similar to: Anonymous SSL Ciphers

Hello Everyone, First wanted to say thanks for any help in advance. I have a clustered mail system each running on centos 5.2. I have a test box that I am running the newest version on dovecot on and I am getting some random authnication failed errors. Here is the error below: Nov 04 17:31:22 auth(default): Error: worker-server(xxx at xxxx.com): Aborted: Lookup timed out Nov 04 17:31:23

Can you use both ssl_protocols *and* ssl_cipher_list in the same config (in a way that's sane)? ssl_protocols (>= 2.1) and ssl_cipher_list co-exist, or are they mutually exclusive? I have a Dovecot 2.2.13 system, and I tried setting: I also tried things like ssl_cipher_list = HIGH or ssl_cipher_list = HIGH:!MEDIUM:!LOW however, doing this seems to make v3 still work unless I

I have the following two settings in my "10-ssl.conf" file # SSL protocols to use ssl_protocols = !SSLv2 # SSL ciphers to use ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL I have seen different configurations while Googling. I am wondering what the consensus is for the best settings for these two items. What do the developers recommend? Thanks! -- Jerry

On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > On 12/1/2014 4:43 PM, Will Yardley wrote: > > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > > (in a way that's sane)? > > > Is there a way to exclude these ciphers, while still keeping my config > > easy to parse and avoiding duplicative or deprecated configs? > >

Hi, there! Well, I am new to dovecot, so please be patient with me: I have a virtual server and want to setup simple mail delivery. postfix, saslauthd and dovecot basically work fine. The only open issue is, that (I guess) dovecot doesn't remove the mail when it's retrieved via pop3 from the server. It keeps sending me the same emails again and again. (The mail client (Thunderbird) is

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a

Getting complaints from people about pop/imap issues. some people are getting repaeted e-mail. Other are not able to delete their e-mails from an IMAP lcient. Current configuration /usr/dovecot2/sbin/dovecot -n # 2.2.26.0 (23d1de6): /usr/dovecot2/etc/dovecot/dovecot.conf # OS: FreeBSD 11.0-RELEASE-p2 amd64 base_dir = /var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 100

Hi Timo, reading this http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/ it looks like DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA can be forced in use with apple mail ( if no ECDHE is possible ,by missing openssl 1.x etc, seems that apple mail tries ECDHE first if fails its going to use RSA-AES128-SHA ) force soltution as tried ssl_cipher_list =

Is there a way to limit the amount of maildir folders a user can have? Also is there is hard limit on the amount of folders dovecot can handle? I have a user who has over 3000 folder (including subfolders) that is having issues with delays in loading, moving, and deleting messages. Thanks in advance Jeff N.

On Tue, Dec 02, 2014 at 08:34:50AM -0800, Darren Pilgrim wrote: > On 12/1/2014 9:44 PM, Will Yardley wrote: > > On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > >> On 12/1/2014 4:43 PM, Will Yardley wrote: > >>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config > >>> (in a way that's sane)? > >> >

Dovecot 1.2.10 in Debian, using Dovecot sieve. I have a sieve script, generated by Ingo, that's supposed to mark spam messages as "Seen" and file them into the Junk folder. In part it reads: require ["regex", "body", "imapflags", "fileinto"]; if exists "X-Spam-Flag" { addflag "\\Seen"; fileinto

Hello, I cannot run FTS SOLR engine. OS is debian lenny. I re-compiled debian package (from backports) with --with-solr option. Dovecot loads fts_solr plugin. I know that it loads plugin because if I remove lib21_fts_solr_plugin.so, dovecot does not start. But it does not attempt to communicate with SOLR. Simple check: stop solr tomcat, and open 8080 port in netcat: $nc -l -p 8080 dovecot

Using 1.2.11 I am getting some people repeating that they are getting repeated POP3 e-mails. My configuration is # 1.2.11: /usr/dovecot/etc/dovecot.conf # OS: BSD/OS 4.3 i386 base_dir: /var/run/dovecot/ protocols: pop3 pop3s imap imaps ssl_listen: 204.209.81.1 ssl_cipher_list: ALL:!LOW:!SSLv2 disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default):

Hello all, I'm setting up a Dovecot environment here, version 1.2.15 on Debian 6.0.2 "squeeze". This is actually a complete revamp of the previous setup we have in-place here, built from the ground up with updated versions of all involved software. The operators have told me that they use some scripts hacked up by a previous sysadmin to give a single "admin" account full

CentOS 7 Dovecot 2.2.36 Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<> Was working fine for over a year, until the cert expired and I replaced it. I've tried the good cert I have for

> On Jul 29, 2018, at 6:02 PM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > > Am 29.07.2018 um 21:02 schrieb J Doe: >> Hello, >> I have a question regarding SSL/TLS settings for Dovecot version 2.2.22. >> In: 10-ssl.conf there are two parameters: >> ssl_protocols >> ssl_cipher_list >> ssl_protocols is commented with ?SSL protocol to

This might be a MTA question, but because I use Dovecot as an LDA, maybe some can help me here. Our users would like that outgoing mail is automatically saved in some folder, say Sent. We use Postfix with virtual domains, Maildir and Dovecot+Sieve as LDA. Outgoing mail is relayed by our imap-server (with authentification of course, no open relay). Most people seem to advice Postfix

I'm bringing up a system with dovecot that has been running for years with uw-imap. In making the switch, I put a tail on the log file, made the switch, and sent a test mail and received it. I was able to receive mail with no apparent difficulties, but the log file was disconcerting. A number of users connected during the few minutes I had it running, and for each of them there was an

Hi Folks, after adding TLSv1.2 to by TLS options a lot of Outlook users complaint about connection errors, openssl s_client and Thunderbird works fine. I found some posts about this but none of them had a real solution on this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 ssl_cert = </var/qmail/control/servercert.pem

When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current