Quoting Guilhem Moulin (2020-08-14 12:53:54) > On Fri, 14 Aug 2020 at 09:33:03 +0000, Debian Bug Tracking System wrote: > >> All my 5 interimap profiles stopped working when security fix was applied > >> for my local Dovecot install was applied. > > > > False alarm: Turned out to be a change in dovecot configuration files > > incompatible with my accessing it via tunnel. > > > > Revealed by manually running the underlying doveadm command. > > Thanks for the update, Jonas! Mind sharing what you had to change in > Dovecot? 1:2.3.11.3+dfsg1-1 doesn't break the test suite, so maybe you > have a setup it'd be worth having test covering for.
I have interimap config files all containing this: [local] type = tunnel command = doveadm exec imap -o mail_location=maildir:~/Maildir/jones null-stderr = YES Normally, my wrapper script for all accounts look like this: $ mymailsync debian_local: IMAP traffic (bytes): recv 9.12K sent 104 debian_remote: IMAP traffic (bytes): recv 9.34K sent 104 purism_local: IMAP traffic (bytes): recv 1.15K sent 104 purism_remote: IMAP traffic (bytes): recv 1.15K sent 212 jones_remote(INBOX): Updated flags ($HasNoAttachment \Seen) for UID 636246 jones_local(INBOX): Added 34 UID(s) 129072:129105 <- 636254:636287 jones_local: IMAP traffic (bytes): recv 21.84K sent 413.29K jones_remote: IMAP traffic (bytes): recv 437.54K sent 355 hb_local(INBOX): Added 9 UID(s) 309233:309241 <- 299787:299795 hb_local: IMAP traffic (bytes): recv 5.88K sent 61.12K hb_remote: IMAP traffic (bytes): recv 67.21K sent 266 Processed 43 total files in 1s (33 files/sec.). Added 41 new messages to the database. After the Dovecot update, it looked like this: $ mymailsync debian_local: ERROR: 0 bytes read (got EOF) debian_local: IMAP traffic (bytes): recv 0 sent 0 jones_local: ERROR: 0 bytes read (got EOF) jones_local: IMAP traffic (bytes): recv 0 sent 0 purism_local: ERROR: 0 bytes read (got EOF) purism_local: IMAP traffic (bytes): recv 0 sent 0 hb_local: ERROR: 0 bytes read (got EOF) hb_local: IMAP traffic (bytes): recv 0 sent 0 After fumbling with "man interimap" looking for a "--verbose" option, and shouting out to you on irc, I tried running the inner command directly: $ doveadm exec imap -o mail_location=maildir:~/Maildir/jones doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/dovecot/private/dovecot.pem: Permission denied Annoyingly, this failed as well: $ doveadm exec imap -o mail_location=maildir:~/Maildir/jones -o ssl_cert= -o ssl_key= doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 12: ssl_cert: Can't open file /etc/dovecot/private/dovecot.pem: Permission denied Now it works, after aplying this patch: --- /etc/dovecot/conf.d/10-ssl.conf.orig +++ /etc/dovecot/conf.d/10-ssl.conf @@ -9,8 +9,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert = </etc/dovecot/private/dovecot.pem -ssl_key = </etc/dovecot/private/dovecot.key +#ssl_cert = </etc/dovecot/private/dovecot.pem +#ssl_key = </etc/dovecot/private/dovecot.key . # If key file is password protected, give the password here. Alternatively # give it when starting dovecot with -p parameter. Since this file is often - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
