dovecot-2.3 (-git) Warning and Fatal Compile Error
Teemu Huovila
teemu.huovila at dovecot.fi
Mon Oct 30 10:22:42 EET 2017
On 30.10.2017 09:10, Aki Tuomi wrote:
>
>
> On 30.10.2017 00:23, Reuben Farrelly wrote:
>> Hi Aki,
>>
>> On 30/10/2017 12:43 AM, Aki Tuomi wrote:
>>>> On October 29, 2017 at 1:55 PM Reuben Farrelly
>>>> <reuben-dovecot at reub.net> wrote:
>>>>
>>>>
>>>> Hi again,
>>>>
>>>> Chasing down one last problem which seems to have been missed from my
>>>> last email:
>>>>
>>>> On 20/10/2017 9:22 PM, Stephan Bosch wrote:
>>>>>
>>>>> Op 20-10-2017 om 4:23 schreef Reuben Farrelly:
>>>>>> On 18/10/2017 11:40 PM, Timo Sirainen wrote:
>>>>>>> On 18 Oct 2017, at 6.34, Reuben Farrelly <reuben-dovecot at reub.net>
>>>>>>> wrote:
>>>> This problem below is still present in 2.3 -git, as of version
>>>> 2.3.devel
>>>> (6fc40674e)
>>>>
>>>>>>> Secondly, this ssl_dh messages is always printed from doveconf:
>>>>>>>
>>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
>>>>>>> doveconf: Warning: You can generate it with: dd
>>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>>>> -inform der > /etc/dovecot/dh.pem
>>>>>>>
>>>>>>> Yet the file is there:
>>>>>>>
>>>>>>> thunderstorm conf.d # ls -la /etc/dovecot/dh.pem
>>>>>>> -rw-r--r-- 1 root root 769 Oct 19 21:55 /etc/dovecot/dh.pem
>>>>>>>
>>>>>>> And the config is there as well:
>>>>>>>
>>>>>>> thunderstorm dovecot # doveconf -P | grep ssl_dh
>>>>>>> ssl_dh = </etc/dovecot/dh.pem
>>>>>>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
>>>>>>> doveconf: Warning: You can generate it with: dd
>>>>>>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>>>>>>> -inform der > /etc/dovecot/dh.pem
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> ssl_dh = -----BEGIN DH PARAMETERS-----
>>>>>>> thunderstorm dovecot #
>>>>>>>
>>>>>>> It appears that this warning is being triggered by the presence of
>>>>>>> the ssl-parameters.dat file because when I remove it the warning
>>>>>>> goes away. Perhaps the warning could be made a bit more specific
>>>>>>> about this file being removed if it is not required because at the
>>>>>>> moment the warning message is not related to the trigger.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Reuben
>>>> Thanks,
>>>> Reuben
>>> It is triggered when there is ssl-parameters.dat file *AND* there is
>>> no ssl_dh=< explicitly set in config file.
>>>
>>> Aki
>>
>> I have this already in my 10-ssl.conf file:
>>
>> lightning dovecot # /etc/init.d/dovecot reload
>> doveconf: Warning: please set ssl_dh=</etc/dovecot/dh.pem
>> doveconf: Warning: You can generate it with: dd
>> if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dh
>> -inform der > /etc/dovecot/dh.pem
>> * Reloading dovecot configs and restarting auth/login processes
>> ... [ ok ]
>> lightning dovecot #
>>
>> However:
>>
>> lightning dovecot # grep ssl_dh conf.d/10-ssl.conf
>> # gives on startup when ssl_dh is unset.
>> ssl_dh=</etc/dovecot/dh.pem
>> lightning dovecot #
>>
>> and the file is there:
>>
>> lightning dovecot # ls -la /etc/dovecot/dh.pem
>> -rw-r--r-- 1 root root 769 Oct 19 19:06 /etc/dovecot/dh.pem
>> lightning dovecot #
>>
>> So it is actually configured and yet the warning still is present.
>>
>> Reuben
>
> Hi!
>
> I gave this a try, and I was not able to repeat this issue. Perhaps you
> are still missing ssl_dh somewhere?
>
> Aki
>
Hello
Just a guess, but at this point I would recommend reviewing the output of "doveconf -n" to make sure the appropriate settings are present.
br,
Teemu
More information about the dovecot
mailing list