On 1/18/2015 12:45 AM, Robert Schetterer wrote:
Am 16.01.2015 um 12:24 schrieb Oliver Welter:
Hi Folks,
after adding TLSv1.2 to by TLS options a lot of Outlook users complaint
about connection errors, openssl s_client and Thunderbird works fine.
I found some posts about this but none of them
On 1/9/2015 4:07 PM, Jyri Hovila [Turvamies.fi] wrote:
Hello, world!
I have a long-running Dovecot Postfix installation using PostgreSQL
back-end.
Until now I've been using MD5 hashing but would like to upgrade to
the salted SSHA512.
Is there a way to configure Dovecot so that it would
On 12/9/2014 6:08 PM, Зинин Дмитрий Андреевич wrote:
I¹ve a problem with renaming directories with subdirectories.
In root directory I create directory named ³lvl1² with subdirectory ³lvl2²
When I rename directory lvl1 to lvl1-new I get:
1. /lvl1-new with subdir lvl2 but I can use only
On 12/5/2014 3:24 AM, ML mail wrote:
Hello,
I am wondering which variant is more secure for user authentication and
password scheme. Basically I am looking at both variants:
1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism
2) SHA512-CRYPT password scheme storage with PLAIN
On 12/2/2014 1:32 AM, Reindl Harald wrote:
Am 02.12.2014 um 06:44 schrieb Will Yardley:
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
On 12/1/2014 4:43 PM, Will Yardley wrote:
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane
On 12/1/2014 9:44 PM, Will Yardley wrote:
On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
On 12/1/2014 4:43 PM, Will Yardley wrote:
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
Is there a way to exclude these ciphers, while
On 12/2/2014 8:38 AM, Reindl Harald wrote:
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim:
On 12/2/2014 1:32 AM, Reindl Harald wrote:
ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH
ssl_dh_parameters_length = 2048
ssl_parameters_regenerate = 0
ssl_protocols = !SSLv2 !SSLv3 TLSv1
On 12/2/2014 10:05 AM, Will Yardley wrote:
I had some problems the first few times I restarted with ssl-params
seeming to hang, but it finally works.
That would have been dovecot generating the 4096-bit DH parameters. It
can take a bit, but Dovecot is quite fast at it. If Dovecot supported
On 12/2/2014 10:26 AM, Will Yardley wrote:
In this case, it was consuming a lot of CPU for 5+ minutes, and the
.dat.tmp file hadn't been updated since the process started, so I'm not
sure if something went wrong.
Yes, large DH parameters take time to generate, hence turning off
regeneration.
On 12/1/2014 4:43 PM, Will Yardley wrote:
Can you use both ssl_protocols *and* ssl_cipher_list in the same config
(in a way that's sane)?
Is there a way to exclude these ciphers, while still keeping my config
easy to parse and avoiding duplicative or deprecated configs?
Yes to both. If you
On 2/24/2014 7:07 AM, Götz Reinicke - IT Koordinator wrote:
Hi,
we still run dovecot 1.2.17 and upgrading is not planed for some time.
But I'm asked to install a sieve system to be used with SOGo soon.
What do I have to install / configure?
Is installing/configuring the dovecot-sieve-0.1.19
On 1/6/2014 1:17 AM, ldaamandy wrote:
What's the parameter -w for dovecot-auth: dovecot -w my service of
dovecot-auth always activing two: one is dovecot-auth, the other
is dovecot-auth -w i don't know the diffevent between them
According to the Dovecot 1.x wiki:
'dovecot-auth -w process is
On 1/6/2014 2:02 AM, ldaamandy wrote:
thank you Darren Pilgrim and what should I do to not let
dovecot -w start? i want to keep one dovecot-auth . Is it set in
the dovecot.conf ?
You can't make it not start--it's necessary for certain authentication
databases. Even if you could, why
On 12/24/2013 7:16 PM, Jouko Nikula wrote:
Hello,
If I try to use the crypt schemes provided by libc. I fail as follows:
jnikula@jlaptop:~/$ doveadm pw -s SHA512-CRYPT -p 123456
On 12/17/2013 8:02 AM, Reindl Harald wrote:
there are enough writing their address uppercase while the server was never
configured
that way, there are enough writing firstnamelastn...@domain.tld and you can
hardly
find a normal person who accepts that writing a message to y...@domain.tld
goes
On 11/8/2013 5:07 AM, Timo Sirainen wrote:
I've never really wanted to create my own MTA,
Then please don't. Dovecot took over because the mailbox side of email
was a wheel that needed reinventing. That is not the case with SMTP
servers. Fork Exim or Postfix if you want to create an MTA.
On 10/18/2013 5:32 AM, Reindl Harald wrote:
Am 18.10.2013 14:22, schrieb Adi Kriegisch:
PS: I need that feature to enable PFS while allowing Outlook to still
connect and the others not to fall back to a different cipher; I was
unable to find a PFS cipher that is supported by Outlook and
On 10/19/2013 5:24 PM, Reindl Harald wrote:
Am 20.10.2013 01:58, schrieb Darren Pilgrim:
On 10/18/2013 5:32 AM, Reindl Harald wrote:
this does *not work* with Outlook 2003-2010 on Windows XP
It's not Outlook's fault. Office, IE, etc. all use stunnel which, on XP/2003,
is as outdated
On 10/12/2013 3:43 AM, Noel Butler wrote:
On 12/10/2013 19:22, Daniel Parthey wrote:
No mail will be lost, since it should remain in the remote MTA's mail
queue for a while in order to be retried and delivered later.
No guarantee there, some services are broken and do not retry, hotmail
On 10/6/2013 1:56 PM, Ed W wrote:
Make use of the proxy feature. You can add a server entry into your
userdb, that way you can literally move users over one by one and flip
their server location. You can easily test individual users and move
them over individually.
Works brilliantly
Second
On 9/11/2013 3:52 PM, Reindl Harald wrote:
and that is why i said most widely used does not
RHEL5: openssl-0.9.8e
RHEL6: openssl-1.0.0
Fedora 17: openssl-1.0.0k
Fedora 18: openssl-1.0.1e
RHEL with outdated software bundled? You don't say. ;)
Let's look at the rest of the world:
On 9/9/2013 4:09 PM, Reindl Harald wrote:
Am 09.09.2013 22:56, schrieb Darren Pilgrim:
I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0.
Clients will opportunistically use
TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set
ssl_cipher_list
I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and
TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I
want require they do so. Is it enough to set
ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5
or are there additional settings I need to
On 2013-05-24 05:29, Christoph Anton Mitterer wrote:
On Thu, 2013-05-23 at 19:58 -0700, Darren Pilgrim wrote:
Does adding LAYOUT=fs to mail_location, which makes Dovecot use a dir
hierarchy instead of dot-prefixing, make this possible?
I would expect that one then runs into the same troubles
On 2013-05-23 18:41, Christoph Anton Mitterer wrote:
Uhm... yeah as the topic implies I want to have . (dots) in my folder
names...
Unfortunately dovecot's maildirmake hasn't a -f switch as the one from
courier/maildrop, but that one in turn is buggy[0] and doesn't encode
any characters at all.
I'm using Dovecot 2.1.15. I need to require encryption and only secure
auth on public addresses, but allow plaintext auth over an unencrypted
connection on localhost.
I have so far (excerpts from `doveconf -a`):
auth_mechanisms = cram-md5 plain
disable_plaintext_auth = yes
listen =
service
I figured this out. I was testing Dovecot from the machine running
Dovecot. I didn't know that when the client address is a local address
(even if it's a public one), that Dovecot treats the connection as if it
was localhost. I also did not know that Dovecot automatically ignores
ssl =
Timo,
Thank you for trying to help, but I'm out of time on this. I switched
everything over to the PLAIN mechanism with BLF-CRYPT hashes and it
works fine. I'm guessing there's something broken with DIGEST-MD5, but
can't say if the fault is in Dovecot 2 or Postfix. Given that it's
On 2013-02-22 03:30, Timo Sirainen wrote:
If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be
in plaintext format.
I tried using a DIGEST-MD5 hash instead of CRAM-MD5. It doesn't work
either:
rush# doveadm pw -s digest-md5 -u houseloki -p password
{DIGEST-MD5}...
