search for: local_nam

Working with SSL on fresh install of latest Ubuntu Artful + Dovecot seems broken somehow. Application is Dovecot listening for many SSL sites... Likely I've missed adding something simple to the config, related to local_name usage. Be great if someone can point out what I've missed, to setup multiple SSL certs for different host.domain entries in config. Thanks. _______ This works as expected... where the SNI server name is returned... #local_name imap.cydec.com { ssl_cert = </etc/letsencrypt/live/imap....

On 11.11.2016 12:22, Arkadiusz Mi?kiewicz wrote: > On Friday 11 of November 2016, Felipe Gasper wrote: >> Hello, >> >> We?re rolling out large SNI deployments for our mail servers. Each domain >> gets an entry like this in the config: >> >> local_name mail.foo.com { >> ssl_cert = </ssl/domain_tls/*.foo.com/combined >> ssl_key = </ssl/domain_tls/*.foo.com/combined >> } > Lack of glob/regexp support here is also a problem (for me). I could have 50% > smaller config if local_name supported regexp matching, s...

Thank you, we'll start looking at this. Aki On 01.12.2016 09:44, J. Nick Koston wrote: > Hi Aki & Felipe, > > Attached is an implementation of supporting multiple domains in local_name. > > Example > > local_name "mail.domain.tld domain.tld mx.domain.tld" { ... } > > This can significantly reduce memory usage when using > a UCC certificate with multiple names by only loading > the certificate and key once. > > > > And the pull reques...

...=========== RCS file: /cvsroot/rsync/generator.c,v retrieving revision 1.93 diff -b -c -r1.93 generator.c *** generator.c 30 Jun 2004 07:27:30 -0000 1.93 --- generator.c 11 Jul 2004 20:24:21 -0000 *************** *** 543,549 **** } ! void generate_files(int f, struct file_list *flist, char *local_name) { int i; int phase = 0; --- 545,551 ---- } ! void generate_files(int f_out, struct file_list *flist, char *local_name) { int i; int phase = 0; *************** *** 584,590 **** } recv_generator(local_name ? local_name : f_name_to(file, fbuf), ! file, i,...

...> https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz > > https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig > > [...] > > > - Fix local name handling in v2.2.34 SNI code, bug found by cPanel. > > That change broke handling of such entries > > local_name *.example.com { > ssl_cert = </etc/certs/aaa.pem > ssl_key = </etc/certs/aaa.pem > } > > and for connection with pop3.example.com in TLS SNI default certificate is > presented instead of domain specific one. > > Reverting > > commit 446c0b02a7802b676e893c...

...icz wrote: > > ... -servername something If you want to try out, try applying this patch... >From 066edb5e5c14a05c90e9ae63f0b76fcfd9c1149e Mon Sep 17 00:00:00 2001 From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: Thu, 20 Oct 2016 16:06:27 +0300 Subject: [PATCH] login-common: Include local_name in login_var_expand_table This way it can be used in login_log_format --- src/login-common/client-common.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/login-common/client-common.c b/src/login-common/client-common.c index d0a9c52..5964ec9 100644 --- a/src/login-common/client-common....

Hi Aki & Felipe, Attached is an implementation of supporting multiple domains in local_name. Example local_name "mail.domain.tld domain.tld mx.domain.tld" { ... } This can significantly reduce memory usage when using a UCC certificate with multiple names by only loading the certificate and key once. And the pull request?.. https://github.com/dovecot/core/pull/24 <http...

...ostname is information passed directly by client. >>> >>> So some fqdn name validation would need to happen in case if client has >>> malicious intents. >>> >>>> Kevin >> Hi! >> >> I wonder if this would be of any help? It provides %{local_name} >> passdb/userdb variable, you can use it for some logging too... >> >> https://github.com/dovecot/core/commit/fe791e96fdf796f7d8997ee0515b163dc5ed >> dd72 > Should it work for such usage, too? > > login_log_format_elements = user=<%u> method=%m rip=%r lip=%...

Aki, Multiple local_names would be ideal to accommodate certificates that have multiple names. The way I?m reading the code it looks like its having to pay for the memory for every name on the certificate because a unique CTX is being created for each name even if they are all on a single certificate. This would be a bi...

