRHgK+Tg52CSumIAK+As/FDr5ftKzEwT2K5bocb250VxcE673vs+5vDphu8j9 RB+kIi2K3xKoM/sIb3ZV2QBCCs5xLF+jj1FY19+DL/tw3lTQf/zvt6ckrOAcFCi/ FQhYFIbY+yB0hLBAftiVheCrxN+s0JNNfv25NQoKMF/k5Lc98EbG0g== =i6sh -END PGP SIGNATURE-
Re: [Dovecot] CaCert certificate configuration help needed
Thanks for the reply. I guess I should have been more complete in my description. That is where I first started. Not only did that give me the error above but an additional error telling me I was missing the root CA for the signing authority. Searches on that error pointed me to the chained SSL certificates section. That eliminated the root CA error but I still have the posted error. Perhaps I am still not recognizing which specific section I should be using in that document. -- View this message in context: http://dovecot.2317879.n4.nabble.com/CaCert-certificate-configuration-help-needed-tp43118p43139.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] CaCert certificate configuration help needed
Zitat von gw1500se : I was not able to find specific help for configuring the crt file for CaCert. I gleaned from examples the following order: server certificate CaCert class 3 certificate Cacert root certificate However, when I try to configure my mail reading for IMAP, Dovecot shows the following error in the log: dovecot: imap-login: Aborted login (no auth attempts): I am assuming, based on searches for this error, that my crt file is not correct but I don't know what to do at this point. Can someone steer me in the right direction? TIA. The server (dovecot) needs the server certificate, the matching private key and the intermediate CAs, not the root-CA. The client need the root-CA in it's "trust store" so you have to make your client trusting the CaCert root-CA. For the dovcot side have a look here: http://wiki2.dovecot.org/SSL/DovecotConfiguration Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature