search for: binect

Hi Jochen, On Wed, 12 Feb 2020 at 00:16, Jochen Bern <Jochen.Bern at binect.de> wrote: > > On 02/11/2020 07:07 PM, Cl?ment P?ron wrote: > > - I have X devices (around 30) and one SSH server > > - Each of them have a unique public key and create one dynamic reverse > > port forwarding on the server > > - All of them connect with the same UNI...

...low userB to change "the" password themselves.) (For actual group access rights userA->userB *within* dovecot, I'll have to refer you to others' replies.) Kind regards, -- Jochen Bern Systemingenieur Fon: +49 6151 9067-231 Fax: +49 6151 9067-290 E-Mail: jochen.bern at binect.de www.binect.de www.facebook.de/binect Binect ist ausgezeichnet: Sieger INNOVATIONSPREIS-IT 2017 | Das B?ro: Top 100 B?roprodukte 2017 Binect GmbH Robert-Koch-Stra?e 9, 64331 Weiterstadt, DE Gesch?ftsf?hrung: Dr. Frank Wermeyer, Nils Manegold Unternehmenssitz: Weiterstadt Register: Am...

Hi, On Mon, Jan 13, 2020 at 03:16:00PM +0000, Jochen Bern wrote: > Out of interest: > 1. If an extended mechanism were to be implemented, which server pubkey > do you expect to be seen/stored/verified by the client? The proxy's > / v4 middlebox's, or the v6 backend's? Or would you require that all > server-side machines use the *same* host keypairs? I'd do

...reply, QuickFolders to have a bar of main archive folders I can drag&drop read e-mails into. Address Close Button occupies the "not *quite that* essential" rung. Kind regards, -- Jochen Bern Systemingenieur Fon: +49 6151 9067-231 Fax: +49 6151 9067-290 E-Mail: jochen.bern at binect.de www.binect.de www.facebook.de/binect Binect GmbH Robert-Koch-Stra?e 9, 64331 Weiterstadt, DE Gesch?ftsf?hrung: Christian Ladner, Dr. Frank Wermeyer, Nils Manegold Unternehmenssitz: Weiterstadt Register: Amtsgericht Darmstadt, HRB 94685 Umsatzsteuer-ID: DE 221 302 264 MAX 21-Unterne...

...lease retry" etc. etc. between the end points? (*) A still-to-be-written/-patched one, if need be ... (Yes, I'm pondering U2F, but *that* is *missing entirely* from the policy and would probably require a rewrite to happen upstairs ...) Kind regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4278 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180619/ee0fcccc...

Hello, I have asked on the postfix mailing list for a solution, how to encrypt incoming emails with public gpg key My original idea was to use a smtpd-milter, which would encrypt all incoming plaintext messages of given user, using the users public gpg key. This way, it would look as if the original sender has sent the message encrypted. Somebody suggested this might be better done in Dovecot,

Hello, given a small organization. There are *personal* mailboxes (mailbox per user, incl. subfolders et cetera). The users can share specic folders via the ACL (we call it "other users/", Dovecot calls it "shared" folder. Additionally there are mailboxes Dovecot calls "public" (we use the term "groups/"). They are not associated with a specific account,

Hi everyone, I'm running dovecot with quite a lot of users and lots of active imap connections (like 20'000). I'm using different user IDs for users, so I need to have imap {service_count=1} - i.e. I have a lots of imap processes running. Everything works fine, until I reload dovecot configuration. When that happen, every client is forced to relogin in the same time and that

If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct??? Is there something to enable for perfect forward security with starttls? ? Original Message ? From: s.arcus at

Hi all, When I use an email client, its purpose is as a window into my Dovecot IMAP, and as a mechanism to reply to and send emails. I don't do filtering or calendaring on my email client (filtering via procmail direct to Dovecot). What email clients are all of you using to look at your IMAP email? Thanks, SteveT Steve Litt November 2016 featured book: Quit Joblessness: Start Your Own

...;ve used the "GPGPit" tool that's available on the web (and that I've made into an "SMIMEit" myself). The nontrivial problem with that is to retrieve recipients' pubkeys in an even remotely trustworthy manner, of course. Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4278 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20180516/8658631d/attachment-00...

...> Found 0 files for UID 145 > Found 0 files for UID 150 > Found 0 files for UID 151 Is that normal behaviour? If not, how would I try to find out what happens there? Kind regards, -- Jochen Bern Systemingenieur Fon: +49 6151 9067-231 Fax: +49 6151 9067-290 E-Mail: jochen.bern at binect.de www.binect.de www.facebook.de/binect Binect GmbH Robert-Koch-Stra?e 9, 64331 Weiterstadt, DE Gesch?ftsf?hrung: Christian Ladner, Dr. Frank Wermeyer, Nils Manegold Unternehmenssitz: Weiterstadt Register: Amtsgericht Darmstadt, HRB 94685 Umsatzsteuer-ID: DE 221 302 264 MAX 21-Unterne...

On Fri, 2019-02-15 at 15:57 +1100, Darren Tucker wrote: > That was the original intent (and it's mentioned in RFC4419) however > each moduli file we ship (70-80 instances of 6 sizes) takes about 1 > cpu-month to generate on a lowish-power x86-64 machine. Most of it > is > parallelizable, but even then it'd likely take a few hours to > generate > one of each size. I

.... From a data flow (and privacy protection) POV, that wouldn't be much different anymore from having *the MTA* feed a copy of (all incoming) e-mails directly into an archiving mechanism, would it? http://www.postfix.org/postconf.5.html#always_bcc Regards, -- Jochen Bern Systemingenieur www.binect.de www.facebook.de/binect -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4278 bytes Desc: S/MIME Cryptographic Signature URL: <https://dovecot.org/pipermail/dovecot/attachments/20181215/67f715df/attachment.p7...

Given the following: mailboxes: user1 at example1.com user2 at example1.com user3 at example1.com etc. aliases: whatever at example1.com -> user1 at example1.com whatever at example2.com -> user1 at example1.com whatever at example3.com -> user1 at example1.com Now the problem: example1.com MX goes elsewhere (doesn't point to this server anymore). Domains example2.com and

...s on customer premises similarly create a tunnel(-end) on our server to connect to their sshd, *but* users have to authenticate as they SSH or VPN to that server in the first place and the tunnel is restricted to localhost or VPN client pool IPs.) Kind regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3449 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20240425/c6981b43/attachment-0001.p7s&g...

Hello. I am trying to play through the following test scenario about certificate revocation on Ubuntu 18.04, which has OpenSSH of this version: OpenSSH_7.6p1 Ubuntu-4, OpenSSL 1.0.2n? 7 Dec 2017 1. A CA key is created ssh-keygen -t ed25519 -f ca 2. The CA public key is added to ~/.ssh/authorized_keys on some server: cert-authority ssh-ed25519 AAAA...e ca at yoga 3. A user key is created on a

...njection vulnerability. Does the exploit still work when you change the authorized_keys from command="/.../receive.ksh" to, e.g., command="/bin/ksh -c '/.../receive.ksh </dev/null'" to suppress the client's input? Kind regards, -- Jochen Bern Systemingenieur Binect GmbH -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3449 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20230706/5dcfee75/attachment.p7s>

Hi folks, Since Docker can bind-mount every .ssh directory I am looking for some way to forbid unprotected private keys. AFAICS it is currently not possible on the sshd to verify that the peer's private key was protected by a passphrase. Can you confirm? Regards Harri

Hello, I hope it's the correct ML to get support for "advanced" ssh use (sorry if it's not the case) And I would be very grateful if someone could help me on this issue. Here is my challenge : - I have X devices (around 30) and one SSH server - Each of them have a unique public key and create one dynamic reverse port forwarding on the server - All of them connect with the