Univention Bugzilla – Bug 48247
Let's Encrypt: configure dovecot listener module correctly
Last modified: 2021-05-17 09:34:24 CEST
If the local dovecot system is configured to use the Let's Encrypt certificate: mail/dovecot/ssl/cafile=/etc/univention/letsencrypt/signed_chain.crt mail/dovecot/ssl/certificate=/etc/univention/letsencrypt/signed_chain.crt mail/dovecot/ssl/key=/etc/univention/letsencrypt/domain.key the listener module should also be configured to use the correct cafile while uploading a sieve script for new users: mail/dovecot/sieve/client/cafile=/etc/ssl/certs/ca-certificates.crt If this UCR variable is not set, the UCS CA file is used and the sieve upload will fail → new users start without a basic sieve script and spam is placed within the inbox.
When implementing this make sure to depend on the correct packages, as the UCRv was implemented in bug 41018
I was wrong, mail/dovecot/sieve/client/cafile was introduced in 2015, at the referenced bug UCR mail/dovecot/sieve/client/server was introduced.
No, you were correct. Bug #41018 is required for this to work: both the CA and the FQDN that the sieve-client uses must fit.
This bug is about making the let's encrypt app automatically set those UCRVs, isn't it?
(In reply to Daniel Tröder from comment #4) > This bug is about making the let's encrypt app automatically set those > UCRVs, isn't it? Yes, that was my initial intention. But as we already noticed, dovecot is also able to use SNI and can therefore handle multiple SSL certificates, which would be the much better approach.
UCS 4.4e45 introduced SNI support for dovecot in bug 48485. The letsencrypt app should configure its certificates via SNI in addition to the default
This issue has been filed against UCS 4.3. UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
Still relevant with the app in UCS 4.4