Comment 0 for bug 1991564

Since upgrading from focal to jammy, I have issues with my cronjobs running doveadm as the vmail user (e.g., to train bayes filter). doveadm dies as it tries to read the SSL private key, although it does not need it.

This is a known bug in dovecot that was fixed with 2.3.17. I believe this is critical since granting the vmail user read permissions to the private SSL key is not desirable from a security perspective.

The corresponding entry in the Dovecot 2.3.17 changelog:
doveadm: v2.3.11 regression: Commands failed if ssl_cert or ssl_key files weren't readable by the user running doveadm, even though doveadm didn't actually use these settings

Answers to the requested information:

Description: Ubuntu 22.04.1 LTS
Release: 22.04

dovecot-core:
  Installed: 1:2.3.16+dfsg1-3ubuntu2.1
  Candidate: 1:2.3.16+dfsg1-3ubuntu2.1
  Version table:
 *** 1:2.3.16+dfsg1-3ubuntu2.1 500
        500 http://de.archive.ubuntu.com/ubuntu jammy-security/main amd64 Packages
        500 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     1:2.3.16+dfsg1-3ubuntu2 500
        500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages