Workaround for a new bug in dovecot.

This should allow postfixadmin to work again.

The bug is described on the Dovecot ML:
https://dovecot.org/pipermail/dovecot/2020-August/119642.html
This commit is contained in:
Daniel Frank 2020-08-20 22:56:04 +02:00
parent 5ba4461803
commit 706b74e27f
Signed by: tokudan
GPG key ID: 063CCCAD04182D32

View file

@ -7,18 +7,28 @@ let
password_query = SELECT username AS user, password FROM mailbox WHERE username = '%Lu' AND active='1' password_query = SELECT username AS user, password FROM mailbox WHERE username = '%Lu' AND active='1'
user_query = SELECT username AS user FROM mailbox WHERE username = '%Lu' AND active='1' user_query = SELECT username AS user FROM mailbox WHERE username = '%Lu' AND active='1'
''; '';
dovecotConf = pkgs.writeText "dovecot.conf" '' dovecotConfSSL = pkgs.writeText "dovecot.conf" ''
sendmail_path = /run/wrappers/bin/sendmail
default_internal_user = dovecot2
default_internal_group = dovecot2
protocols = imap lmtp pop3 sieve
${lib.optionalString (config.variables.useSSL) '' ${lib.optionalString (config.variables.useSSL) ''
ssl = yes ssl = yes
ssl_cert = </var/lib/acme/dovecot2.${config.variables.myFQDN}/fullchain.pem ssl_cert = </var/lib/acme/dovecot2.${config.variables.myFQDN}/fullchain.pem
ssl_key = </var/lib/acme/dovecot2.${config.variables.myFQDN}/key.pem ssl_key = </var/lib/acme/dovecot2.${config.variables.myFQDN}/key.pem
'' ''
} }
'';
dovecotConf = pkgs.writeText "dovecot.conf" ''
sendmail_path = /run/wrappers/bin/sendmail
default_internal_user = dovecot2
default_internal_group = dovecot2
protocols = imap lmtp pop3 sieve
# commented out due to a dovecot but in the most recent release
#$ {lib.optionalString (config.variables.useSSL) '#'
# ssl = yes
# ssl_cert = </var/lib/acme/dovecot2.${config.variables.myFQDN}/fullchain.pem
# ssl_key = </var/lib/acme/dovecot2.${config.variables.myFQDN}/key.pem
# '#'
#}
!include_try /var/lib/dovecot/ssl-keys.conf
disable_plaintext_auth = yes disable_plaintext_auth = yes
auth_mechanisms = plain login auth_mechanisms = plain login
@ -118,7 +128,7 @@ in
}; };
}; };
# Make sure at least the self-signed certs are available before trying to start postfix # Make sure at least the self-signed certs are available before trying to start postfix
systemd.services.dovecot2.after = lib.mkIf config.variables.useSSL [ "acme-selfsigned-certificates.target" ]; systemd.services.dovecot2.after = [ (lib.mkIf config.variables.useSSL "acme-selfsigned-certificates.target") "vmail-setup.service" ];
# Setup dovecot # Setup dovecot
networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ]; networking.firewall.allowedTCPPorts = [ 110 143 993 995 4190 ];
services.dovecot2 = { services.dovecot2 = {
@ -133,6 +143,11 @@ in
mkdir -p ${config.variables.vmailBaseDir} mkdir -p ${config.variables.vmailBaseDir}
chown -c ${config.variables.vmailUser}:${config.variables.vmailGroup} ${config.variables.vmailBaseDir} chown -c ${config.variables.vmailUser}:${config.variables.vmailGroup} ${config.variables.vmailBaseDir}
chmod -c 0700 ${config.variables.vmailBaseDir} chmod -c 0700 ${config.variables.vmailBaseDir}
# SSL workaround for dovecot...
mkdir -p /var/lib/dovecot
cat ${dovecotConfSSL} > /var/lib/dovecot/ssl-keys.conf
chown root:root /var/lib/dovecot/ssl-keys.conf
chmod 400 /var/lib/dovecot/ssl-keys.conf
''; '';
}; };
} }