search for: smtpd_sasl_tls_security_options

...ovecot: imap-login: Error: SSL: Stacked error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher When I setup in postfix main.cf file (other lines default): tls_ssl_options = no_ticket, no_compression tls_preempt_cipherlist = yes smtpd_sasl_security_options=noanonymous,noplaintext smtpd_sasl_tls_security_options=noanonymous,noplaintext smtpd_tls_mandatory_ciphers = high smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't know what should be setup smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-D...

...your client did not support your enabled ciphers. > > > > > When I setup in postfix main.cf file (other lines default): > > tls_ssl_options = no_ticket, no_compression > > tls_preempt_cipherlist = yes > > smtpd_sasl_security_options=noanonymous,noplaintext > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > smtpd_tls_mandatory_ciphers = high > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > don't > > know what should be setup > > smtpd_tls_exclude_ciphers =...

...elining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot Any ideas? Thanks for the response. - Rene

...fter enabling the CRAM-MD5, many MUAs started to login with that, even though they have logged in with LOGIN/PLAIN up until then). I need the same that can be achieved in Posfix (for authenticated sending via SMTP) with those settings: smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous, nodictionary Is there any way how to achieve this behavior in Dovecot? I'm using Dovecot ver. 2.2.16 (from source) on Centos 7. Since I have already done some research, i believe there is currently no way how to achieve this behavior. Now I'm looking at the source code h...

...n: Error: SSL: Stacked error: error:14094085:SSL routines:ssl3_read_bytes:ccs received early Apr 25 14:09:16 serwer-1 dovecot: imap-login: Error: SSL: Stacked error: error:1408A0E3:SSL routines:ssl3_get_client_hello:parse tlsext And second thing: smtpd_sasl_security_options=noanonymous,noplaintext smtpd_sasl_tls_security_options=noanonymous,noplaintext These two lines in main.cf postfix file generate error no SASL authentication method. What should be configured in Dovecot to avoid both problems? -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *serwis at poliman.pl <serwis at poliman.pl>*

Hello dovecot, I want to have all authorization in one place and don't use Cyrus-SASL. I cobfigure postfix 2.3.3 to use dovecot-SASL. I have next lines in main.cf: smtpd_sasl_security_options = noplaintext,noanonymous smtpd_sasl_tls_security_options = noanonymous But PLAIN and LOGIN are advertised by postfix :( Is it bug of postfix or dovecot-auth? I don't want to disable these mechanisms in auth {} stanza of dovecot.conf, because they are Ok over SSL/TLS. It works for dovecot-pop3 and dovecot-imap, but not for postfix :( pos...

...> > > > > > > When I setup in postfix main.cf file (other lines default): > > > > tls_ssl_options = no_ticket, no_compression > > > > tls_preempt_cipherlist = yes > > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > > smtpd_tls_mandatory_ciphers = high > > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > > > don't > > > > know what sho...

...5, I simply added the following (as per directions already cited above): smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous, noplaintext smtp_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous And, of course, permit_sasl_authenticated was added to smtpd_recipient_restrictions. I got the impression from the baove sources that Postfix will then use Dovecot's authentication mechanism via a socket it finds in its private/auth...

...llo:no shared cipher This means your client did not support your enabled ciphers. > > When I setup in postfix main.cf file (other lines default): > tls_ssl_options = no_ticket, no_compression > tls_preempt_cipherlist = yes > smtpd_sasl_security_options=noanonymous,noplaintext > smtpd_sasl_tls_security_options=noanonymous,noplaintext > smtpd_tls_mandatory_ciphers = high > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I don't > know what should be setup > smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC...

...hen I setup in postfix main.cf file (other lines default): > >> > > > tls_ssl_options = no_ticket, no_compression > >> > > > tls_preempt_cipherlist = yes > >> > > > smtpd_sasl_security_options=noanonymous,noplaintext > >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > >> > > > smtpd_tls_mandatory_ciphers = high > >> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > >> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > >> > > don'...

...th_pipelining permit_sasl_authenticated smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous I have tried using "dovecot" in place of "private/auth", but it doesn't make any difference. This is the only output from the postfix maillog: Mar 18 08:13:02 scorpio postfix/smtpd[65217]: connect from localhost[127.0.0.1] Mar 18 08:13:02 scorpio postfix/smt...

...usr/sbin/sendmail setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/private/server.crt smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_tls_loglevel = 1 transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual...

...abled ciphers. > > > > > > > > When I setup in postfix main.cf file (other lines default): > > > tls_ssl_options = no_ticket, no_compression > > > tls_preempt_cipherlist = yes > > > smtpd_sasl_security_options=noanonymous,noplaintext > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext > > > smtpd_tls_mandatory_ciphers = high > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I > > don't > > > know what should be setup > > &g...

...lients directly, so there is no way to keep persistent connections by client ip. # POSTFIX smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = smtpd_sasl_path = inet:127.0.0.1:20025 smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot # HAPROX frontend postfix-sasl bind 127.0.0.1:20025 default_backend dovecot-auth backend dovecot-auth mode tcp option tcplog option srvtcpka hash-type consistent balance roundrobin server mai...

...smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/pki/tls/private/ssl.key.private.decrypted smtpd_tls_cert_file = /etc/pki/tls/certs/<mumble> smtpd_tls_CAfile = /etc/pki/tls/certs/sub.class2.server.ca.pem smptd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_security_options = noanonymous mailbox_size_limit = 102400000 message_size_limit = 40960000 in_flow_delay = 1s alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ content_filter=amavisfeed:[127.0.0.1]:10024 debug_peer_level = 2 debugger...

...inet_interfaces = all inet_protocols = ipv4 mail_spool_directory = /var/spool/mail smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanomymous smtpd_tls_auth_only = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_sender_login_mismatch smtpd_sasl_local_domain = vexample.com dovecot_destination_recipient_limit = 1 Any help would be greatly appreciated. Thank you

...orks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = no smtpd_sasl_exceptions_networks = smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = inet:localhost:7425 smtpd_sasl_security_options = noanonymous smtpd_sasl_service = smtp smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot #### #### DOVECONF #### > doveconf -n # 2.3.1 (8e2f634): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.1 (d9bc6dfe) # OS: Linux 4.12.14-lp150.12.19-default x86_64 # Hostname: test.example.com managesieve_notify_capability = mailt...

...tpd_recipient_restrictions = reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem smtpd_tls_key_file = /etc/ssl/private/postfix.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database =...

...gt; > > > When I setup in postfix main.cf file (other lines default): >> > > > tls_ssl_options = no_ticket, no_compression >> > > > tls_preempt_cipherlist = yes >> > > > smtpd_sasl_security_options=noanonymous,noplaintext >> > > > smtpd_sasl_tls_security_options=noanonymous,noplaintext >> > > > smtpd_tls_mandatory_ciphers = high >> > > > smtpd_tls_dh1024_param_file = /etc/postfix/dh2048.pem >> > > > #instead of below I tried smtpd_tls_mandatory_exclude_ciphers but I >> > > don't >> > &gt...

...known_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_reject_unlisted_recipient = yes smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_sender_login_maps = hash:/etc/postfix/sender_login_maps smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ss...