similar to: Certificate cache on iOS with sending mail

On Thu, 10 Aug 2017, Larry Rosenman wrote: > Which mail client on iOS? Sorry, maybe not iOS, but definitely MacOSX Mail app. Joseph Tam <jtam.home at gmail.com>

Sent from my iPhone > On 14 Aug 2017, at 13:03, Alef Veld <alefveld at outlook.com> wrote: > > Hey Mike. > The iPhone and MacBook started working, but the two remaining iMacs still have problems. It's really weird. But if the first 2 are working it MUST be something local right? > > I removed the servers and re-added but no go. Maybe I'll need to remove the plist

Cheers Remko and Ralph. I think there was some mention in the lets encrypt FAQ that certbot doesn't do email. But I understand I can use their generated very for dovecot, postfix and https? That would be good indeed. Anyone know of any manual, or can I just replace the certs in the dovecot and postfix locations with theirs? Do dovecot, postfix and apache all support .pem format? Sent from

Thanks Ralph, i?ll look into that. I think let?s encrypt uses certbot though and it can?t do email certificates (although i?m sure i can convert the cert i get from let?s encrypt, i?ll look into it. > On 9 Aug 2017, at 16:40, Ralph Seichter <m16+dovecot at monksofcool.net> wrote: > > On 09.08.2017 17:20, Alef Veld wrote: > >> So i?m using dovecot, and i created a self

So I generated a new certificate for dovecot, and ever since I have this weird problem that my iPhone can still receive mail but cannot send using that mailserver. Same for my iMac. My laptop works fine still and can do both. Local issue you would say right. I'm wondering if there is any cache for a certificate or something, my maillog shows up something like 10 bytes read, -1. So it returns

Yes, yes, and yes. This is what I do for https://webmail.lerctr.org, imap.lerctr.org, smtp.lerctr.org, et al. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx at gmail.com US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106 On 8/9/17, 11:19 AM, "dovecot on behalf of Alef Veld" <dovecot-bounces at

> On 10 August 2017, at 04:37, Alef Veld <alefveld at outlook.com> wrote: > > I completely agree (having said that I'm pretty new to all this so I might be full of it). > > You should run your own CA if you have an active financial interest in your company (say your the owner). No added benefit to have your certificate certified by a third party, why would they care

So i?m using dovecot, and i created a self signed certificate with mkcert.sh based on dovecot-openssl.cnf. The name in there matches my mail server. The first time it connects in mac mail however, it says the certificate is invalid and another server might pretend to be me etc. I then have the option of trusting it. Is this normal behaviour? Will it always be invalid if it?s not signed by a

On 09.08.2017 17:20, Alef Veld wrote: > So i?m using dovecot, and i created a self signed certificate with > mkcert.sh based on dovecot-openssl.cnf. The name in there matches my > mail server. > > The first time it connects in mac mail however, it says the certificate > is invalid and another server might pretend to be me etc. This is to be expected for self-signed

On 09.08.2017 17:49, Alef Veld wrote: > I think let?s encrypt uses certbot though and it can?t do email > certificates (although i?m sure i can convert the cert i get from > let?s encrypt, i?ll look into it. I'm not sure what you mean by "can?t do email certificates"? In any case, Let's Encrypt issues certificates that can be used by Dovecot for IMAP and simultaneously

On 09.08.2017 18:18, Alef Veld wrote: > Anyone know of any manual, or can I just replace the certs in the > dovecot and postfix locations with theirs? Do dovecot, postfix and > apache all support .pem format? Google "dovecot letsencrypt" is your friend. ;-) If you have questions about details, we can discuss them of course. Also, please limit your replies to my messages to the

Hi all. I?m a bit worried about the following read errors i see in my log lately. Mails still arrive and get sent fine, but what is going on with this? It doesn?t look good. Nothing has change on server side and i restarted all services (dovecot, postfix, saslauthd, sql ). Maybe it?s a temporary iPhone thing (the device im using to read and send mails, not the first time that happened. Maybe

I can't see any security advantages of a self signed cert. If the keypair is generated locally (which it should) a certificate signed by an external CA can't be worse just by the additional signature of the external CA. Better security can only be gained if all users are urged to remove all preinstalled trusted CAs from their mail clients (which seems impractical). Else an attacker could

I deleted the certificate already, but I think it only uses that for imap/dovecot. I don't think it actually stores one for smtps (or am I not talking sense here). Sent from my iPhone > On 10 Aug 2017, at 23:25, Joseph Tam <jtam.home at gmail.com> wrote: > > >> On Thu, 10 Aug 2017, Larry Rosenman wrote: >> >> Which mail client on iOS? > > Sorry,

On 10/22/2017 3:26 PM, Alef Veld wrote: > Hi all. > I?m a bit worried about the following read errors i see in my log lately. Mails still arrive and get sent fine, but what is going on with this? It doesn?t look good. Nothing has change on server side and i restarted all services (dovecot, postfix, saslauthd, sql ). > > Maybe it?s a temporary iPhone thing (the device im using to read

Hi everyone. Nice to meet you. I?m new to dovecot and i came across a problem it seems. I setup a new user called sales with useradd, and gave it a password. Although it has a home directory, i set login to /sbin/nologin. When logging into the pop server on port 110 (with telnet) i get this in the logs: dovecot: pop3-login: Login: user=<sales>, method=PLAIN, rip=127.0.0.1,

On Wed, 9 Aug 2017 08:39:30 -0700 Gregory Sloop <gregs at sloop.net> wrote: > AV> So i?m using dovecot, and i created a self signed certificate > AV> with mkcert.sh based on dovecot-openssl.cnf. The name in there matches > AV> my mail server. > > AV> The first time it connects in mac mail however, it says the > AV> certificate is invalid and another

Hello! I have a simple (I think) problem. I have had IMAPS working fine for a long time. Now I want to start to use IMAP and STARTLS, since my mobile SonyEricsson P900 can't use IMAPS directly. But I can't connect even locally to the IMAP port (143), no-one listens there according to netstat (*.imaps is in LISTEN state). I have the following settings in my /etc/dovecot.conf:

Michael Felt <michael at felt.demon.nl> writes: >> I use acme.sh for all of my LetsEncrypt certs (web & mail), it is >> written in pure shell script, so no python dependencies. >> https://github.com/Neilpang/acme.sh > > Thanks - I might look at that, but as Ralph mentions in his reply - > Let's encrypt certs are only for three months - never ending circus.

Apologies if this post is inappropriate to this list; please redirect me if so. Our team uses ssh extensively for server access and maintenance (Debian). An issue is acting as root when operating, for example, over ansible and keeping a record of who performed the actions, something ssh certificates solves well. The problem is then to automate certificate issuance since it would be pretty