Re: Sv: 2FA/MFA with IMAP & postfix/submission

2021-07-14 Thread Aki Tuomi
Unfortunately the best way to do multifactor authentication today is to use OAUTH2, which isn't currently supported for own installations. Or you can use client certs. If you want to use some kind of MFA with tokens, you end up having to feed your token all the time. So the best option, for now

Sv: 2FA/MFA with IMAP & postfix/submission

2021-07-14 Thread Sebastian
Main problem is that not many clients do natively support multifactor. Some clients, do popup a login dialog if the server rejects the password as invalid, which can be used to create a "cheaty variant" of multifactor, but some clients just popup an error dialog and tell the user to just correct

Re: TLS Security

2021-07-14 Thread Plutocrat
I've found this resource useful in the past https://ssl-config.mozilla.org/#server=dovecot&version=2.3.9&config=intermediate&openssl=1.1.1d&guideline=5.6 P.

Re: 2FA/MFA with IMAP & postfix/submission

2021-07-14 Thread PGNet Dev
On 7/14/21 8:08 PM, Alex wrote: Hi, I have a dovecot-2.3.13 system on fedora34 with a few hundred IMAP4 accounts, as well as postfix users using submission. Clients are using primarily Outlook on Windows and old squirrelmail. Are there multi-factor options available? google roundcube + 2FA nu

2FA/MFA with IMAP & postfix/submission

2021-07-14 Thread Alex
Hi, I have a dovecot-2.3.13 system on fedora34 with a few hundred IMAP4 accounts, as well as postfix users using submission. Clients are using primarily Outlook on Windows and old squirrelmail. Are there multi-factor options available? If it is not available, do you have any recommendations on wh

Re: folders management

2021-07-14 Thread Joseph Tam
On Tue, 13 Jul 2021, Stephane Magnier wrote: On my folders' architecture, I can see all the folders underneeth each other fodler1 folder2 etc I would like to have the possibility to have _folders INTO folders_, like Folder1 Folder2 ...folder 21 ..folder 22 Folders 3 Apparently, t

Re: TLS Security

2021-07-14 Thread Aki Tuomi
> On 14/07/2021 17:55 Stefan Schumacher wrote: > > > Hi, > > > I wish to build a new secure email server. It seems I am on the right way – > at least I get no more error messages for Postfix – but Dovecot is still > making trouble. > > > I am using Dovecot 1:2.3.4.1-5+deb10u6 and I am us

Re: TLS Security

2021-07-14 Thread justina colmena ~biz
Interesting. Assuming your "Kali" tools are in fact up to date to test with newer protocols TLS1.2+, is Dovecot compiled against a recent version of the OpenSSL or GnuTLS library or whatever it uses to support the newer TLS protocols? Definitely an outdated cipher issue, on Postfix as well as D

Re: Doveadm encrypt/decrypt files manually with per-user folder keys

2021-07-14 Thread Aki Tuomi
> On 14/07/2021 18:31 Ben Burk wrote: > > > One more question and I think I should be ok. I just need to encrypt > unencrypted mails after having originally enabled mail_crypt. > > > I've determined how to decrypt encrypted mails from command line using > the private key for the mail folder

Re: Doveadm encrypt/decrypt files manually with per-user folder keys

2021-07-14 Thread Ben Burk
One more question and I think I should be ok. I just need to encrypt unencrypted mails after having originally enabled mail_crypt. I've determined how to decrypt encrypted mails from command line using the private key for the mail folder, like so: sudo -u vmail doveadm -o plugin/mail_crypt_

TLS Security

2021-07-14 Thread Stefan Schumacher
Hi, I wish to build a new secure email server. It seems I am on the right way – at least I get no more error messages for Postfix – but Dovecot is still making trouble. I am using Dovecot 1:2.3.4.1-5+deb10u6 and I am using ISPconfig 3.25 to do the rough configuring and nano and whats left of

Restrict number of mail moved/copied

2021-07-14 Thread Amol Kulkarni
Hello, I need to restrict number of mail moved/copied by end user using imap in operation. Is there any configuration for that ? Thanks and regards, Amol