search for: smtpd_tls_auth_only

On 22.08.2017 03:56, Peter wrote: >>> Lest anyone think STARTTLS MITM doesn't happen, >>> >>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > Right, the attack does happen, but it can be prevented by properly > configuring the server and client. Dovecot, by default, requires STARTTLS before accepting plaintext

...USCODES 250-8BITMIME 250 DSN starttls 220 2.0.0 Ready to start TLS With dovecot: telnet localhost 25 Trying 127.0.0.1... Connected to localdomain.localhost. Escape character is '^]'. 220 my.host.ee ESMTP EHLO example.com starttls 220 2.0.0 Ready to start TLS Setting with Cyrus in main.cf smtpd_tls_auth_only = no gives even more but still nothing with Dovecot: telnet localhost 25 Trying 127.0.0.1... Connected to localdomain.localhost. Escape character is '^]'. 220 my.host.eeESMTP EHLO example.com 250-my.host.ee 250-PIPELINING 250-SIZE 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN L...

...s sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/mail_the10thfloor_com.crt smtpd_tls_key_file = /etc/pki/tls/private/mail_the10thfloor_com-nopass.key smtpd_tls_security_level = may soft_bounce = no tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_gid_maps = stati...

...eadme_directory = no # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem smtpd_tls_key_file = /etc/ssl/private/postfix.pem smtpd_use_tls = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_auth_only = yes # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.akairnet.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = mail.akairnet.com mydestination = localhost, localhost.akai...

...curity_level = may ---------------------------------- master.cf smtp inet n - y - - smtpd submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_reject_unlisted_recipient=no -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_recipient_restrictions= -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING pickup unix n - y 60 1...

...rks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unlisted_sender, permit smtpd_tls_auth_only = yes smtpd_tls_cert_file = /usr/local/etc/ssl/more/server.crt smtpd_tls_key_file = /usr/local/etc/ssl/more/server.key smtpd_tls_loglevel = 0 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes soft_bounce = no tl...

...unknown_recipient_domain, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_restrictions = permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_rando...

...ectory = /var/spool/postfix readme_directory = /usr/share/doc/postfix/README_FILES sample_directory = /usr/share/doc/postfix/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/pki/dovecot/certs/tgv2015.crt smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_use_tls = yes unknown_local_recipient_reject_code = 550 virtual_mailbox_base = /var/mail/vhosts...

...home/teo-en-ming-corp/2023.crt ssl_key = </home/teo-en-ming-corp/2023.key ssl_ca = </home/teo-en-ming-corp/inter2023.crt # nano /etc/dovecot/dovecot.conf protocols = imap pop3 !include conf.d/*.conf SECTION ON POSTFIX =================== # nano /etc/postfix/main.cf smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/postfix/2023.key smtpd_tls_cert_file = /etc/postfix/chain2023.crt smtpd_tls_CAfile = /etc/postfix/inter2023.crt Note: chain2023.crt is made by combining 2023.crt and inter2023.crt # nano /etc/postfix/master.cf submission inet n - n - - smtpd smtps inet n - n - - s...

..._name (Ubuntu) smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/dovecot/dovecot.pem smtpd_tls_key_file = /etc/dovecot/private/dovecot.pem smtpd_use_tls = yes virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf virtual_mailbox_domains = mysql:/etc/postfix/ mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = my...

...pd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = pcre:/etc/postfix/sender_login.pcre smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,check_client_access hash:/etc/postfix/client_access smtpd_tls_CAfile = /etc/postfix/cert/cacert.pem smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/postfix/cert/smtpd.crt smtpd_tls_key_file = /etc/postfix/cert/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom transport_m...

...s, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = /var/run/dovecot/auth-client smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/private/server.crt smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_tls_loglevel = 1 transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = proxy:mysql:/etc/postfix/virtual_alias_maps.cf virtual_gid_maps...

...ssion_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains virtual_trans...

..._destination reject_unverified_recipient smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = pgsql:/etc/postfix/lookup/pgsql_sasl_senders.cf smtpd_sender_restrictions = smtpd_soft_error_limit = 10 smtpd_tls_auth_only = yes smtpd_tls_cert_file = /home/mweil/CA/cert.pem smtpd_tls_key_file = /home/mweil/CA/key.pem smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = pgsql:/etc/postfix/lookup/pgsql_virtual_alias.cf virtual_gid_maps = pgsql:/etc/postfix/loo...

...master.cf <http://master.cf> > smtp ? ? ?inet ?n ? ? ? - ? ? ? y ? ? ? - ? ? ? - ? ? ? smtpd > submission inet n ? ? ? - ? ? ? y ? ? ? - ? ? ? - ? ? ? smtpd > ? -o syslog_name=postfix/submission > ? -o smtpd_tls_security_level=encrypt > ? -o smtpd_sasl_auth_enable=yes > ? -o smtpd_tls_auth_only=yes > ? -o smtpd_reject_unlisted_recipient=no > ? -o smtpd_sasl_type=dovecot > ? -o smtpd_sasl_path=private/auth > ? -o smtpd_recipient_restrictions= > ? -o smtpd_relay_restrictions=permit_sasl_authenticated,reject > ? -o milter_macro_daemon_name=ORIGINATING > pickup ? ?unix ?n...

...reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/dovecot-auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_tls_auth_only = yes smtpd_tls_cert_file = /root/certs/www.mydomain.com.pem smtpd_tls_key_file = /root/certs/www.mydomain.com.key smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scach...

...reject_unauth_destination smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = inet:localhost:7425 smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = ${config_directory}/ssl_certs/star_example_com.pem smtpd_tls_dh1024_param_file = ${config_directory}/ssl_certs/dh2048.pem smtpd_tls_dh512_param_file = ${config_directory}/ssl_certs/dh512.pem smtpd_tls_eecdh_grade = strong smtpd_tls_key_file = ${config_directory}/ssl_cert...

...asl_security_options = noanonymous #permit SASL suthentication is added smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_sasl_local_domain = smtpd_sasl_authenticated_header = yes smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_se...

...ticated, reject_non_fqdn_sender smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes tls_random_exchange_name = /var/spool/postfix/prng_exch smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_auth_only = yes smtpd_tls_key_file = /etc/pki/tls/private/ssl.key.private.decrypted smtpd_tls_cert_file = /etc/pki/tls/certs/<mumble> smtpd_tls_CAfile = /etc/pki/tls/certs/sub.class2.server.ca.pem smptd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_sasl_tls_security_options = noanonymous smtpd...

...ject_rbl_client in.dnsbl.org smtpd_reject_unlisted_sender = no smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/pki/tls/certs/class3.crt smtpd_tls_ask_ccert = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/tls/certs/r13151.ovh.net.crt smtpd_tls_key_file = /etc/pki/tls/private/r13151.ovh.net.key smtpd_tls_received_header = yes smtpd_tls_req_ccert = no smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache smtpd_use_tls = yes soft_bounce =...