similar to: 0.99.10.5 imap flag update issues

Hi, the email status problem that I reported for Dovecot 0.99.10.5 on June 3rd does still show up in 0.99.10.6. Quoting myself: (1) When new mail is delivered to the inbox, the last read mail(s) change(s) to "unread". Clients: Eudora 6 (Mac), Mozilla 1.6 (NetBSD, Linux, Win XP), MS Outlook. (2) When you attempt to move mails from the inbox to another folder with Mozilla (1.6 on

Hi, I've got an 'interesting' problem with a dovecot 0.99.10.4 setup on NetBSD/i386 1.6ZK. dovecot is serving imap only at the moment, using mbox format mailboxes. '/etc/dovecot.conf' is pretty vanilla - among the modified settings, mail_read_mmaped = yes maildir_check_content_changes = yes mbox_lock = fcntl could be relevant. Anyway - from time to time when I move a

On Thu, 11 Jan 2018 13:22:07 +0200, Aki Tuomi wrote: > Can you try if it works if you concatenate the cert and cert-chain > to single file? We'll start looking if this is misunderstanding or bug. This is a production machine, so I would rather stick with the downgrade until you've looked into the issue. I went home late yesterday. ;) Cheerio, Hauke -- The ASCII Ribbon

On 05/28/18 11:08, Aki Tuomi wrote: > > > On 28.05.2018 12:06, Hauke Fath wrote: >> On 05/21/18 17:55, Aki Tuomi wrote: >>> ssl_ca is used only for validating client certificates. >> >> But it was used (though not documented, IIRC) for validating server >> certs, too. Since intermediate CA certs are usually valid a lot longer >> than the server

Hi list, after about a day of operation, dovecot 1.0alpha5 (NetBSD/i386 2.1) died on me with Dec 14 10:53:52 bounce dovecot: pipe() failed: Too many open files Dec 14 10:54:23 bounce last message repeated 279661 times Dec 14 10:56:23 bounce last message repeated 1071807 times Dec 14 10:56:59 bounce last message repeated 325386 times -- any ideas on what to tune? hauke -- /~\ The ASCII

All, our dovecot installation provides a bundle of intermedia CA certificates using the ssl_ca option. 2.3.0 does not supply the bundle, resulting in various clients either complaining about an unverifiable server cert, or quietly not connecting. The log has Jan 5 17:01:46 Bounce dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=XXX, lip=YYY, TLS

On 11/13/18 19:58, Aki Tuomi wrote: > On 13 November 2018 at 20:53 Arkadiusz Mi?kiewicz wrote: >> I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to >> dovecot 2.3.3 run with openssl 1.1.1. >> >> Currently I have both variants running with identical configs and certs >> (the only differences are due to config syntax changes in dovecot

On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote: >> i thought ssl_ca is where to put the intermediate cert? Well, it surely worked that way until v2.3... > (Sorry for duplicate mail, keyboard acted up...) > > No, that has always been a mistake and it was fixed in 2.3. Our SSL > pages in documentation & wiki have always recommended concatenating >

Am 13.01.2006 um 11:17 Uhr +0000 schrieb Michael Stevens: >I can read a mail, see Apple Mail flag it as read, quit, come back >later, and find the mail is marked unread again. It seems to also >happen sometimes when I switch folders or get new mail. > >I've not worked out what's triggering it yet. Anyone seen anything >like this? Same here - Eudora on MacOS 10.4, and

On 05/21/18 17:55, Aki Tuomi wrote: > ssl_ca is used only for validating client certificates. But it was used (though not documented, IIRC) for validating server certs, too. Since intermediate CA certs are usually valid a lot longer than the server certs, having to concat the certs is awkward, at best. I would very much like to see the pre-2.3 behaviour of "ssl_ca" restored.

On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote: > I'm sure. But putting it as ssl_ca makes no sense, since it becomes > confused what it is for. I guess - I haven't had a need for client certs, and only ever used ssl_ca for the server ca chain. > We can try restoring this as ssl_cert_chain setting in future release. Sounds good. How about (re)naming them

On 28.05.2018 13:05, Hauke Fath wrote: > On 05/28/18 11:08, Aki Tuomi wrote: >> >> >> On 28.05.2018 12:06, Hauke Fath wrote: >>> On 05/21/18 17:55, Aki Tuomi wrote: >>>> ssl_ca is used only for validating client certificates. >>> >>> But it was used (though not documented, IIRC) for validating server >>> certs, too. Since

On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: > Was the certificate path bundled in the server certificate? No, as a separate file, provided from the local (intermediate) CA: ssl_cert = </etc/openssl/certs/server.cert ssl_key = </etc/openssl/private/server.key ssl_ca = </etc/openssl/certs/ca-cert-chain.pem Worked fine with 2.2.x, 2.3 gives % openssl s_client -connect XXX:993

On 28.05.2018 12:06, Hauke Fath wrote: > On 05/21/18 17:55, Aki Tuomi wrote: >> ssl_ca is used only for validating client certificates. > > But it was used (though not documented, IIRC) for validating server > certs, too. Since intermediate CA certs are usually valid a lot longer > than the server certs, having to concat the certs is awkward, at best. > > I would very

On 28.05.2018 14:30, Hauke Fath wrote: > On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote: >> I'm sure. But putting it as ssl_ca makes no sense, since it becomes >> confused what it is for. > I guess - I haven't had a need for client certs, and only ever used > ssl_ca for the server ca chain. > >> We can try restoring this as ssl_cert_chain setting in

On 11.01.2018 13:20, Hauke Fath wrote: >/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =

On 11.01.2018 12:18, Hauke Fath wrote: > All, > > our dovecot installation provides a bundle of intermedia CA > certificates using the ssl_ca option. > > 2.3.0 does not supply the bundle, resulting in various clients either > complaining about an unverifiable server cert, or quietly not > connecting. The log has > > Jan 5 17:01:46 Bounce dovecot: imap-login:

On 11.01.2018 13:28, Hauke Fath wrote: > On Thu, 11 Jan 2018 13:22:07 +0200, Aki Tuomi wrote: >> Can you try if it works if you concatenate the cert and cert-chain >> to single file? We'll start looking if this is misunderstanding or bug. > This is a production machine, so I would rather stick with the > downgrade until you've looked into the issue. I went home late

On 11 January 2018 at 14:29, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On 11.01.2018 13:28, Hauke Fath wrote: > > On Thu, 11 Jan 2018 13:22:07 +0200, Aki Tuomi wrote: > >> Can you try if it works if you concatenate the cert and cert-chain > >> to single file? We'll start looking if this is misunderstanding or bug. > > This is a production

On 11.01.2018 13:20, Hauke Fath wrote: >/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =