as well as the
ssl_protocols list. This protects your IMAPS and POP3S
protocols. Again, OpenVAS is set to run against those
protocols as well.
Carl
*From:*Gary Bowling [mailto:g...@gbco.us]
*Sent:* Tuesda
465 and 587]. In my case, I also use OpenVAS to test
the HTTPS side as well.
If you’re using dovecot, you will want to also put the
ssl_cipher_list in /etc/dovecot/dovecot.conf as well as the
ssl_protocols list. This protects your IMAPS and POP3S protocols.
Again, OpenVAS is set to run again
Subject: Re: [qmailtoaster] SSL Problem Dovecot
Carl, when I put that statement in my dovecot conf I get the
following in my log on startup.
Sep 04 13:39:41 config: Warning: Obsolete setting in
/etc/dovecot/local.conf
: [qmailtoaster] SSL Problem Dovecot
Carl, when I put that statement in my dovecot conf I get the following in my
log on startup.
Sep 04 13:39:41 config: Warning: Obsolete setting in
/etc/dovecot/local.conf:22: ssl_protocols has been replaced by ssl_min_protocol
Sep 04 13:39:41 config
Carl, when I put that statement in my dovecot conf I get the
following in my log on startup.
Sep 04 13:39:41 config: Warning: Obsolete setting in
/etc/dovecot/local.conf:22: ssl_protocols has been replaced by
ssl_min_protocol
Sep 04 13:39
Hi Carl,
I have no ssl_protocols, but I do have ssl_min_protocol
Eric
On Wed, Sep 4, 2019 at 11:20 AM CarlC Internet Services Service Desk <
ab...@carlc.com> wrote:
> For Dovecot, I use
>
>
>
> ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2
>
>
>
> Then under ssl_cipher_list, I have a long l
Thanks for that Carl. I will try that in my dovecot.
An interesting note.. The default dovecot ciphers are
ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
When I did a
openssl ciphers
'
ry Bowling [mailto:g...@gbco.us]
Sent: Wednesday, September 04, 2019 10:50
AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem
For Dovecot, I use
ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2
Then under ssl_cipher_list, I have a long list of ciphers [and blocked ones]
that start with the strongest and work downward from there. When I run a scan
against IMAPS, any that are found to be compromised, I change t
ain idea of it now.
>
>
>
> Carl
>
>
>
> *From:* Gary Bowling [mailto:g...@gbco.us]
> *Sent:* Wednesday, September 04, 2019 10:50 AM
> *To:* qmailtoaster-list@qmailtoaster.com
> *Subject:* Re: [qmailtoaster] SSL Problem Dovecot
>
>
>
>
>
> Yes it'
day, September 04, 2019 10:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem Dovecot
Yes it's a bit tricky for sure. Phones for email, which I have a lot of. I have
a customer with a fax machine that emails faxes, so it has an email account
configur
arl
From:
Gary Bowling [mailto:g...@gbco.us]
Sent: Wednesday, September 04, 2019 09:19 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem Dovecot
each cipher you want [the file can actually be 10+ lines
long wrapped]. This is so you can remove all the “hacked” ciphers,
especially to force your clients security to remain high. If your
running openssl 0.9.x, you don’t get the newer TLS ciphers you
need
to be secure.
Using the
From: Gary Bowling [mailto:g...@gbco.us]
Sent: Wednesday, September 04, 2019 09:19 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem Dovecot
FYI. I wanted to see in the log files, what version people were using prior to
making changes. To do that you need to
onf as well as the
ssl_protocols list. This protects your IMAPS and POP3S
protocols. Again, OpenVAS is set to run against those
protocols as well.
Carl
*From:*Gary Bowling [mailto:g...@gbco.us]
*Se
/etc/dovecot/dovecot.conf as well as the
ssl_protocols list. This protects your IMAPS and POP3S protocols.
Again, OpenVAS is set to run against those protocols as well.
Carl
*From:*Gary Bowling [mailto:g...@gbco.us]
*Sent:* Tuesday, September 03, 2019 03:35 PM
*To:* qmailtoaster-list@qmailto
/etc/dovecot/dovecot.conf as well as the
ssl_protocols list. This protects your IMAPS and POP3S protocols.
Again, OpenVAS is set to run against those protocols as well.
Carl
*From:*Gary Bowling [mailto:g...@gbco.us]
*Sent:* Tuesday, September 03, 2019 03:35 PM
*To:* qmailtoaster-list@qmailtoaste
as the
ssl_protocols list. This protects your IMAPS and POP3S
protocols. Again, OpenVAS is set to run against those protocols
as well.
Carl
*From:*Gary Bowling [mailto:g...@gbco.us]
*Sent:* Tuesday,
he ssl_protocols list. This
protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run
against those protocols as well.
Carl
*From:*Gary Bowling [mailto:g...@gbco.us]
*Sent:* Tuesday, September 03, 2019 03:35 PM
*To:* qmailtoaster-list@qmailtoaster.com
*Subject:* Re: [qmailtoast
o:g...@gbco.us]
Sent: Tuesday, September 03, 2019 03:35 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem Dovecot
Thanks for that Carl. I'm running openssl-1.0.2k-16.el7_6.1.x86_64
Pretty much everything about my server is continuously updated stock
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem Dovecot
So this may be an issue of the tlsserverciphers file. Some
times it's interesting not knowing what your doing! haha
[because you had SSL 3.0/TLS 1.0 on].
Carl
From: Gary Bowling [mailto:g...@gbco.us]
Sent: Tuesday, September 03, 2019 02:58 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SSL Problem Dovecot
So this may be an issue of the tlsserverciphers file. Some times it&#
So this may be an issue of the tlsserverciphers file. Some times
it's interesting not knowing what your doing! haha
I guess the question I have is.. What is the proper
tlsserverciphers for a qmailtoaster with a letsencrypt
certificate. If th
23 matches
Mail list logo