Add to
I have three postfix 2.9.5 servers: chombo, rush, yoshi. Chombo relays
to rush and yoshi for outbound email. Outbound relay requires SASL
authentication. Rush and yoshi run Dovecot 2.1.12 servers with simple
passwd-file backends.
If I create a new password hash for chombo's user,
JANE CUA wrote:
dovecot 1.1.17 (imap)
squirrelmail 1.4.17
I can send and receive email fine. However when I try to delete an
email in my Inbox, it doesn't get deleted. It only sends a copy to
the Trash folder. But the email is still in the Inbox. I can purge
and delete the contents in my
Timo Sirainen wrote:
On Jan 1, 2009, at 12:05 PM, Radim Roska wrote:
Squirrelmail does not allow to create folders without prefix.
Really?
No. There's a configurable setting that creates folders under INBOX by
default; however, Squirrelmail can create top-level folders and
sub-folders
Roger Hale wrote:
I'm running dovecot-1.0.10 on a Solaris 10 server with home dirs
automounted over NFS. I have set the mail_location configuration
option so that nothing should be written to a user's home dir over
NFS but, as far as I can tell, dovecot still by default tries to
chdir to a
Roger Hale wrote:
Is there a way to prevent dovecot from causing the home dirs to be
mounted?
You can override the home dir returned by your userdb with a
variable-expanded, static value by adding home to args[1]. You need
to be careful and make sure that Dovecot doesn't use anything in the
This is a follow-on to the SQL field format for digest-md5? thread.
After some additional debugging, I've found the problem is a mismatch in
what Dovecot expects and Postfix uses for the user and realm.
For a username u...@example.com and password sekret, Dovecot expects:
username =
Timo Sirainen wrote:
On Dec 23, 2008, at 11:51 PM, Darren Pilgrim wrote:
Timo Sirainen wrote:
On Dec 23, 2008, at 8:57 PM, Darren Pilgrim wrote:
I'm enabling digest-md5 authentication with u...@example.com
username and plain-text passwords stored in a MySQL database.
What should
I found (by reading the Dovecot source) that the correct format is
user:example.com:password, not u...@example.com::password.
I've also narrowed down the problem a bit. It seems there's a problem
using the DIGEST-MD5 mech. The {DIGEST-MD5} scheme works just fine from
a SQL database. With a
I'm enabling digest-md5 authentication with u...@example.com username
and plain-text passwords stored in a MySQL database. What should the
password field contain in order to work with digest-md5? Would the
following:
SELECT CONCAT('{digest-md5}', MD5(CONCAT(username, '::', password))) AS
Timo Sirainen wrote:
On Dec 23, 2008, at 8:57 PM, Darren Pilgrim wrote:
I'm enabling digest-md5 authentication with u...@example.com
username and plain-text passwords stored in a MySQL database. What
should the password field contain in order to work with digest-md5?
Would the following
Ian P. Christian wrote:
I'd like to host multiple domains though a central dovecot proxy -
however, I need to present different certs to different hostnames
(which are on different IPs).
I can't see a way to this in the documentation, is it possible?
You can't do this with a single instance,
Ian P. Christian wrote:
2008/12/20 Darren Pilgrim list_dove...@bluerosetech.com:
You can't do this with a single instance, but you can run parallel instances
of dovecot on the same machine.
Thanks Darren, I did think about this option.
Does anyone else see a value in my putting
Xavier Maillard wrote:
Hi,
I am using SIEVE to filter/sort my incoming mails.
I am subscribed to tens of mailing lists and I would like to file
messages into folder of this pattern:
INBOX/list/tld/domain name/list name
So for example help-gnu-em...@gnu.org would be filed under:
David Rosenstrauch wrote:
On Sat, December 13, 2008 12:28 am, Timo Sirainen wrote:
On Dec 13, 2008, at 3:40 AM, David Rosenstrauch wrote:
In recent days, dovecot's imap processes keep getting stuck. Each
time I check my server (running dovecot 1.1.7) there's a bunch of
imap processes
43 matches
Mail list logo
