Re: MySQL connection with SSL

2024-05-16 Thread Christopher Wensink via dovecot 

See here for the documentation for dovecot:

https://doc.dovecot.org/admin_manual/ssl/

On 5/16/2024 8:30 AM, Gandalf Corvotempesta wrote:

Il giorno gio 16 mag 2024 alle ore 15:12 Christopher Wensink via
dovecot  ha scritto:

Yes.

https://dev.mysql.com/doc/refman/8.3/en/using-encrypted-connections.html

This is for using ssl with native mysql client.
Dovecot uses the native library or has a embedded mysql library ?

because my .my.cnf is already set to use ssl as preferred, but dovecot
doesn't connect with ssl.


--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
cwens...@five-star-plastics.com
www.five-star-plastics.com

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: MySQL connection with SSL

2024-05-16 Thread Christopher Wensink via dovecot 

Gandalf,

Yes.

https://dev.mysql.com/doc/refman/8.3/en/using-encrypted-connections.html

It's common practice.  From my experience most LAMP stacks are built and 
with a web front end that's handling the SSL traffic via apache to 
secure the connection between the client browser and the web server.  
SSL is operating on layer 4 of the OSI model so theoretically all 
applications (and most do) have some support for encrypted connections.


On 5/16/2024 5:46 AM, Gandalf Corvotempesta via dovecot wrote:

Hi all
is possible to tell dovecot to use a mysql connection with SSL ?

My new remote mysql server only allows ssl connections
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org


--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
cwens...@five-star-plastics.com
www.five-star-plastics.com

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: Authentication questions

2024-05-09 Thread Christopher Wensink via dovecot 

This may help, see the post from 9/9/2021:
https://github.com/goauthentik/authentik/issues/1234

On 5/9/2024 2:50 PM, Francis Augusto Medeiros-Logeay via dovecot wrote:



On 9 May 2024, at 19:45, Aki Tuomi  wrote:

  

On 09/05/2024 20:15 EEST Francis Augusto Medeiros-Logeay via dovecot 
mailto:dovecot@dovecot.org>> wrote:
  
  
Hi,
  
I was wondering:
  
1 - Is it possible to configure authentication methods per user? For example, oauth2 for most users, but plain for others?

2 - I had a feeling that when oauth2 authentication fails, dovecot tries to 
authenticate via plain with the received token. Doesn’t seem logical, but I get 
my user blocked on my directory server (freeipa) after a few failed oath 
authentications. If so, can this be prevented?
  
Best,
  
Francis

___
dovecot mailing list -- dovecot@dovecot.org 
To unsubscribe send an email to dovecot-le...@dovecot.org 


Yep. See 
https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb/#passdb-setting
  
you can filter by mechanism.
  
Aki

The weird thing is that I get this still:

May 09 21:45:47 auth: Error: oauth2(myu...@mydomain.com,48.237.124.127): oauth2 
failed: Introspection failed: No username returned
May 09 21:45:47 auth: Error: ldap(myu...@mydomain.com,48.237.124.127): 
ldap_bind() failed: Constraint violation

Even when I have my configuration like this:

auth_mechanisms = $auth_mechanisms xoauth2 oauthbearer


passdb {
   driver = oauth2
   mechanisms = xoauth2 oauthbearer
   args = /etc/dovecot/dovecot-oauth2.conf.ext
   result_failure=return-fail
}

What could be the cause?

Best,
Francis


___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org



--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
cwens...@five-star-plastics.com
www.five-star-plastics.com

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Re: server migration

2024-04-10 Thread Christopher Wensink via dovecot 

Can you expand and explain this:

Why? The whole idea about having a LTS distribution is that you almost never 
need to do this?

Can you provide a link for context?

On 4/10/2024 3:25 PM, Marc via dovecot wrote:



• Gandalf Corvotempesta via dovecot [2024-04-10 21:07]:

Guys, any help?

What you describe is exactly what I have been doing since ... forever


Why? The whole idea about having a LTS distribution is that you almost never 
need to do this? It is not like the imap/pop/smtp standards are having yearly 
innovations. Or is this a service you provide for clients?
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org



--
Christopher Wensink
IS Administrator
Five Star Plastics, Inc
1339 Continental Drive
Eau Claire, WI 54701
Office:  715-831-1682
Mobile:  715-563-3112
Fax:  715-831-6075
cwens...@five-star-plastics.com
www.five-star-plastics.com

___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org