Red Hat Bugzilla – Bug 179430
Create DH keys if they do not exist
Last modified: 2014-01-21 17:53:27 EST
dovecot-1.0 beta1 introduced the use of Diffie Helman parameters for it's SSL.
These keys need to be built the first time dovecot is run on either a new
installation, or an existing installation/upgrade if they have not been
This can be achieved by executing dovecot like this:
Dovecot starts, prints a message stating that it is generating parameters, and
then shuts down once they have been created.
What we want is the postinstall script to test for the presence of
/var/run/dovecot/login/ssl-parameters.dat - if it exists then fine (exit), if it
does not exist then invoke dovecot with the above parameters.
This allows the DH parameters to be generated at install time rather than run time.
Thanks, fixed in 1.0-0.beta2.2.
After installing this update, OSX's Mail.app program now refuses to talk via
IMAP to the dovecot server. Using IMAPS on port 993 works, however not without
SSL on port 143.
the log in /var/log/maillog shows:
Feb 2 02:02:48 zeus dovecot: imap-login: Aborted login: rip=220.127.116.11,
Feb 2 02:03:19 zeus last message repeated 10 times
Feb 2 02:03:48 zeus dovecot: imap-login: Aborted login: rip=18.104.22.168,
interestingly enough, Squirrelmail can still use localhost:143 ok as it's IMAP
I can also telnet to the server and get a banner.
# telnet zeus.crc.id.au 143
Connected to zeus.crc.id.au (22.214.171.124).
Escape character is '^]'.
* OK Dovecot ready.
Do we know exactly what changed in this update?
Steven, which update exactly, please? The only thing that changed between
1.0-0.beta2.1 and beta2.2 is what is documented in the changelog - URL in
package description and post-install script (which now calls dovecot
--build-ssl-parameters as requested,
when /var/run/dovecot/login/ssl-parameters.dat does not exist).
If it appeared in 1.0-0.beta2.1, please open a new bugreport for the issue.