Re: dovecot + centos 7 + internal ca + hostname change

Turns out this was an openldap config issue .. connecting to ldap via self signed cert and had /etc/openldap/ldap.conf as TLS_CACERT /etc/dovecot/ldap_ca TLS_REQCERT allow TLS_CACERTDIR/etc/openldap/certs SASL_NOCANONon Seems what ever gets generated in TLS_CACERTDIR is problem ..

Re: Server certificate verification error with Dovecot 2.3.2.1

You are supposed to put the intermediates into the cert file after the cert in order from cert to root. ssl_ca is not used for this. ---Aki TuomiDovecot oy Original message From: Robert Gill Date: 13/09/2018 01:00 (GMT+02:00) To: dovecot@dovecot.org Subject: Server

dovecot + centos 7 + internal ca + hostname change

Not sure if this is dovecot or not but can find very little ie no info around on this ... and added the pem file into /etc/pki/ca-trust/source/anchors and run udpate-ca-trust .. all works ok .. (this is on centos 7 btw) So wanted to change the hostname away from ip-x-x-x-x to something a little

Server certificate verification error with Dovecot 2.3.2.1

I'm attempting to upgrade my Dovecot installation to 2.3.2.1. My SSL certificate authority provides a bundle containing their CA, plus intermediate CAs, which I configure using the 'ssl_ca' option. The comments in the configuration file say to only set this when you're requiring client

Re: make check (pigeonhole)

Must be non root user as well On 9/12/2018 1:05 PM, Aki Tuomi wrote: Ok. We have that fix as well but for other reasons.  Good to know this. --- Aki Tuomi Dovecot oy Original message From: Eric Broch Date: 12/09/2018 21:36 (GMT+02:00) To: Aki Tuomi , dovecot@dovecot.org

Re: make check (pigeonhole)

Ok. We have that fix as well but for other reasons.  Good to know this. ---Aki TuomiDovecot oy Original message From: Eric Broch Date: 12/09/2018 21:36 (GMT+02:00) To: Aki Tuomi , dovecot@dovecot.org Subject: Re: make check (pigeonhole) Hi Aki, I needed this

Re: make check (pigeonhole)

Hi Aki, I needed this patch (fedora): |diff -up dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt dovecot-2.3.0.1/src/auth/mycrypt.c --- dovecot-2.3.0.1/src/auth/mycrypt.c.libxcrypt 2018-02-28

Re: Adding namespace alias_for causes index resync?

On 2018-09-12 16:54, Tom Sommer wrote: I just added a new namespace-alias with alias_for. Apparently this causes all mailbox indexes to be resynced? Is this intentional and/or is there some way to avoid this? My NFS storage pretty much kills itself when hundreds of thousands of users needs to

Adding namespace alias_for causes index resync?

I just added a new namespace-alias with alias_for. Apparently this causes all mailbox indexes to be resynced? Is this intentional and/or is there some way to avoid this? My NFS storage pretty much kills its elf when hundreds of thausands of users needs to resync indexes :) Thanks -- Tom

Re: LMTP tcp listener with auth?

Hi Stephan, On Wed, 12 Sep 2018, Stephan Bosch wrote: LMTP currently does not support AUTH. Bummer. Thought so. What is your use case? Most people hide LMTP behind a firewall, or don't expose it through TCP/IP in the first place. The port is currently only available to a few trusted

Re: LMTP tcp listener with auth?

Hi Stephan, On Wed, 12 Sep 2018, Stephan Bosch wrote: LMTP currently does not support AUTH. Bummer. Thought so. What is your use case? Most people hide LMTP behind a firewall, or don't expose it through TCP/IP in the first place. The port is currently only available to a few trusted

Re: LMTP tcp listener with auth?

Op 12-9-2018 om 11:13 schreef Andreas Thienemann: I am wondering if it's possible to have a tcp listener for LMTP do authentication and not accept any unauthenticated mail. My configuration looks like the following: service lmtp {   inet_listener lmtp {     address = 192.168.0.1 127.0.0.1  

Re: How to send mail to mailbox with disabled domain?

If you want to accept delivery for one address only and reject all other adresses in the domain, you can do this with postfix's access table: http://www.postfix.org/access.5.html A hint to transport tables: us...@example1.com lmtp:$HOW_TO_REACH_THE_MX us...@example1.com

LMTP tcp listener with auth?

I am wondering if it's possible to have a tcp listener for LMTP do authentication and not accept any unauthenticated mail. My configuration looks like the following: service lmtp { inet_listener lmtp { address = 192.168.0.1 127.0.0.1 port = 24 } } This gives me a network reachable

Re: Dsync deleting mailboxes due to duplicate UIDs

Hi Sami, On Mon, 10 Sep 2018, Sami Ketola wrote: Currently dovecot does rely on remote to send valid RFC-compliant headers. But you are not alone, we have seen similar problems with mixed header fields on some legacy servers on the migrations we have performed. Bummer. Would have been

Re: How to send mail to mailbox with disabled domain?

On 09/11/2018 08:20 PM, Kai Schaetzl wrote: > I have to disable mail acceptance for example1.com. > If not, mail sent *from* that server (e.g. from a web form) to that domain > will not leave the server. > However, if I disable example1.com for mail dovecot lmtp will not deliver > mail to this

Re: make check (pigeonhole)

I tried reproducing your problem and I only can make it happen if I run the test suite as root, which is not supported. Aki On 12.09.2018 06:49, Eric Broch wrote: > > I'll give those a look and make change accordingly. > > > On 9/11/2018 9:26 PM, Aki Tuomi wrote: >> You know we have rpm

Re: Letsencrypt certificate for repo.dovecot.org expired May 14th..

So it seems. Guess our certbot does not support post hook directories, since it's not executing the hooks there. Aki On 12.09.2018 08:56, B. Reino wrote: > > FYI, it happened again :) > > On July 15, 2018 10:49:08 AM GMT+02:00, "B. Reino" wrote: >> Dear Aki, >> >> I think the renewal failed