Univention Bugzilla – Full Text Bug Listing |
Summary: | Using own SSL certificate for dovecot results in missing sieve script | ||
---|---|---|---|
Product: | UCS | Reporter: | robert.evert |
Component: | Mail - Dovecot | Assignee: | Sönke Schwardt-Krummrich <schwardt> |
Status: | CLOSED FIXED | QA Contact: | Daniel Tröder <troeder> |
Severity: | normal | ||
Priority: | P5 | CC: | robert.evert, schneider, schwardt |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.3-2-errata | ||
Hardware: | amd64 | ||
OS: | All | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 3: Simply Wrong: The implementation doesn't match the docu |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 2: A Pain – users won’t like this once they notice it |
User Pain: | 0.069 | Enterprise Customer affected?: | Yes |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Yes | Flags outvoted (downgraded) after PO Review: | |
Ticket number: | 2018112321000275 | Bug group (optional): | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 48247 |
Description
robert.evert
2016-04-07 12:10:06 CEST
(In reply to robert.evert from comment #0) > The corresponding mailbox in /var/log/dovecot/private/DOMAIN/test is not > created. This may be due to the fact, that the certificate has a different > name from the hostname of the system, which is perfectly fine as the name is > resolved via DNS. The first login via Horde creates all needed directories. You are right. The system's FQDN is used for the sieve connection. If the FQDN does not fit to the SSL certificate, the connection will fail. Btw: the mailbox is located at /var/spool/dovecot/private/DOMAIN/LOCALPART/. > What does the user creation script do there, login via sieve and set some > filters? The listener module uploads an initial sieve script. During this action, the mailbox is automatically created by dovecot. Daniel and I have decided that it makes more sense to customize UCS to handle third-party certificates throughout. If the Dovecot system uses a different certificate for connections from localhost, this a) causes confusion and b) can cause new errors. I added a new UCR variable mail/dovecot/sieve/client/server for specifying the external FQDN (that matches the SSL certificate). d6170d9933 Bug #41018: Merge branch 'sschwardt/41018/4.3/sieve-and-foreign-certificates' into 4.3-2 43f4d56806 Bug #41018: add advisory 5f18c30672 Bug #41018: add changelog entry 3018b3f1a9 Bug #41018: added UCR variable mail/dovecot/sieve/client/server Package: univention-mail-dovecot Version: 4.0.0-12A~4.3.0.201811231221 Branch: ucs_4.3-0 Scope: errata4.3-2 Something seems to be wrong with letsencrypt certs. (In reply to Sönke Schwardt-Krummrich from comment #2) > Something seems to be wrong with letsencrypt certs. The CA file for sieve-connect was not correctly configured. The correct setting is: mail/dovecot/sieve/client/cafile=/etc/ssl/certs/ca-certificates.crt But this is not part of this bug → back to RESOLVED. 49ad68c41c Bug #41018: update UCR variable descriptions Package: univention-mail-dovecot Version: 4.0.0-13A~4.3.0.201812041012 Branch: ucs_4.3-0 Scope: errata4.3-2 3eea982be8 Bug #41018: update advisory OK: manual test with different UCSV combinations OK: texts |