Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
as well as the ssl_protocols list. This protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run against those protocols as well. Carl *From:*Gary Bowling [mailto:g...@gbco.us] *Sent:* Tuesda

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Andrew Swartz
465 and 587]. In my case, I also use OpenVAS to test the HTTPS side as well. If you’re using dovecot, you will want to also put the ssl_cipher_list in /etc/dovecot/dovecot.conf as well as the ssl_protocols list. This protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run again

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
Subject: Re: [qmailtoaster] SSL Problem Dovecot     Carl, when I put that statement in my dovecot conf I get the following in my log on startup. Sep 04 13:39:41 config: Warning: Obsolete setting in /etc/dovecot/local.conf

RE: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread CarlC Internet Services Service Desk
: [qmailtoaster] SSL Problem Dovecot Carl, when I put that statement in my dovecot conf I get the following in my log on startup. Sep 04 13:39:41 config: Warning: Obsolete setting in /etc/dovecot/local.conf:22: ssl_protocols has been replaced by ssl_min_protocol Sep 04 13:39:41 config

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
Carl, when I put that statement in my dovecot conf I get the following in my log on startup. Sep 04 13:39:41 config: Warning: Obsolete setting in /etc/dovecot/local.conf:22: ssl_protocols has been replaced by ssl_min_protocol Sep 04 13:39

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Eric Broch
Hi Carl, I have no ssl_protocols, but I do have ssl_min_protocol Eric On Wed, Sep 4, 2019 at 11:20 AM CarlC Internet Services Service Desk < ab...@carlc.com> wrote: > For Dovecot, I use > > > > ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 > > > > Then under ssl_cipher_list, I have a long l

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
Thanks for that Carl. I will try that in my dovecot. An interesting note.. The default dovecot ciphers are ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH When I did a openssl ciphers '

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
ry Bowling [mailto:g...@gbco.us] Sent: Wednesday, September 04, 2019 10:50 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SSL Problem

RE: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread CarlC Internet Services Service Desk
For Dovecot, I use ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 Then under ssl_cipher_list, I have a long list of ciphers [and blocked ones] that start with the strongest and work downward from there. When I run a scan against IMAPS, any that are found to be compromised, I change t

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Eric Broch
ain idea of it now. > > > > Carl > > > > *From:* Gary Bowling [mailto:g...@gbco.us] > *Sent:* Wednesday, September 04, 2019 10:50 AM > *To:* qmailtoaster-list@qmailtoaster.com > *Subject:* Re: [qmailtoaster] SSL Problem Dovecot > > > > > > Yes it'

RE: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread CarlC Internet Services Service Desk
day, September 04, 2019 10:50 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SSL Problem Dovecot Yes it's a bit tricky for sure. Phones for email, which I have a lot of. I have a customer with a fax machine that emails faxes, so it has an email account configur

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
arl   From: Gary Bowling [mailto:g...@gbco.us] Sent: Wednesday, September 04, 2019 09:19 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SSL Problem Dovecot

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Andrew Swartz
each cipher you want [the file can actually be 10+ lines     long wrapped]. This is so you can remove all the “hacked” ciphers,     especially to force your clients security to remain high. If your     running openssl 0.9.x, you don’t get the newer TLS ciphers you need     to be secure.     Using the

RE: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread CarlC Internet Services Service Desk
From: Gary Bowling [mailto:g...@gbco.us] Sent: Wednesday, September 04, 2019 09:19 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SSL Problem Dovecot FYI. I wanted to see in the log files, what version people were using prior to making changes. To do that you need to

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
onf as well as the ssl_protocols list. This protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run against those protocols as well. Carl *From:*Gary Bowling [mailto:g...@gbco.us] *Se

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Andrew Swartz
/etc/dovecot/dovecot.conf as well as the ssl_protocols list. This protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run against those protocols as well. Carl *From:*Gary Bowling [mailto:g...@gbco.us] *Sent:* Tuesday, September 03, 2019 03:35 PM *To:* qmailtoaster-list@qmailto

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Andrew Swartz
/etc/dovecot/dovecot.conf as well as the ssl_protocols list. This protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run against those protocols as well. Carl *From:*Gary Bowling [mailto:g...@gbco.us] *Sent:* Tuesday, September 03, 2019 03:35 PM *To:* qmailtoaster-list@qmailtoaste

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-04 Thread Gary Bowling
as the ssl_protocols list. This protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run against those protocols as well. Carl *From:*Gary Bowling [mailto:g...@gbco.us] *Sent:* Tuesday,

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-03 Thread Andrew Swartz
he ssl_protocols list. This protects your IMAPS and POP3S protocols. Again, OpenVAS is set to run against those protocols as well. Carl *From:*Gary Bowling [mailto:g...@gbco.us] *Sent:* Tuesday, September 03, 2019 03:35 PM *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoast

RE: [qmailtoaster] SSL Problem Dovecot

2019-09-03 Thread CarlC Internet Services Service Desk
o:g...@gbco.us] Sent: Tuesday, September 03, 2019 03:35 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SSL Problem Dovecot Thanks for that Carl. I'm running openssl-1.0.2k-16.el7_6.1.x86_64 Pretty much everything about my server is continuously updated stock

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-03 Thread Gary Bowling
To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SSL Problem Dovecot     So this may be an issue of the tlsserverciphers file. Some times it's interesting not knowing what your doing! haha  

RE: [qmailtoaster] SSL Problem Dovecot

2019-09-03 Thread CarlC Internet Services Service Desk
[because you had SSL 3.0/TLS 1.0 on]. Carl From: Gary Bowling [mailto:g...@gbco.us] Sent: Tuesday, September 03, 2019 02:58 PM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SSL Problem Dovecot So this may be an issue of the tlsserverciphers file. Some times it&#

Re: [qmailtoaster] SSL Problem Dovecot

2019-09-03 Thread Gary Bowling
So this may be an issue of the tlsserverciphers file. Some times it's interesting not knowing what your doing! haha I guess the question I have is.. What is the proper tlsserverciphers for a qmailtoaster with a letsencrypt certificate. If th