On 28.10.2016 10:18, Stephan Bosch wrote: > Op 10/27/2016 om 9:55 PM schreef Moritz Fago: >> Hello, >> >> If you don’t have a ssl_key and ssl_cert configured in your dovecot config >> managesieve-login will fail to start with the following error message: >> dovecot: managesieve-login: Fatal: Couldn't parse private ssl_key: >> error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY >> PRIVATE KEY, even if you haven’t enabled ssl for managesieve-login. > I must say I don't really know what that error means. I see a few things > though: > >> Infos according to http://www.dovecot.org/bugreport.html: >> >> Filesystem: ext4 >> doveconf -n: >> # 2.2.13: /etc/dovecot/dovecot.conf >> # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.6 >> auth_default_realm = toppoint.de >> auth_mechanisms = plain login >> auth_username_format = %Ln >> mail_location = maildir:~/Maildir >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope encoded-character >> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags >> copy include variables body enotify environment mailbox date ihave >> namespace inbox { >> inbox = yes >> location = >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Trash { >> special_use = \Trash >> } >> prefix = >> } >> passdb { >> args = dovecot >> driver = pam >> } >> plugin { >> sieve = ~/.sieve/dovecot.sieve >> sieve_dir = ~/.sieve >> } >> protocols = " imap lmtp sieve pop3" >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> ssl = yes >> } > This means that you're making a 'sieves' protocol, i.e. ManageSieve with > TLS from the start. It doesn't exist by the standard. ManageSieve only > uses the STARTTLS command. Leave out the ssl=yes here. > >> } >> ssl = required >> ssl_cert = </etc/ssl/private/imap.toppoint.de.crt >> ssl_cipher_list = >> HIGH::!aNULL:!eNULL:!kRSA:!kPSK:!kSRP:!aDSS:!kECDH:!kDH:!MD5:!SHA1:!RC2:!RC4:!SEED:!IDEA:!DES:!3DES >> ssl_dh_parameters_length = 2048 >> ssl_key = </etc/ssl/private/imap.toppoint.de.pem >> ssl_prefer_server_ciphers = yes >> ssl_protocols = !SSLv3 !SSLv2 >> userdb { >> driver = passwd >> } >> protocol lmtp { >> mail_plugins = sieve >> } >> protocol imap { >> ssl_cert = </etc/ssl/private/imap.toppoint.de.crt >> ssl_key = </etc/ssl/private/imap.toppoint.de.pem >> } >> protocol pop3 { >> ssl_cert = </etc/ssl/private/pop3.toppoint.de.crt >> ssl_key = </etc/ssl/private/pop3.toppoint.de.pem >> } > I see you have these set for imap and pop3, but not for "protocol > sieve". Is that intentional? > > Regards, > > Stephan.
I can also see that imap.toppoint.de.crt is specified in main config body and inside imap protocol as well. Aki
