> I was not able to find specific help for configuring the crt file for CaCert.
> I gleaned from examples the following order:
> server certificate
> CaCert class 3 certificate
> Cacert root certificate
> However, when I try to configure my mail reading for IMAP, Dovecot shows the
> following error in the log:
> dovecot: imap-login: Aborted login (no auth attempts):
> I am assuming, based on searches for this error, that my crt file is not
> correct but I don't know what to do at this point. Can someone steer me in
> the right direction? TIA.
The server (dovecot) needs the server certificate, the matching
private key and the intermediate CAs, not the root-CA. The client need
the root-CA in it's "trust store" so you have to make your client
trusting the CaCert root-CA. For the dovcot side have a look here:
Thanks for the reply. I guess I should have been more complete in my description. That is where I first started. Not only did that give me the error above but an additional error telling me I was missing the root CA for the signing authority. Searches on that error pointed me to the chained SSL certificates section. That eliminated the root CA error but I still have the posted error.
Perhaps I am still not recognizing which specific section I should be using in that document.
> Perhaps I am still not recognizing which specific section I should be using
> in that document.
increase logging http://wiki2.dovecot.org/Logging esp. section "Logging
verbosity", then try again and check what the MUA is displaying. If it
disconnects because of cert errors, the MUA displays the error.
I think I am now close on this. It appears that the user is successfully authenticating via IMAP. However, I am getting permissions errors when it tries to write to the Maildir.
dovecot: imap(dap): Error: mkdir(/home/dap/Maildir/.imap/INBOX) failed: Operation not permitted
Jul 4 15:02:04 public dovecot: imap(dap): Error: chown(/home/dap/Maildir/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=500(dap), group based on /var/mail/dap)
What am I missing in the previously posted doveconf? TIA.
Got it. It seems that when Dovecot tries to create the user's local mail directory, it attempts to set the group as it is in /var/mail. This is not mentioned in the documentation anywhere I could find. That is where it fails. However, it turns out that if you turn off group permissions (0600) in /var/mail/* it will not try to set the group and the local directory is created successfully.