dovecot reports Invalid configuration in /etc/dovecot/dovecot.conf in all cases

On 24.08.2010 20:10, Carl Nobile wrote:

> If dovecot -n is executed it will show the wrong settings. In other words it seems to be ignoring what is in the /etc/dovecot/dovecot.conf
> completely. For example I only have pop3s set in protocols but it is permitting everything. Also the wrong certs are being used not the ones in my config.

Did you install dovecot-postfix package? Is this Lucid? You've noticed
/etc/dovecot/conf.d and /etc/dovecot/auth.d?

Yes the dovecot-postfix package is installed. I'm am using 10.04 Lucid.

I updated the file in /etc/dovecot/conf.d to what I want, now dovecot -n gives me the right info, but I still get this:

$ openssl s_client -connect localhost:995
connect: Connection refused
connect:errno=111

This also happens on the domain name coming from the outside.

Is the dovecot process listening on any port?

Yes port 110 only, but no matter what I do it will not listen to port 995.

On 25.08.2010 16:07, Carl Nobile wrote:

> Yes port 110 only, but no matter what I do it will not listen to port
> 995.

Please attach output of 'sudo dovecot -n'.

Thank you

Sorry for putting this directly into the post, but I was not on site when I ran the command and it was a lot easier to just grab the screen output an past it in.

These are the certs and keys on my box.

$ ll /etc/ssl/certs/ssl-mail.pem
lrwxrwxrwx 1 root root 36 2010-07-28 22:19 /etc/ssl/certs/ssl-mail.pem -> /etc/ssl/certs/ssl-cert-snakeoil.pem

$ sudo ls -l /etc/ssl/private/ssl-mail.key
lrwxrwxrwx 1 root root 38 2010-07-28 22:19 /etc/ssl/private/ssl-mail.key -> /etc/ssl/private/ssl-cert-snakeoil.key

I also cannot get dovecot to stop looking in the /root dir, so my log is full of error messages about permissions being denied.

$ sudo dovecot -n
# 1.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-24-generic-pae i686 Ubuntu 10.04.1 LTS
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: pop3 pop3s
ssl_listen: 995
ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
ssl_key_file: /etc/ssl/private/ssl-mail.key
ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/pop3-login
mail_privileged_group: mail
mail_location: maildir:~/Maildir
mail_debug: yes
mbox_write_locks: fcntl dotlock
mail_executable: /usr/lib/dovecot/pop3
mail_plugin_dir: /usr/lib/dovecot/modules/pop3
pop3_client_workarounds: outlook-no-nuls oe-ns-eoh
lda:
  postmaster_address: postmaster
  mail_plugins: sieve
  quota_full_tempfail: yes
  deliver_log_format: msgid=%m: %$
  rejection_reason: Your message to <%t> was automatically rejected:%n%r
auth default:
  mechanisms: plain login
  passdb:
    driver: pam
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/dovecot-auth
      mode: 432
      user: postfix
      group: postfix
plugin:
  sieve: ~/.dovecot.sieve
  sieve_dir: ~/sieve

On 25.08.2010 18:03, Carl Nobile wrote:

> I also cannot get dovecot to stop looking in the /root dir, so my log is
> full of error messages about permissions being denied.

Can you paste those errors?

I know I'm not the only person getting this issue. It was said the issue is that the /etc/aliases file needs to point to a valid user on the system other that root. This I fix, but dovecot doesn't seem to listen to this even after bouncing both postfix and dovecot.

The error below will show up in the log erratically over the day sometime 20 time in just a few minutes then not again for almost a day. I assume there is an algorithm that determines when to check.

Aug 25 12:19:34 foundation dovecot: deliver(root): chdir(/root) failed: Permission denied
Aug 25 12:19:34 foundation dovecot: deliver(root): sieve: stat(/root/.dovecot.sieve) failed: Permission denied (using global script path in stead)
Aug 25 12:19:34 foundation dovecot: deliver(root): stat(/root/Maildir) failed: Permission denied
Aug 25 12:19:34 foundation dovecot: deliver(root): stat(/root/Maildir/tmp) failed: Permission denied (euid=65534(nobody) egid=65534(nogroup) missing +x perm: /root)

On 25.08.2010 18:34, Carl Nobile wrote:

> I know I'm not the only person getting this issue. It was said the issue
> is that the /etc/aliases file needs to point to a valid user on the
> system other that root. This I fix, but dovecot doesn't seem to listen
> to this even after bouncing both postfix and dovecot.

Do you have postmaster alias? It should point to root (and root to some
other user). When you set up aliases, run newaliases command.

OK, I waited a day to see how the changes I made to the /etc/aliases file went and that seemed to solve the issue with dovecot trying to do things in the /root/ dir.

There is still the issue where dovecot will NOT listen to port 995 either locally or externally.

$ openssl s_client -connect localhost:995
connect: Connection refused
connect:errno=111

The above is still an issue.

On 25.08.2010 18:03, Carl Nobile wrote:

> /etc/ssl/certs/ssl-cert-snakeoil.pem
> /etc/ssl/private/ssl-cert-snakeoil.key

Give me output of 'ls -dl' for these files.

> ssl_listen: 995

^^ remove this

> verbose_ssl: yes

^^ and this

$ ls -dl /etc/ssl/certs/ssl-cert-snakeoil.pem
-rw-r--r-- 1 root root 660 2010-01-27 22:39 /etc/ssl/certs/ssl-cert-snakeoil.pem

$ sudo ls -dl /etc/ssl/private/ssl-cert-snakeoil.key
-rw-r----- 1 root ssl-cert 891 2010-01-27 22:39 /etc/ssl/private/ssl-cert-snakeoil.key

OK, it seems removing both of the Lines you mentioned solved the problem, but all the docs I have read said to set ssl_listen: 995, verbose_ssl: yes I set on to try and debug the issue.

So is this a bug in covecot or a bug in the tutorials I have been reading?

On 26.08.2010 17:33, Carl Nobile wrote:

> So is this a bug in covecot or a bug in the tutorials I have been
> reading?

# IP or host address where to listen in for SSL connections. Defaults
# to above if not specified.
#ssl_listen =

It's an IP, not a port. Or IP:port.

I suppose that

ssl_listen = *:995

would have worked.

So I have dovecot working now I cannot access postfix through smpts port 465. Almost the same problem I had with dovecot.

[Expired for dovecot (Ubuntu) because there has been no activity for 60 days.]