similar to: SSL CA root certificate

Hi Timo and others, I'm using test32 since today and I'm getting this error once every 2 hours or so: dovecot: Jul 30 20:21:26 Error: IMAP(jens at gutzeit.at): open(/var/mail/data/jens/jens at gutzeit.at/maildir/.INBOX.Gentoo.Security/dovecot-uidlist) failed: Too many open files dovecot: Jul 30 20:21:26 Error: IMAP(jens at gutzeit.at): file maildir-uidlist.c: line 147

Hello, As far as I can read in the Dovecot SSL configuration wiki page, each CA cert must be followed by the related CA CRL in the client certificate verification context ("ssl_ca_file" setting). In my company we do have our own PKI and as soon as Client certificate is compromised we do revoke it and update the related CA's CRL. Does that mean that I have to issue a new

Hello, I'm setting up Dovecot with client certificates and everything is working fine as long as the client only has one certificate in his store. If he has more than one, the wrong one might be sent to the server. The root of the problem is that Dovecot does not send out a list of valid CA names in the TLS handshake. If I connect using openssl s_client I get: "No client

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

Hello list, The dovecot version is 1.2.6 running on Solaris x86 11 (nv-b91). The relevant configuration lines are: passdb ldap { # LDAP database (doc/wiki/AuthDatabase.LDAP.txt.) args = /pfx/etc/dovecot/dovecot-ldap.conf } The file dovecot-ldap.conf is correct and LDAP authentication is working well. We would like to make it possible for users with a X.509 client certificate to log in

Hello, dovecot-1.0-test32 continuously fails on one of our customers mboxes with the following error: Sep 11 16:27:15 web dovecot: POP3(xxxxxxxxxxxxx.de1): file mbox-sync-rewrite.c: line 360 (mbox_sync_read_and_move): assertion failed: (need_space == -mails[idx].space) About 200 other mboxes are working perfectly on the same server. Where should I start looking for the cause of this?

Hello, we're running RC2 and seeing a problem with the way SSL certs are handled by Dovecot. We've set ssl_verify_client_cert=yes and ssl_require_valid_client_cert=no. Using this setup we get (rather interesting) log entries like these: Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <user cert> Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <CA

Hi dovecot-list, just a easy question today ;) Customer did on Server a PCI-Test to test security to fit worldpay requirements. They found a critical risk at pop3s. (and some other things) This is the Textmesage: ############ Family: Remote Shell Access Critical 993/tcp 11875 Description: The remote host responded to an unrequested SSL Certificate. The remote SSL server should have sent back

> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>: > > > So I added > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > But alas: > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in

Hi, i am trying to setup dovecot over ssl in the last couple days unsuccessfully My notes are from here: http://wiki.dovecot.org/SSL My OpenSSL commands are: mkdir -pv /opt/certificates/dovecot/ cd !$ (just to prevent questions about Common Name) [ebal at myhome:~]? hostname myhome openssl req -new -x509 -nodes -out dovecot.crt -keyout dovecot.key -days 1825 # Country Name (2 letter code)

I installed dovecot-1.0-test32 and I present the following error in some users: Error: IMAP(user): Buffer full (46) How to solve this problem?

I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, and I'm using Thunderbird to access my mail. I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I configure my Thunderbird for SSL/TLS connection with normal password. It works fine. However, with my config anybody

Hi, I've searched for this error and found nothing. When I switch on SSL, I get the following errors: >>> Oct 3 20:05:23 [dovecot] Dovecot v1.0.rc7 starting up Oct 3 20:05:24 [dovecot] Login process died too early - shutting down Oct 3 20:05:24 [dovecot] imap-login: Can't load certificate file /etc/ssl/certs/dovecot.crt: error:0B07C065:x509 certificate

> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Aki Tuomi <aki.tuomi at dovecot.fi>: > > > > > So I added > > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > > > > > But alas: > > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting

Hello, I've some troubles logging in after upgrading to -test38. The error in the logs says: Sep 4 02:34:38 hostname dovecot: imap-login: Login: username [123.123.123.123] Sep 4 02:34:48 hostname dovecot: IMAP(username): file ostream-file.c: line 105 (update_buffer): assertion failed: (size <= used) Sep 4 02:34:48 hostname dovecot: child 28966 (imap) returned error 1 Regards,

Hello all, I have two new server samba4, with isc-dhcp and Bind. ( Thanks to Louis 's scripts ) The AD was migrate from 2 Windows 2000 servers last friday, with a copy of them in a private lan. Today we have shutdown the old windows 2000 server and put the 2 new samba4 in place of them. The problem is that the DHCP does not update the DNS systematically... That works with laptops ( which

Hello All, I have 2 samba4 AD server with dhpd and dynamic DNS. I have well understand that for now it's not possible to have 2 DHCP server running in the same time. So I would have at a time only one dhcp server running. If the first server got a problem I want to manually start the isc-dhcp service in the second to rescue the system. But It's not working as I expected... If I switch

Mandi! Rowland Penny via samba In chel di` si favelave... > This is probably where you are going wrong. AD lives and dies on DNS, > your DC MUST be authoritative for the AD domain. ...but *is* authoritative! Simply DHCP server assign the ''old'' DNS, where all resolution fr the AD (sub)domain are forwarded to AD DNS... > Your AD clients should be using the DC as

After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings this: May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken

Hello, I have two samba 4.2.7-SerNet-Debian-8.wheezy AD servers. since few days now I have some winbind errorsthat block the server... It seems that they appears more and more frequently... ( about one time per day ) I have about 200 clients pc with windows 10, seven and XP. Last month I've migrated about 30 pc from seven to 10. Is there a relationship? In the following logs, you can see