Hello, does local_name in TLS SNI context support regex? for example: local_name example-(foo|bar).com { ssl_cert = </var/lib/dehydrated/certs/example.com/fullchain.pem ssl_key = </var/lib/dehydrated/certs/example.com/privkey.pem } Best regards

...l (87404ea): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.devel (215349a) # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.10 [...] ssl_cert = </etc/letsencrypt/live/v083.violet.fastwebserver.de/fullchain.pem [...] ssl_key = </etc/letsencrypt/live/v083.violet.fastwebserver.de/privkey.pem [...] local_name imap.langzeittest.de { ssl_cert = </etc/letsencrypt/live/fahrerlager.langzeittest.de/fullchain.pem ssl_key = </etc/letsencrypt/live/fahrerlager.langzeittest.de/privkey.pem } local_name mail.langzeittest.de { ssl_cert = </etc/letsencrypt/live/fahrerlager.langzeittest.de/fullchain.pem...

Hello, We?re rolling out large SNI deployments for our mail servers. Each domain gets an entry like this in the config: local_name mail.foo.com { ssl_cert = </ssl/domain_tls/*.foo.com/combined ssl_key = </ssl/domain_tls/*.foo.com/combined } There are a couple problems we?re finding with this approach: 1) Dovecot wants to load everything at once, which has some machines taking up many GiB of memory just for Do...

On 2018-02-25 (09:31 MST), David Favor <david at davidfavor.com> wrote: > > } > local_name imap.cydec.com { > ssl_cert = </etc/letsencrypt/live/imap.cydec.com/fullchain.pem > ssl_key = # hidden, use -P to show it > } Doesn't this still require a default t(top level) cert besides the one specified for local_name? Also, is there any reason to use local_name if your lo...

On 11.11.2016 19:17, Arkadiusz Mi?kiewicz wrote: > On Friday 11 of November 2016, Aki Tuomi wrote: > >> If you are interested in testing, please find patch attached that allows >> you to specify >> >> local_name *.foo.bar { >> } >> >> or >> >> local_name *.*.foo.bar { >> } >> >> so basically you can now use certificate name matching rules for >> local_name. It made most sense. > Great! Seems to be working fine for my usage and makes my configs 50% s...

...his, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem I got a warning of course when using my second domain, mydomain2.fr. If I do the config : local_name mail.mydomain.fr { ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key = </etc/letsencrypt/live/mail.mydomain.fr/privkey.pem } local_name mail.mydomain2.fr { ssl_ca = </etc/letsencrypt/live/mail.mydomain2.fr/ch...

...1a in hash_search (f=1, s=0x0, buf=0x0, len=577936410078638920) at match.c:170 #8 0x08054003 in hash_search (f=1, s=0x0, buf=0x0, len=0) at match.c:202 #9 0x08054726 in match_sums (f=30, s=0x806d638, buf=0x0, len=128983684031) at match.c:319 #10 0x0804d1e4 in recv_files (f_in=30, flist=0x80712b1, local_name=0x6d <Address 0x6d out of bounds>) at receiver.c:349 #11 0x080593ef in receive_file_entry (fptr=0x0, flags=0, flist=0x0, f=0) at flist.c:593 #12 0x0805a2f5 in send_file_name (f=3, flist=0x0, fname=0x0, recursive=0, base_flags=0) at flist.c:920 #13 0x0805a3bc in send_file_name (f=3, flist=0x4...

https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig ??? - charset_alias: compile fails with Solaris Studio, reported by ??? ? John Woods. ??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel. ??? - imapc: Don't try to add mails to index if they already exist there. ??? - imapc: If email is modified in

https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig ??? - charset_alias: compile fails with Solaris Studio, reported by ??? ? John Woods. ??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel. ??? - imapc: Don't try to add mails to index if they already exist there. ??? - imapc: If email is modified in

...t;bits>,salt=s>:field} Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. Also "pkcs5" is supported using SHA256. For example: %{sha256:user} or %{md5;truncate=32:user}. + Added support for SHA3-256 and SHA3-512 hashes. + config: Support DNS wildcards in local_name, e.g. local_name *.example.com { .. } matches anything.example.com, but not multiple.anything.example.com. + config: Support multiple names in local_name, e.g. local_name "1.example.com 2.example.com" { .. } - Fixed crash in auth process when auth-policy was configured and...

...t;bits>,salt=s>:field} Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256. Also "pkcs5" is supported using SHA256. For example: %{sha256:user} or %{md5;truncate=32:user}. + Added support for SHA3-256 and SHA3-512 hashes. + config: Support DNS wildcards in local_name, e.g. local_name *.example.com { .. } matches anything.example.com, but not multiple.anything.example.com. + config: Support multiple names in local_name, e.g. local_name "1.example.com 2.example.com" { .. } - Fixed crash in auth process when auth-policy was configured and...