search for: bluerosetech

...and yoshi run Dovecot 2.1.12 servers with simple passwd-file backends. If I create a new password hash for chombo's user, houseloki, on either rush or yoshi: # doveadm pw -u houseloki -p <password> {CRAM-MD5}... Then I add that to rush and yoshi's passwd file: houseloki at _auth.bluerosetech.com:{CRAM-MD5}... Then `doveadm reload`, it works fine: # doveadm auth houseloki <password> passdb: houseloki auth succeeded extra fields: user=houseloki at _auth.bluerosetech.com So I add that username and password to the smtp_sasl_password_maps hash file on chombo, reload postfix,...

On 12/4/13, 9:05 AM, Mark Felder said: ----------------- > There was no alternative; we couldn't keep BIND in base. BIND 9 will > certainly have a EoL before the EoL of FreeBSD 10.x, and we can't use > BIND 10 because it requires importing Python to base. I'm coming more and more to the conclusion that we should have a minimal Python in "base". More and more people

I'd like to take advantage of RFC5229 match variables (it would reduce the number of rules I have by an order of magnitude); however, the required extension isn't supported yet. Am I mistaken? If not, are there plans to support it?

On 12/1/2014 4:43 PM, Will Yardley wrote: > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > (in a way that's sane)? > Is there a way to exclude these ciphers, while still keeping my config > easy to parse and avoiding duplicative or deprecated configs? Yes to both. If you need to support older clients: ssl_cipher_list =

On 12/1/2014 9:44 PM, Will Yardley wrote: > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >> On 12/1/2014 4:43 PM, Will Yardley wrote: >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>> (in a way that's sane)? >> >>> Is there a way to exclude these ciphers, while still keeping my config >>> easy

On 12/2/2014 10:05 AM, Will Yardley wrote: > I had some problems the first few times I restarted with ssl-params > seeming to hang, but it finally works. That would have been dovecot generating the 4096-bit DH parameters. It can take a bit, but Dovecot is quite fast at it. If Dovecot supported it, you could use OpenSSL to generate tested-safe DH parameters and supply them by file the

On 1/9/2015 4:07 PM, Jyri Hovila [Turvamies.fi] wrote: > Hello, world! > > I have a long-running Dovecot & Postfix installation using PostgreSQL > back-end. > > Until now I've been using MD5 hashing but would like to "upgrade" to > the salted SSHA512. > > Is there a way to configure Dovecot so that it would automatically > detect the type of the hash

I'm enabling digest-md5 authentication with "user at example.com" username and plain-text passwords stored in a MySQL database. What should the password field contain in order to work with digest-md5? Would the following: SELECT CONCAT('{digest-md5}', MD5(CONCAT(username, '::', password))) AS password ... be correct?

This is a follow-on to the "SQL field format for digest-md5?" thread. After some additional debugging, I've found the problem is a mismatch in what Dovecot expects and Postfix uses for the user and realm. For a username "user at example.com" and password "sekret", Dovecot expects: username = "user" realm = "example.com" but Postfix sends

I'm using Dovecot 2.1.15. I need to require encryption and only secure auth on public addresses, but allow plaintext auth over an unencrypted connection on localhost. I have so far (excerpts from `doveconf -a`): auth_mechanisms = cram-md5 plain disable_plaintext_auth = yes listen = service imap-login { inet_listener imap-local { address = ::1 port = 143 ssl = no }

On 1/18/2015 12:45 AM, Robert Schetterer wrote: > Am 16.01.2015 um 12:24 schrieb Oliver Welter: >> Hi Folks, >> >> after adding TLSv1.2 to by TLS options a lot of Outlook users complaint >> about connection errors, openssl s_client and Thunderbird works fine. >> >> I found some posts about this but none of them had a real solution on >> this - I

I'm running Dovecot 2.2.5 and want to make it refuse SSLv2, SSLv3 and TLSv1.0. Clients will opportunistically use TLS 1.1 and 1.2, but now I want require they do so. Is it enough to set ssl_cipher_list = HIGH:!SSLv2:!SSLv3:!TLSv1.0:!aNULL:!MD5 or are there additional settings I need to specify?

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a