search for: dovecotconfigur

...local 192.0.2.0/24 (http://192.0.2.0/24) { > > > > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem > > > > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem > > > > } > > > > > > > > https://wiki.dovecot.org/SSL/DovecotConfiguration > > > > > > > > > > > > > > > > > > Local part supports that. > > > > > > Aki > > > > > > On the same topic (though I can start a new thread if preferable), it > doesn't appear that you can us...

Hi, I couldn't really find documentation about ssl_dh_parameters_length except for mention in passing on the page https://wiki2.dovecot.org/SSL/DovecotConfiguration For version 2.3 and above is that setting necessary? If so what are the values I can use, is setting it high like 4096 beneficial or make any problems for clients? Thanks for assistance.

...rst time, it runs "ssl-build-params" to generate a file named "ssl-parameters.dat". This takes a couple of minutes. During this time users have no access to their mail, but this can be planned in advance and users can be notified. This is explained in http://wiki.dovecot.org/SSL/DovecotConfiguration With Dovecot 2.0.rc4, the new command "ssl-params" seems to do this job, but unfortunately it isn't run on first start of Dovecot but the start is delayed until a user connects to port 993 (or does STARTTLS in 143). According to http://wiki2.dovecot.org/SSL/DovecotConfiguration...

I have to manage 2 different domains, with 1 ssl certificate each, but I don't know how to configure them. I tried this example: "Different certificates per IP and protocol" http://wiki2.dovecot.org/SSL/DovecotConfiguration but I got this error: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set I dont find any documentation about the 'local' keyword too. Any idea or tip? Thanks -- Simone Caruso IT Consultant p.iva: 03045250838

...;/etc/ssl/dovecot/imap-02.example.com.cert.pem ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem } Or local 192.0.2.0/24 { ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem } https://wiki.dovecot.org/SSL/DovecotConfiguration

...no comment on the allowable protocols that, in Dovecot, are controlled in 10-ssl.conf in the stanza headed # SSL protocols to use #ssl_protocols = !SSLv2 I couldn't find any advice on up-to-date SSL/TLS protocol settings in the Dovecot wiki, either (I looked in http://wiki2.dovecot.org/SSL/DovecotConfiguration ). At the moment our installation is using only the default settings for allowed protocols; I'm not sure what those defaults might be, but our 10-ssl.conf may only be disallowing SSLv2, if the 'example' entry is the default. We're running 2.2.15, and are due to upgrade to...

https://wiki.dovecot.org/SSL/DovecotConfiguration says: "Since v2.3.3+ Diffie-Hellman parameters have been made optional, and you are encouraged to disable non-ECC DH algorithms completely." and a bit later: "From version 2.3, you must specify path to DH parameters file using ssl_dh=</path/to/dh.pem" So. 1. Is ssl...

...>> doveconf -n ssl_client_ca_file: >> ssl_client_ca_file = /usr/local/share/certs/ca-root-nss.crt > > You are missing the "<" before the file path > > Try ssl_client_ca_file = </usr/local/share/certs/ca-root-nss.crt > > See http://wiki2.dovecot.org/SSL/DovecotConfiguration > > Regards > Christian >

...e.com.key.pem > > } > > > > Or > > > > local 192.0.2.0/24 { > > ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem > > ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem > > } > > > > https://wiki.dovecot.org/SSL/DovecotConfiguration > > > > > > > > Local part supports that. > > Aki > On the same topic (though I can start a new thread if preferable), it doesn't appear that you can use wildcards/patterns in the 'local' name, unless I'm missing something--which is quite like...

