search for: ssl_ca_dir

...users, where the mail is actually drawn from, are of the format: user (passwd file driven). I was able to log in with just "user", and have it both authenticate remotely, and access local mail, using: passdb { driver = imap args = host=remotehost.com ssl=imaps port=993 user=%n@%d ssl_ca_dir=/etc/ssl/certs } userdb { driver = passwd args = blocking=no } However, the remote SMTP server, which I will not be proxying, requires the same user at domain format for usernames. I would rather not ask users to use "user at domain" for SMTP, and "user" for IMAP. They s...

...Hindenburgdamm 30 | D-12203 Berlin > Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > ralf.hildebrandt at charite.de | https://www.charite.de > Hi. passdb imap was changed to verify remote SSL cert by default (yeah, it kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir setting in args. Or you can disable this behaviour with allow_invalid_cert. Aki

...certs without trusted CAs (ssl_client_ca_* settings) and in version 2.3.devel Policy server HTTP error: 9002 Requested https connection, but no SSL settings given dovecot.conf does have ?ssl_client_ca_dir = /etc/ssl/certs? set. Looking around the source, http-client-settings are not given the ssl_ca_dir or ssl_ca_file setting from the config. Admittedly SSL tear up/down is little expensive per auth, but I think it maybe it should still work?

After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings this: May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 2 secs): user=<>, rip=141.42.206.36, lip...

...t; > I have solved the port problem by specifying it in the passdb section as userdb_imapc_port=993 > > But: > This is in the error log when I make a connection from the client: > > Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting > Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs > > > On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley <davotnz at yahoo.co.nz> wrote: > > > > xxxx at imapproxy...

...namespace/gmail/subscriptions=no userdb_namespace/gmail/separator=. userdb_namespace/gmail/prefix=INBOX.gmail. userdb_namespace/gmail/location=imapc: userdb_imapc_host=imap.gmail.com userdb_imapc_user=xxxx at gmail.com userdb_imapc_password=#hidden_use-P_to_show# userdb_imapc_ssl=imaps userdb_imapc_ssl_ca_dir=/etc/ssl/certs userdb_imapc_port=993? driver = imap}plugin {? sieve = file:~/sieve;active=~/.dovecot.sieve}protocols = " imap"ssl_cert = </etc/dovecot/private/dovecot.pemssl_client_ca_dir = /etc/ssl/certsssl_dh = # hidden, use -P to show itssl_key = # hidden, use -P to show ituserdb {?...

...e port problem by specifying it in the passdb section as userdb_imapc_port=993 > > > > But: > > This is in the error log when I make a connection from the client: > > > > Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting > > Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs > > > > > > On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley <davotnz at yahoo.co.nz> wrote: > > > >...

...> Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 > > ralf.hildebrandt at charite.de | https://www.charite.de > > > > Hi. > > passdb imap was changed to verify remote SSL cert by default (yeah, it > kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir > setting in args. Or you can disable this behaviour with > allow_invalid_cert. I did specify "ssl_ca_file", but then dovecot said "ssl_ca_file has been replaced by ssl_ca = <file" -- so I used that and it wouldn't work either! -- Ralf Hildebrandt Gesch?ftsbere...

I have solved the port problem by specifying it in the passdb section as userdb_imapc_port=993 But:This is in the error log when I make a connection from the client: Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file settingOct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley <davotnz at yahoo.co.nz> wrote: xxxx at imapproxy01:/etc/dovecot/conf.d$ dovecot -n...

...ail server? I am attaching my conf ## Dovecot configuration file in mail_uid = imapproxy mail_gid = imapproxy mail_home = /home/imapproxy/%u mail_location = imapc:~/imapc protocols = imap ## ## imapc settings ## imapc_host = mailserver.example.com imapc_port = 143 imapc_ssl = starttls imapc_ssl_ca_dir = /etc/postfix/certs ## ## auth settings ## auth_mechanisms = plain login passdb { driver = imap args = host=mailserver.example.com ssl=starttls ssl_ca_dir=/etc/postfix/certs default_fields = userdb_imapc_user=%u userdb_imapc_password=%w ssl=starttls } userdb { driver = prefetch } mail...

...t; > I have solved the port problem by specifying it in the passdb section as userdb_imapc_port=993 > > But: > This is in the error log when I make a connection from the client: > > Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting > Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs > > > On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley <davotnz at yahoo.co.nz> wrote: > > > > xxxx at imapproxy...

...x: +49 30 450 570 962 > > > ralf.hildebrandt at charite.de | https://www.charite.de > > > > > > > Hi. > > > > passdb imap was changed to verify remote SSL cert by default (yeah, it > > kinda didn't do this before). It requires a ssl_ca_file or ssl_ca_dir > > setting in args. Or you can disable this behaviour with > > allow_invalid_cert. > > I did specify "ssl_ca_file", but then dovecot said "ssl_ca_file has been replaced by ssl_ca = <file" -- so I used that and it wouldn't work > either! > > -...

...e port problem by specifying it in the passdb section as userdb_imapc_port=993 > > > > But: > > This is in the error log when I make a connection from the client: > > > > Oct 27 08:49:16 imapproxy01 dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting > > Oct 27 08:49:16 imapproxy01 dovecot: master: Error: service(auth): command startup failed, throttling for 2 secs > > > > > > On Tuesday, 27 October 2020, 09:48:49 pm NZDT, David Tildesley <davotnz at yahoo.co.nz> wrote: > > > >...