Results 1 to 8 of 8

Thread: Dovecot not working over ssl in 11.4

Hybrid View

  1. #1

    Default Dovecot not working over ssl in 11.4

    I use dovecot as an IMAP server for mail clients on my local machine. This worked fine in 11.3 but on 11.4 the authentication doesn't seem to work - my mail client just can't connect to the dovecot server.

    I get errors like this in the /var/log/mail:
    Code:
    Mar 21 12:49:46 triton dovecot: dovecot: link(/var/lib/dovecot/ssl-parameters.dat, /var/run/dovecot/login/ssl-parameters.dat.tmp) failed: Permission denied
    Mar 21 12:49:46 triton dovecot: dovecot: Generating Diffie-Hellman parameters for the first time. This may take a while..
    Mar 21 12:50:12 triton dovecot: ssl-build-param: SSL parameters regeneration completed
    Mar 21 12:50:12 triton dovecot: dovecot: link(/var/lib/dovecot/ssl-parameters.dat, /var/run/dovecot/login/ssl-parameters.dat.tmp) failed: Permission denied
    Mar 21 12:50:12 triton dovecot: dovecot: file_copy(/var/lib/dovecot/ssl-parameters.dat, /var/run/dovecot/login/ssl-parameters.dat) failed: No such file or directory
    My configuration is:
    Code:
    # 1.2.16: /etc/dovecot/dovecot.conf
    Error: setmntent(/etc/mtab) failed: Permission denied
    # OS: Linux 2.6.37.1-1.2-desktop x86_64  
    protocols: imaps
    listen: 127.0.0.1
    login_dir: /var/run/dovecot/login
    login_executable: /usr/lib/dovecot/imap-login
    mail_location: mbox:/home/%u/Mail:INBOX=/home/%u/Mail/main
    lda:
      postmaster_address: postmaster@example.com
    auth default:
      passdb:
        driver: pam
      userdb:
        driver: passwd

  2. #2

    Default Re: Dovecot not working over ssl in 11.4

    I found the problem - AppArmor. I used the AppArmor module in YAST to set everything to 'complain' (ie. log stuff but don't block anything) and it worked.

    I've filed a bug to try to get AppArmor fixed: https://bugzilla.novell.com/show_bug.cgi?id=681267

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Dovecot not working over ssl in 11.4

    On 2011-03-21 14:36, tk83 wrote:
    >
    > I found the problem - AppArmor. I used the AppArmor module in YAST to
    > set everything to 'complain' (ie. log stuff but don't block anything)
    > and it worked.


    That mode will fill your logs if you leave it.

    > I've filed a bug to try to get AppArmor fixed:
    > https://bugzilla.novell.com/show_bug.cgi?id=681267


    Fix it yourself: yast, update profile wizard.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  4. #4

    Default Re: Dovecot not working over ssl in 11.4

    The profile wizard only creates rules very specific to my machine and the paths on it.

    The fact is that as shipped 11.4 can't run dovecot because of a broken AppArmor profile, that's a bug and should be fixed.

  5. #5
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Dovecot not working over ssl in 11.4

    On 2011-03-21 16:06, tk83 wrote:
    >
    > The profile wizard only creates rules very specific to my machine and
    > the paths on it.
    >
    > The fact is that as shipped 11.4 can't run dovecot because of a broken
    > AppArmor profile, that's a bug and should be fixed.


    Are you sure the profile came from openSUSE? I have dovecot installed, an
    earlier version, and I don't see an AA profile.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  6. #6

    Default Re: Dovecot not working over ssl in 11.4

    yes, I didn't install anything to do with AppArmor manually, so all the setup comes from the default opensuse install:
    Code:
    rpm -ql apparmor-profiles-2.5.1.r1445-52.55.1.x86_64 | grep dove
    /etc/apparmor.d/usr.lib.dovecot.deliver
    /etc/apparmor.d/usr.lib.dovecot.dovecot-auth
    /etc/apparmor.d/usr.lib.dovecot.imap
    /etc/apparmor.d/usr.lib.dovecot.imap-login
    /etc/apparmor.d/usr.lib.dovecot.managesieve-login
    /etc/apparmor.d/usr.lib.dovecot.pop3
    /etc/apparmor.d/usr.lib.dovecot.pop3-login
    /etc/apparmor.d/usr.sbin.dovecot

  7. #7
    Join Date
    Mar 2011
    Posts
    3

    Default Re: Dovecot not working over ssl in 11.4

    Same here.

    With AppArmor enabled, dovecot does not even start.

    With AppArmor disabled, dovecot works fine.

    It looks like the dovecot AppArmor profiles shipped with OpenSuSE 11.4
    are totally broken.

  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Dovecot not working over ssl in 11.4

    On 2011-03-27 20:36, cko wrote:
    >
    > Same here.


    Then add yourself to the bugzilla...

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •