Re: how to setup IMAPs with letsencrypt
__
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 22/4/22 a les 1:40, Jeremy Ardley ha escrit:
On 22/4/22 7:25 am, al...@coakmail.com wrote:
hello
I have setup website using letsencrypt for certification.
how can I setup IMAP to use this certs as well?
Thank you.
Make entries in /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = You can override the global ssl certificates for specific domains in
/etc/dovecot/dovecot.conf
local special.example.com {
protocol imap {
ssl_cert =
+ You should sure "dovecot" service account has read access to
/etc/letsencrypt/live/special.example.com/privkey.pem
p.e. by adding account to a common group with LE files.
Re: how to setup IMAPs with letsencrypt
On 22/4/22 8:24 am, Jeremy Ardley wrote:
local mail.example.com {
protocol imap {
ssl_cert =
My error. The correct example domain override stanza is
#specific domain override
local special.example.com {
protocol imap {
ssl_cert =
OpenPGP_signature
Description: OpenPGP digital signature
Re: how to setup IMAPs with letsencrypt
On 22/4/22 7:50 am, Jeremy Ardley wrote: On 22/4/22 7:44 am, al...@coakmail.com wrote: On 22/4/22 7:25 am,al...@coakmail.com wrote: Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely? Probably a bad idea. Many clients use STARTTTLS on port 143 rather than TLS on port 993 I forgot to mention that in /etc/dovecot/dovecot.conf you don't need to specify imaps. Dovecot automatically listens on port 993 and 143 when ssl is specified and applies the ssl directive as indicated. #global # SSL/TLS support: yes, no, required. ssl = required ssl_min_protocol = TLSv1.2 ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM ssl_prefer_server_ciphers = yes ssl_cert = It is possible to generate a wildcard letsencrypt certificate *.example.com but the process is tricky and has unexpected side-effects such as typo.example.com resolves to example.com in DNS -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: how to setup IMAPs with letsencrypt
On 2022-04-22 01:50, Jeremy Ardley wrote: On 22/4/22 7:44 am, al...@coakmail.com wrote: On 22/4/22 7:25 am, al...@coakmail.com wrote: Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely? Probably a bad idea. Many clients use STARTTTLS on port 143 rather than TLS on port 993 keeping footprint of servers minimal risk is not a bad idea
Re: how to setup IMAPs with letsencrypt
I have setup website using letsencrypt for certification. how can I setup IMAP to use this certs as well? Make entries in /etc/dovecot/conf.d/10-ssl.conf ssl = required ssl_cert = Keep in mind the subject name (CN or SAN AltNames) of your certificate must match your IMAP server name e.g. if your certificate is made for "www.mydomain.com", you'll have to configure your IMAP clients to also use "www.mydomain.com" as the IMAP server name. This typically means the web and IMAP server must reside on the same server, otherwise you'll have to use DNS challenge method to support multiple hostnames on the same certificate. Joseph Tam
Re: how to setup IMAPs with letsencrypt
On 22/4/22 7:44 am, al...@coakmail.com wrote: On 22/4/22 7:25 am, al...@coakmail.com wrote: Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely? Probably a bad idea. Many clients use STARTTTLS on port 143 rather than TLS on port 993 -- Jeremy OpenPGP_signature Description: OpenPGP digital signature
Re: how to setup IMAPs with letsencrypt
On 2022-04-22 01:44, al...@coakmail.com wrote: Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely? yes
Re: how to setup IMAPs with letsencrypt
> > On 22/4/22 7:25 am, al...@coakmail.com wrote: >> hello >> >> I have setup website using letsencrypt for certification. >> how can I setup IMAP to use this certs as well? >> >> Thank you. >> > Make entries in /etc/dovecot/conf.d/10-ssl.conf > > ssl = required > > ssl_cert = ssl_key = > > in /etc/dovecot/dovecot.conf or in /etc/dovecot/conf.d/10-ssl.conf > > put > > ssl_min_protocol = TLSv1.2 > ssl_cipher_list = EECDH+AESGCM:EDH+AESGCM > ssl_prefer_server_ciphers = yes > > You can override the global ssl certificates for specific domains in > /etc/dovecot/dovecot.conf > Thanks. I will give a try. after enabling SSL, can I disable port 143 entirely?
Re: how to setup IMAPs with letsencrypt
On 22/4/22 7:25 am, al...@coakmail.com wrote:
hello
I have setup website using letsencrypt for certification.
how can I setup IMAP to use this certs as well?
Thank you.
Make entries in /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = You can override the global ssl certificates for specific domains in
/etc/dovecot/dovecot.conf
local special.example.com {
protocol imap {
ssl_cert =
OpenPGP_signature
Description: OpenPGP digital signature
how to setup IMAPs with letsencrypt
hello I have setup website using letsencrypt for certification. how can I setup IMAP to use this certs as well? Thank you.
RE: disabling namespace in special-userdb on dovecot 2.2
I have no idea what that's all about! But my dovecot system keeps bogging down & lot of my emails are disappearing and being eaten alive before I can read them ... On April 20, 2022 4:01:38 AM AKDT, Marc wrote: >> >> Currently I have such special-userdb file >> >> test:x:1:2:testaccount_descr:/home/users/testaccount:/bin/false:userdb_ >> mail=mbox:~/mbox:INBOX=/home/users/testaccount/inbox:INDEX=/home/users/testacco >> unt/index >> >> However I am still getting errors of a default configured namespace that >> still >> seems to be active. Is there a way to disable this namespace or reconfigure >> this in the userdb file? (When I was testing this on a dovecot 2.3 I did not >> run into this) >> > >userdb_mail_debug=yes userdb_namespace/archives/disabled=yes -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
replication fails with "Error: sync: Unknown user in remote" but user shows up in doveadm user "*"
Hello, I've been trying to replicate a production server (debian buster, dovecot 2.3.4.1). But I nothing is actually being replicated and for each attempted user the message "Error: sync: Unknown user in remote" is being logged. The ldap settings are actually the same on both server (source and destnation) and the "unknown user" is actually showing up in doveadm user "*" on the destination server. I had already replicated 2 servers and used the same settings. Am I missing something obvious here? Thanks, Arnaud -- Arnaud Abélard Responsable pôle Système et Stockage Service Infrastructures DSIN Université de Nantes - smime.p7s Description: S/MIME Cryptographic Signature
