Displaying 20 results from an estimated 27 matches for "smtpd_sasl_tls_security_opt".
2017 Apr 27
2
confused with ssl settings and some error - need help
...ovecot: imap-login: Error: SSL: Stacked error:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
When I setup in postfix main.cf file (other lines default):
tls_ssl_options = no_ticket, no_compression
tls_preempt_cipherlist = yes
smtpd_sasl_security_options=noanonymous,noplaintext
smtpd_sasl_tls_security_options=noanonymous,noplaintext
smtpd_tls_mandatory_ciphers = high
smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
#instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't
know what should be setup
smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK,
aECDH, E...
2017 Apr 27
2
confused with ssl settings and some error - need help
...your client did not support your enabled ciphers.
>
> >
> > When I setup in postfix main.cf file (other lines default):
> > tls_ssl_options = no_ticket, no_compression
> > tls_preempt_cipherlist = yes
> > smtpd_sasl_security_options=noanonymous,noplaintext
> > smtpd_sasl_tls_security_options=noanonymous,noplaintext
> > smtpd_tls_mandatory_ciphers = high
> > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
> > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I
> don't
> > know what should be setup
> > smtpd_tls_exclude_ciphe...
2009 Nov 11
1
Postfix and Dovecot SASL
...elining,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
Any ideas?
Thanks for the response.
- Rene
2015 Oct 27
0
How to use different SASL mechanisms for ssl connections
...fter enabling
the CRAM-MD5, many MUAs started to login with that, even though they
have logged in with LOGIN/PLAIN up until then).
I need the same that can be achieved in Posfix (for authenticated
sending via SMTP) with those settings:
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous, nodictionary
Is there any way how to achieve this behavior in Dovecot?
I'm using Dovecot ver. 2.2.16 (from source) on Centos 7.
Since I have already done some research, i believe there is currently no
way how to achieve this behavior. Now I'm looking at the source co...
2017 Apr 26
0
error ssl stacked error routines
...n: Error: SSL: Stacked error:
error:14094085:SSL routines:ssl3_read_bytes:ccs received early
Apr 25 14:09:16 serwer-1 dovecot: imap-login: Error: SSL: Stacked error:
error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext
And second thing:
smtpd_sasl_security_options=noanonymous,noplaintext
smtpd_sasl_tls_security_options=noanonymous,noplaintext
These two lines in main.cf postfix file generate error no SASL
authentication method.
What should be configured in Dovecot to avoid both problems?
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>...
2006 Oct 29
1
dovecot auth + postifx: how to disable PLAIN and LOGIN without TLS?
Hello dovecot,
I want to have all authorization in one place and don't use Cyrus-SASL. I cobfigure postfix 2.3.3 to use dovecot-SASL. I have next lines in main.cf:
smtpd_sasl_security_options = noplaintext,noanonymous
smtpd_sasl_tls_security_options = noanonymous
But PLAIN and LOGIN are advertised by postfix :(
Is it bug of postfix or dovecot-auth?
I don't want to disable these mechanisms in auth {} stanza of dovecot.conf, because they are Ok over SSL/TLS. It works for dovecot-pop3 and dovecot-imap, but not for postfix :(...
2017 Apr 27
2
confused with ssl settings and some error - need help
...> > >
> > > > When I setup in postfix main.cf file (other lines default):
> > > > tls_ssl_options = no_ticket, no_compression
> > > > tls_preempt_cipherlist = yes
> > > > smtpd_sasl_security_options=noanonymous,noplaintext
> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext
> > > > smtpd_tls_mandatory_ciphers = high
> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I
> > > don't
> > > > know what...
2012 Mar 12
1
Trouble adding sasl support via dovecot
...5, I simply added the
following (as per directions already cited above):
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous, noplaintext
smtp_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
And, of course, permit_sasl_authenticated was added to
smtpd_recipient_restrictions.
I got the impression from the baove sources that Postfix will then use
Dovecot's authentication mechanism via a socket it finds in its
private/a...
2017 Apr 27
0
confused with ssl settings and some error - need help
...llo:no shared cipher
This means your client did not support your enabled ciphers.
>
> When I setup in postfix main.cf file (other lines default):
> tls_ssl_options = no_ticket, no_compression
> tls_preempt_cipherlist = yes
> smtpd_sasl_security_options=noanonymous,noplaintext
> smtpd_sasl_tls_security_options=noanonymous,noplaintext
> smtpd_tls_mandatory_ciphers = high
> smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
> #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't
> know what should be setup
> smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES...
