Displaying 20 results from an estimated 29 matches for "ssl_alt_key".
2018 Jul 30
0
2.3.2.1 - ssl_alt_key revealed with dovecot -n
Seems like a minor cosmetic bug with [ dovecot -n ]
ssl_alt_key = </etc/pki/private/some.key.pem
ssl_key =? # hidden, use -P to show it
2018 Jul 31
2
2.3.2.1 - EC keys suppport?
...gt; blubbering about when dovecot caters for it already'. That stopped when
> testing the setting ... like you said it is a bug apparently.
>
> Now about compiling... that is not really my turf unless it is
> absolutely necessary. Time being I will (have to) work around with [?
> ssl_alt_key/cert ] and will notify the downstream repo maintainer about
> the patch, assuming that needs all that compiling I cannot just modify
> some file manually.
>
>
>
Yeah, it needs to be recompiled to fix.
Aki
2017 Jun 20
4
v2.2.31 release candidate released
...ess new bugs are found, this will be the final v2.2.31 release, which will be released on Monday.
* LMTP: Removed "(Dovecot)" from added Received headers. Some
installations want to hide it, and there's not really any good reason
for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ pop3-migration plugin: Strip trailing whitespace from headers
when matching mails between IMAP and POP3. This helps with migrations
from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox...
2017 Jun 20
4
v2.2.31 release candidate released
...ess new bugs are found, this will be the final v2.2.31 release, which will be released on Monday.
* LMTP: Removed "(Dovecot)" from added Received headers. Some
installations want to hide it, and there's not really any good reason
for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ pop3-migration plugin: Strip trailing whitespace from headers
when matching mails between IMAP and POP3. This helps with migrations
from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox...
2018 May 16
2
Dovecot send duplicated certificates when using ssl_alt_cert
Hello,
I'm running dovecot 2.3.1 (c5a5c0c82) and trying to experiment with using both RSA and ECDSA certificates.
My configuration is as follow:
ssl_alt_cert = </path/to/my.rsa.key
ssl_alt_key = </path/to/my.rsa.key
ssl_cert = </path/to/my.ecdsa.pem
ssl_key = </path/to/my.ecdsa.key
Both certificates are let's encrypt certificate, so both are using the same intermediate CA.
The certificate chain are:
for rsa:
- my certificate
- Let's Encrypt Authority X3
- DST Root...
2018 Jul 31
2
2.3.2.1 - EC keys suppport?
On 31.07.2018 03:32, ????? wrote:
>> Perhaps for whose interested - IETF RFC 7027 specifies for TLS use:
>>
>> [ brainpoolP256r1 | brainpoolP384r1 | brainpoolP512r1 ]
>>
>> And thus t1 would not work anyway. However, having tested r1 the result
>> was just the same.
>>
>> A tcpdump during the openssl test [ s_server | s_client ] then revealed
2018 Mar 10
1
quota-status: Issues with uppercase recipient address
...login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 12340
}
}
ssl_alt_cert = </usr/local/etc/ssl/acme/mail.firc.de_ecc/cert.pem
ssl_alt_key = </usr/local/etc/ssl/acme/mail.firc.de_ecc/key.pem
ssl_ca = /usr/local/etc/ssl/acme/ca.pem
ssl_cert = </usr/local/etc/ssl/acme/mail.firc.de/cert.pem
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
ssl_protocols = !SSLv3
userdb {
args = /usr/local/etc/dovecot/dovecot-...
2017 Jun 26
0
v2.2.31 released
...r :) v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3.
* LMTP: Removed "(Dovecot)" from added Received headers. Some
installations want to hide it, and there's not really any good reason
for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
headers when matching mails. This helps with migrations from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl...
2017 Jun 26
0
v2.2.31 released
...r :) v2.2.32 is planned for the end of August. Hopefully soon afterwards we can get back to v2.3.
* LMTP: Removed "(Dovecot)" from added Received headers. Some
installations want to hide it, and there's not really any good reason
for anyone to have it.
+ Add ssl_alt_cert and ssl_alt_key settings to add support for
having both RSA and ECDSA certificates.
+ dsync/imapc, pop3-migration plugin: Strip trailing whitespace from
headers when matching mails. This helps with migrations from Zimbra.
+ acl: Add acl_globals_only setting to disable looking up
per-mailbox dovecot-acl...
2018 Jul 31
0
2.3.2.1 - EC keys suppport?
...ke 'yeah - what are you
blubbering about when dovecot caters for it already'. That stopped when
testing the setting ... like you said it is a bug apparently.
Now about compiling... that is not really my turf unless it is
absolutely necessary. Time being I will (have to) work around with [?
ssl_alt_key/cert ] and will notify the downstream repo maintainer about
the patch, assuming that needs all that compiling I cannot just modify
some file manually.
2018 Jul 31
0
2.3.2.1 - EC keys suppport?
> Yeah, it needs to be recompiled to fix.
>
Sure, no worries.? Thanks for the quick turnaround on the patch.
Downstream is notified and pending migration into their package.
Meanwhile ssl_alt_key/certs does the trick. I am grateful that such
option is even provisioned or else I would a be in rather bad spot with
the CA. Other apps are rather ignorant on that matter.
2017 Jun 23
0
v2.2.31 release candidate released
...be the final v2.2.31 release, which
> will be released on Monday.
