i have been trying to configure my dovecot imap server (version 1.0.10 - upgrading is not an option at this stage) with a new ssl certificate on ubuntu like so:
$ grep ^ssl /etc/dovecot/dovecot.conf
ssl_disable = no
ssl_cert_file = /etc/ssl/certs/mydomain.com.crt.20120904
ssl_key_file = /etc/ssl/private/mydomain.com.key.20120904
$ /etc/init.t/dovecot stop
$ sudo dovecot -p
$ [i enter the ssl password here]
it doesn't show any errors and when i run ps aux | grep dovecot i get
ps aux | grep dovecot
root 21368 0.0 0.0 12452 688 ? Ss 15:19 0:00 dovecot -p
root 21369 0.0 0.0 71772 2940 ? S 15:19 0:00 dovecot-auth
dovecot 21370 0.0 0.0 14140 1904 ? S 15:19 0:00 pop3-login
dovecot 21371 0.0 0.0 14140 1900 ? S 15:19 0:00 pop3-login
dovecot 21372 0.0 0.0 14140 1904 ? S 15:19 0:00 pop3-login
dovecot 21381 0.0 0.0 14280 2140 ? S 15:19 0:00 imap-login
dovecot 21497 0.0 0.0 14280 2116 ? S 15:29 0:00 imap-login
dovecot 21791 0.0 0.0 14148 1908 ? S 15:48 0:00 imap-login
dovecot 21835 0.0 0.0 14148 1908 ? S 15:53 0:00 imap-login
dovecot 21931 0.0 0.0 14148 1904 ? S 16:00 0:00 imap-login
me 21953 0.0 0.0 5168 944 pts/0 S+ 16:02 0:00 grep --color=auto dovecot
which looks like it is all running fine. so then i test to see if i can telnet to the dovecot server, and this works fine:
$ telnet localhost 143
Connected to localhost.
Escape character is '^]'.
* OK Dovecot ready.
but when i test whether dovecot has configured the ssl certificates properly, it appears to fail:
$ sudo openssl s_client -connect localhost:143 -starttls imap
depth=0 /description=xxxxxxxxxxxxxxxxx/C=AU/ST=xxxxxxxx/L=xxxx/O=xxxxxx/CN=*.mydomain.com/emailAddress=[email protected][email protected][email protected][email protected][email protected]
at least, i'm assuming this is a failure???
The problem is with openssl, not dovecot.
There is a bug in openssl which stops it looking for the default CApath, so you need to tell it where to find the list of root CA certs by adding -CApath to your command line. For example:
sudo openssl s_client -connect localhost:143 -starttls imap -CApath /dev/null
If you have not populated your certs folder yet and you are computer literate, then follow this tutorial to download certdata.txt from Mozilla and generate the necessary PEM files and symlinks. The scripts may need modifying if you do not have access to /bin and you will need to create a symlink ln -s ca-bundle.crt cert.pem.
(Specifying /dev/null forces openssl to use the default path of cert.pem in your openssl directory. To find out where your openssl directory is, type openssl version -d).
openssl version -d
Since you are using StartSSL, you may need to concatenate your certificate and their intermediate certificate for dovecot, in your case StartCom Class 2 Primary Intermediate Server CA. Their free certificate uses StartCom Class 1 Primary Intermediate Server CA
You may use verbose_ssl = yes in the dovecot configuration to produce additional logging output.
verbose_ssl = yes
In my configuration (dovecot 2.0) I use the following statements:
ssl_cert = </etc/ssl/certs/mydomain.com.crt.20120904
ssl_key = </etc/ssl/private/mydomain.com.key.20120904
I have IMAP folders on a dovecot server containing a high number of emails (>10.000). I want to apply an existing sieve script to the mails in these folders. I know I can feed the mails from the Maildir storage into dovecot's lmtp and remove the file afterwards but I want to preserve the mail status as much as possible.
Try creating new folder, move all messages to that folder and then move them back to the previous place where the sieve filter is defined - sieve rules should then be applied.