Bug 179430 - Create DH keys if they do not exist
Create DH keys if they do not exist
Product: Fedora
Classification: Fedora
Component: dovecot (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Rockai
Depends On:
  Show dependency treegraph
Reported: 2006-01-31 05:55 EST by Reuben Farrelly
Modified: 2014-01-21 17:53 EST (History)
3 users (show)

See Also:
Fixed In Version: 1.0-0.beta2.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-01-31 07:32:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Reuben Farrelly 2006-01-31 05:55:31 EST
dovecot-1.0 beta1 introduced the use of Diffie Helman parameters for it's SSL. 
These keys need to be built the first time dovecot is run on either a new
installation, or an existing installation/upgrade if they have not been
generated before.

This can be achieved by executing dovecot like this:

dovecot --build-ssl-parameters

Dovecot starts, prints a message stating that it is generating parameters, and
then shuts down once they have been created.

What we want is the postinstall script to test for the presence of
/var/run/dovecot/login/ssl-parameters.dat - if it exists then fine (exit), if it
does not exist then invoke dovecot with the above parameters.
This allows the DH parameters to be generated at install time rather than run time.
Comment 1 Petr Rockai 2006-01-31 07:32:08 EST
Thanks, fixed in 1.0-0.beta2.2.  
Comment 2 Steven Haigh 2006-02-01 10:14:52 EST
After installing this update, OSX's Mail.app program now refuses to talk via
IMAP to the dovecot server. Using IMAPS on port 993 works, however not without
SSL on port 143.

the log in /var/log/maillog shows:
Feb  2 02:02:48 zeus dovecot: imap-login: Aborted login: rip=,
Feb  2 02:03:19 zeus last message repeated 10 times
Feb  2 02:03:48 zeus dovecot: imap-login: Aborted login: rip=,

interestingly enough, Squirrelmail can still use localhost:143 ok as it's IMAP
mail source.

I can also telnet to the server and get a banner.
# telnet zeus.crc.id.au 143
Connected to zeus.crc.id.au (
Escape character is '^]'.
* OK Dovecot ready.

Do we know exactly what changed in this update?
Comment 3 Petr Rockai 2006-02-01 10:38:56 EST
Steven, which update exactly, please? The only thing that changed between    
1.0-0.beta2.1 and beta2.2 is what is documented in the changelog - URL in    
package description and post-install script (which now calls dovecot   
--build-ssl-parameters as requested,  
when /var/run/dovecot/login/ssl-parameters.dat does not exist).  
If it appeared in 1.0-0.beta2.1, please open a new bugreport for the issue. 

Note You need to log in before you can comment on or make changes to this bug.