>
> * LMTP: Removed "(Dovecot)" from added Received headers. Some
> installations want to hide it, and there's not really any good reason
> for anyone to have it.
>
> + Add ssl_alt_cert and ssl_alt_key settings to add support for
> having both RSA and ECDSA certificates.
> + pop3-migration plugin: Strip trailing whitespace from headers
> when matching mails between IMAP and POP3. This helps with migrations
> from Zimbra.
> + acl: Add acl_globals_only setting to disable l...
2019 Jan 16
2
auth-worker: Error: double free or corruption (fasttop)
...995
ssl = yes
}
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
port = 10022
}
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = vmail
}
ssl_alt_cert = </etc/ssl/certs/postfix-rsa.crt
ssl_alt_key = # hidden, use -P to show it
ssl_cert = </etc/ssl/certs/postfix-ecc.crt
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
verbose_proctitle = ye...
2020 Mar 09
0
dovecot-pigeonhole Broken ?
...sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap lmtp
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
user = root
}
ssl = required
ssl_alt_cert = </etc/letsencrypt/live/mx02.esslmaier.at/fullchain.pem
ssl_alt_key = # hidden, use -P to show it
ssl_cert = </etc/letsencrypt/live/mx02.esslmaier.at/fullchain-ecdsa.pem
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!
3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH
ssl_client_ca_file = </etc/pki/tls/cert.pem
ssl_dh = # hidden, use -P to...
2019 Oct 14
0
Panic: file smtp-client-connection.c: line 1212 (smtp_client_connection_established): assertion failed: (!conn->connect_succeeded)
...-doveadm {
> ????mode = 0600
> ????user = $mail_uid
> ? }
> }
> service submission-login {
> ? inet_listener submission {
> ????haproxy = yes
> ????port = 465
> ????ssl = yes
> ? }
> }
> ssl = required
> ssl_alt_cert = </etc/ssl/private/example.com.pem
> ssl_alt_key = # hidden, use -P to show it
> ssl_cert = </etc/ssl/private/example.com-ecc.pem
> ssl_cipher_list =
> TLS-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:TLS-AES-256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:TLS-AES-128-GCM...
2018 Mar 08
2
Extra intermediate certificate when using ssl_alt_cert
...istener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_alt_cert = </etc/ssl/certs/mail.[redacted].ecdsa.pem
ssl_alt_key = </etc/ssl/private/[redacted].ecdsa.key
ssl_cert = </etc/ssl/certs/mail.[redacted].rsa.pem
ssl_key = </etc/ssl/private/[redacted].rsa.key
ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-G...
2019 Jul 15
2
Error since Dovecot v2.3.7
...p3-login {
inet_listener pop3 {
port = 0
}
}
service stats {
unix_listener stats-writer {
user = mail
}
}
service submission-login {
inet_listener submission_ssl {
port = 465
ssl = yes
}
}
ssl = required
ssl_alt_cert = </usr/local/acme/var/iwascoding.com/fullchain.cer
ssl_alt_key = # hidden, use -P to show it
ssl_cert = </usr/local/acme/var/iwascoding.com_ecc/fullchain.cer
ssl_cipher_list = ALL:HIGH:!SSLv2:!SSLv3:!kRSA:!MEDIUM:!LOW:!EXP:!RC4:!MD5:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!PSK:!SRP:!DSS:!SEED:@STRENGTH
ssl_client_ca_dir = /etc/ssl/certs
ssl_client_ca_file = /etc/s...
2019 Jan 20
0
auth-worker: Error: double free or corruption (fasttop)
...? client_limit = 1
> ? executable = quota-status -p postfix
> ? inet_listener {
> ??? port = 10022
> ? }
> }
> service quota-warning {
> ? executable = script /usr/local/bin/quota-warning.sh
> ? user = vmail
> }
> ssl_alt_cert = </etc/ssl/certs/postfix-rsa.crt
> ssl_alt_key = # hidden, use -P to show it
> ssl_cert = </etc/ssl/certs/postfix-ecc.crt
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_min_protocol = TLSv1.2
> ssl_prefer_server_ciphers = yes
> userdb {
> ? args = /etc/dovecot/dovecot-sql.conf
> ?...
2019 Jul 27
2
submission configuration issues
...user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address = localhost
}
}
service submission-login {
inet_listener submissions {
haproxy = no
port = 465
reuse_port = no
ssl = yes
}
}
ssl_alt_cert = </var/lib/acme/imap.example.com/rsa/cert.pem
ssl_alt_key = # hidden, use -P to show it
ssl_cert = </var/lib/acme/imap.example.com/ecdsa/cert.pem
ssl_cipher_list = TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384...
2019 Jan 27
1
auth-worker: Error: double free or corruption (fasttop)
...xecutable = quota-status -p postfix
>> inet_listener {
>> port = 10022
>> }
>> }
>> service quota-warning {
>> executable = script /usr/local/bin/quota-warning.sh
>> user = vmail
>> }
>> ssl_alt_cert = </etc/ssl/certs/postfix-rsa.crt
>> ssl_alt_key = # hidden, use -P to show it
>> ssl_cert = </etc/ssl/certs/postfix-ecc.crt
>> ssl_dh = # hidden, use -P to show it
>> ssl_key = # hidden, use -P to show it
>> ssl_min_protocol = TLSv1.2
>> ssl_prefer_server_ciphers = yes
>> userdb {
>> args = /etc/dovec...