2017 Apr 30
2
confused with ssl settings and some error - need help
...hen I setup in postfix main.cf file (other lines default):
> >> > > > tls_ssl_options = no_ticket, no_compression
> >> > > > tls_preempt_cipherlist = yes
> >> > > > smtpd_sasl_security_options=noanonymous,noplaintext
> >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext
> >> > > > smtpd_tls_mandatory_ciphers = high
> >> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
> >> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I
> >> > > don...
2013 Mar 18
2
SASL + Postfix woes
...th_pipelining permit_sasl_authenticated
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
I have tried using "dovecot" in place of "private/auth", but it doesn't make any difference.
This is the only output from the postfix maillog:
Mar 18 08:13:02 scorpio postfix/smtpd[65217]: connect from localhost[127.0.0.1]
Mar 18 08:13:02 scorpio postfix...
2012 Nov 20
2
Need help for configure sieve
...usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/private/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_loglevel = 1
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
vir...
2017 Apr 27
0
confused with ssl settings and some error - need help
...abled ciphers.
> >
> > >
> > > When I setup in postfix main.cf file (other lines default):
> > > tls_ssl_options = no_ticket, no_compression
> > > tls_preempt_cipherlist = yes
> > > smtpd_sasl_security_options=noanonymous,noplaintext
> > > smtpd_sasl_tls_security_options=noanonymous,noplaintext
> > > smtpd_tls_mandatory_ciphers = high
> > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
> > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I
> > don't
> > > know what should be setup
> >...
2015 Mar 27
5
postfix sasl -> haproxy -> dovecot auth
...lients directly, so there is no way to keep persistent connections by client ip.
# POSTFIX
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = inet:127.0.0.1:20025
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
# HAPROX
frontend postfix-sasl
bind 127.0.0.1:20025
default_backend dovecot-auth
backend dovecot-auth
mode tcp
option tcplog
option srvtcpka
hash-type consistent
balance roundrobin
server...
2010 Nov 16
2
Postfix - message queue filling with Host or name not found - try again
...smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_key_file = /etc/pki/tls/private/ssl.key.private.decrypted
smtpd_tls_cert_file = /etc/pki/tls/certs/<mumble>
smtpd_tls_CAfile = /etc/pki/tls/certs/sub.class2.server.ca.pem
smptd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
mailbox_size_limit = 102400000
message_size_limit = 40960000
in_flow_delay = 1s
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
content_filter=amavisfeed:[127.0.0.1]:10024
debug_peer_level = 2
debu...
2011 Oct 03
0
problem with getting outlook to work with IMAP server
...inet_interfaces = all
inet_protocols = ipv4
mail_spool_directory = /var/spool/mail
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanomymous
smtpd_tls_auth_only = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_sender_login_mismatch
smtpd_sasl_local_domain = vexample.com
dovecot_destination_recipient_limit = 1
Any help would be greatly appreciated.
Thank...
2018 Oct 11
2
Struggling to get dovecot working with postfix auth
...orks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = inet:localhost:7425
smtpd_sasl_security_options = noanonymous
smtpd_sasl_service = smtp
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
####
#### DOVECONF
####
> doveconf -n
# 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.1 (d9bc6dfe)
# OS: Linux 4.12.14-lp150.12.19-default x86_64
# Hostname: test.example.com
managesieve_notify_capability = m...
2013 May 26
1
mixing virtual and system users
...tpd_recipient_restrictions = reject_unknown_recipient_domain,
reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem
smtpd_tls_key_file = /etc/ssl/private/postfix.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_databa...
2017 Apr 27
0
confused with ssl settings and some error - need help
...gt; > > > When I setup in postfix main.cf file (other lines default):
>> > > > tls_ssl_options = no_ticket, no_compression
>> > > > tls_preempt_cipherlist = yes
>> > > > smtpd_sasl_security_options=noanonymous,noplaintext
>> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext
>> > > > smtpd_tls_mandatory_ciphers = high
>> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem
>> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I
>> > > don't
>> >...
2013 Mar 17
1
Dovecot as LDA with Postfix and virtual users
...known_recipient_domain,
reject_unauth_pipelining, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_reject_unlisted_recipient = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /et...