...e: > > Config has > > ssl_verify_client_cert = no > > What options might have the client auth turned on? > > why does gmail attacht empty vcard info ? > > without any config snippes its hard to say what config error is local > > https://wiki.dovecot.org/SSL/DovecotConfiguration > > is it auth_ssl_require_client_cert = yes > > i dont use this auth features to make thunderbird work

...more than double the size as the one that worked. And that one I can still transform: 272+0 records in 272+0 records out 272 bytes copied, 0,00105017 s, 259 kB/s So, something with openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat must be wrong. But what? https://wiki.dovecot.org/SSL/DovecotConfiguration tells to use this command. Thanks! Kai

It?s been awhile since I set up my dovecot instance (like several years) and my transition from 1.x to 2 seems to have not gone well: all I can see is that authentication is banjaxed and I?m not sure what needs to be done to fix it. # 2.2.32 (dfbe293d4): /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.3-STABLE i386 auth_debug = yes auth_mechanisms = plain login listen = *,[::] log_path =

...eir suggestion. > > It looks like there is an error on this page regarding regeneration. In > current dovecots ssl_parameters_regenerate defaults to zero, and this > means regeneration is disabled. The old default was 168 hours (1 week). > The language on http://wiki2.dovecot.org/SSL/DovecotConfiguration is > confusing and could be understood to mean that the current default is > one week. > To enable regeneration you can manually set: > ssl_parameters_regenerate = 60 days > or:ssl_parameters_regenerate = 1 weeks This is really cool and all, but for a low power proxy, it takes...

...to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and found this wiki page: <https://wiki2.dovecot.org/SSL/DovecotConfiguration#Client_certificate_verification.2Fauthentication> But that Wiki page says: > The CA file should contain the certificate(s) followed by the matching > CRL(s). Note that the CRLs are required to exist. I have now messed three hours or so with OpenSSL to get a CRL generated for my sel...

...nt_cert = no >>>> What options might have the client auth turned on? >>> >>> why does gmail attacht empty vcard info ? >>> >>> without any config snippes its hard to say what config error is local >>> >>> https://wiki.dovecot.org/SSL/DovecotConfiguration >>> >>> is it auth_ssl_require_client_cert = yes >>> >>> i dont use this auth features to make thunderbird work -------------- next part -------------- A non-text attachment was scrubbed... Name: hanasaki.vcf Type: text/x-vcard Size: 4 bytes Desc: not availa...

...s/cert.pem # RedHat > (end quote) For replication only settings? I can only guess as i currently don't use proxy nor replication. Haven't found much about proxying and ssl but found a configuration parameter ssl_ca = </path/to/file maybe that works... http://wiki2.dovecot.org/SSL/DovecotConfiguration section Client certificate verification/authentication > > On Mon, 21 Sep 2015, Christian Kivalo wrote: > >> Hi >> >>> I've pointed ssl_client_ca_file to my root certificate store, but I >>> suspect ssl_client_ca_file is only used in imapc contex...

...2:50 sergio via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div> <div> <br> </div> <div> <br> </div> <div> <a href="https://wiki.dovecot.org/SSL/DovecotConfiguration" rel="noopener" target="_blank">https://wiki.dovecot.org/SSL/DovecotConfiguration</a> says: </div> <div> <br> </div> <div> "Since v2.3.3+ Diffie-Hellman parameters have been made optional, and </div&...

Config has ssl_verify_client_cert = no What options might have the client auth turned on? TYIA On 5/24/20 6:40 PM, Felipe Gasper wrote: > From what I can tell, ?SSL alert number 42? means that you?ve configured Dovecot to require client authentication. > > Otherwise, your Let?s Encrypt certificate (with its authority chain) should suffice. > > -FG > >> On May 24,

...e SSL but rather TLS on most mail servers. Even though SSL will work, which should I use on my server? We already have a purchased SSL certificate but does that really matter? Should I simply just revoke that certificate & use TLS instead? So when I read this link: http://wiki.dovecot.org/SSL/DovecotConfiguration Is it talking about a actual SSL certificate or TLS? Thanks for any clarification! - Carlos

I don't understand how to use multiple keys/certs on different IPs without SNI. http://wiki2.dovecot.org/SSL/DovecotConfiguration explains how to use different keys for different protocols like POP3 and IMAP. But how to bind those keys/ on IPs/Ports? Looks like it is not possible to use ssl_cert inside service { inet_listener {} } Is it still necessary to run multiple instances like it was in Dovecot 1.2.x? Pee...