similar to: SSL CA root certificate

Hello, As far as I can read in the Dovecot SSL configuration wiki page, each CA cert must be followed by the related CA CRL in the client certificate verification context ("ssl_ca_file" setting). In my company we do have our own PKI and as soon as Client certificate is compromised we do revoke it and update the related CA's CRL. Does that mean that I have to issue a new

Hi Timo and others, I'm using test32 since today and I'm getting this error once every 2 hours or so: dovecot: Jul 30 20:21:26 Error: IMAP(jens at gutzeit.at): open(/var/mail/data/jens/jens at gutzeit.at/maildir/.INBOX.Gentoo.Security/dovecot-uidlist) failed: Too many open files dovecot: Jul 30 20:21:26 Error: IMAP(jens at gutzeit.at): file maildir-uidlist.c: line 147

Hello, I'm setting up Dovecot with client certificates and everything is working fine as long as the client only has one certificate in his store. If he has more than one, the wrong one might be sent to the server. The root of the problem is that Dovecot does not send out a list of valid CA names in the TLS handshake. If I connect using openssl s_client I get: "No client

When I install an SSL certificate, I can't find a config option to set configure the Server Certificate Chain file... Is this not possible or can I do it another way? (When I connect, I am being told the Signature status is uncheckable...) Regards, BTJ -- ----------------------------------------------------------------------------------------------- Bj?rn T Johansen btj at havleik.no

Hello list, The dovecot version is 1.2.6 running on Solaris x86 11 (nv-b91). The relevant configuration lines are: passdb ldap { # LDAP database (doc/wiki/AuthDatabase.LDAP.txt.) args = /pfx/etc/dovecot/dovecot-ldap.conf } The file dovecot-ldap.conf is correct and LDAP authentication is working well. We would like to make it possible for users with a X.509 client certificate to log in

Hello, we're running RC2 and seeing a problem with the way SSL certs are handled by Dovecot. We've set ssl_verify_client_cert=yes and ssl_require_valid_client_cert=no. Using this setup we get (rather interesting) log entries like these: Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <user cert> Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <CA

Hello, dovecot-1.0-test32 continuously fails on one of our customers mboxes with the following error: Sep 11 16:27:15 web dovecot: POP3(xxxxxxxxxxxxx.de1): file mbox-sync-rewrite.c: line 360 (mbox_sync_read_and_move): assertion failed: (need_space == -mails[idx].space) About 200 other mboxes are working perfectly on the same server. Where should I start looking for the cause of this?

Hi dovecot-list, just a easy question today ;) Customer did on Server a PCI-Test to test security to fit worldpay requirements. They found a critical risk at pop3s. (and some other things) This is the Textmesage: ############ Family: Remote Shell Access Critical 993/tcp 11875 Description: The remote host responded to an unrequested SSL Certificate. The remote SSL server should have sent back

I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, and I'm using Thunderbird to access my mail. I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I configure my Thunderbird for SSL/TLS connection with normal password. It works fine. However, with my config anybody

Hi, I've searched for this error and found nothing. When I switch on SSL, I get the following errors: >>> Oct 3 20:05:23 [dovecot] Dovecot v1.0.rc7 starting up Oct 3 20:05:24 [dovecot] Login process died too early - shutting down Oct 3 20:05:24 [dovecot] imap-login: Can't load certificate file /etc/ssl/certs/dovecot.crt: error:0B07C065:x509 certificate

Hi, i am trying to setup dovecot over ssl in the last couple days unsuccessfully My notes are from here: http://wiki.dovecot.org/SSL My OpenSSL commands are: mkdir -pv /opt/certificates/dovecot/ cd !$ (just to prevent questions about Common Name) [ebal at myhome:~]? hostname myhome openssl req -new -x509 -nodes -out dovecot.crt -keyout dovecot.key -days 1825 # Country Name (2 letter code)

Hi all, Ok, been wanting to do this for a while, and I after the Heartbleed fiasco, the boss finally agreed to let me buy some real certs... Until now, we've been using self-signed certs with the following dovecot config: ssl = required ssl_cert = </etc/ssl/ourCerts/imap.pem ssl_key = </etc/ssl/ourCerts/imap_key.pem Now, I've created new keys/certs and the CSR, got the new

> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>: > > > So I added > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > But alas: > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in

After updates to grub2 and kernel in CentOS 7, today, systems will no longer boot in Secure Boot mode. I'm not positive, but I think grub2 is the culprit. Is anyone else seeing the same problem?

I installed dovecot-1.0-test32 and I present the following error in some users: Error: IMAP(user): Buffer full (46) How to solve this problem?

> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Aki Tuomi <aki.tuomi at dovecot.fi>: > > > > > So I added > > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > > > > > But alas: > > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting

Hello, I've some troubles logging in after upgrading to -test38. The error in the logs says: Sep 4 02:34:38 hostname dovecot: imap-login: Login: username [123.123.123.123] Sep 4 02:34:48 hostname dovecot: IMAP(username): file ostream-file.c: line 105 (update_buffer): assertion failed: (size <= used) Sep 4 02:34:48 hostname dovecot: child 28966 (imap) returned error 1 Regards,

Hello all, I have two new server samba4, with isc-dhcp and Bind. ( Thanks to Louis 's scripts ) The AD was migrate from 2 Windows 2000 servers last friday, with a copy of them in a private lan. Today we have shutdown the old windows 2000 server and put the 2 new samba4 in place of them. The problem is that the DHCP does not update the DNS systematically... That works with laptops ( which

I have played with self-signed end-use PKI certificates for about a decade now and would really like to set up a proper, albeit private, PKI using some sort of OFS CA management software. I have looked at OpenCA and found a few packages on sourceforge but they all seem to fall short of my desires in one form or another (rpm install, multiple subordinate CAs, certificate revocation and extension

Hi, I need to add my own and other/new self-signed ca/root cert in CentOS pki database/system, for all/most type of apps to use. Using "wget", i'm trying to securely(HTTPS) get gpg keys/files from https://fedoraproject.org/keys site, which is using root cert with following info: CN = GeoTrust Global CA O = GeoTrust Inc. C= US MD5 f7:75:ab:29:fb:51:4e:b7:77:5e:ff:05:3c:99:8e:f5 I