similar to: virtual domains and SSL certificates

Hi, Is it expected that if I have filesystem tank/foo and tank/foo/bar (mounted under /tank) then in order to be able to browse via /net down into tank/foo/bar I need to have group/other permissions on /tank/foo open? # zfs create tank/foo # zfs create tank/foo/bar # chown gavinm /tank/foo /tank/foo/bar # zfs set sharenfs=rw tank/foo # ls -laR /tank/foo /tank/foo: total 9 drwxr-xr-x 3 gavinm

Hey everyone... I''m just getting my feet wet with relational databases using RoR models. The software I''m putting together relies on car parts. Originally I had the database set up as follows create_table :parts do |t| t.column :year, :string t.column :make, :string t.column :model, :string . . . end However, I now realize it''s much better to do it using

I've tried setting up multiple SSL-Certificates (using letsencrypt) for dovecot on my ubuntu machine. Used dovecot version is 2.2.18. Regarding to official docs this should be working. My test-client (Thunderbird on linux) has been mentioned to be working fine with SNI here: https://wiki.dovecot.org/SSL/SNIClientSupport https://wiki.dovecot.org/SSL/DovecotConfiguration#line-89 >

Ok, thank you. I will play around with it. I also noticed, that libvirt does not use this SNI extension. Actually,this not needed here, as we have only one location for server certificate, but this requires some modifications in mitmproxy, as for example tls in web browsers always include this SNI extensions. Are there maybe other big differences in tls implementation in libvirt or maybe some

Can somebody help me get this right please. I'm trying to upgrade to version 1 and I get this error which I can't workaround: expecting "=" on line 33 Line 33 is the passdb file name ?? I'm trying this with 1.0 beta3 on a Devil linux system (v 1.2.9). Thanks Dick -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name:

Hi I have some problem with SNI and dovecot 2.2.36.4 Server debian 9.x ad dovecot-2.2.36.4 default server ssl cert is a wildcard like *.domain.com (digicert) ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem I added for test another domain (in dns to) for another ssl (letsencrypt) from https://wiki.dovecot.org/SSL/DovecotConfiguration like: local_name

Hi folks, I have configured a public folder as described on the Wiki (more or less; see below), but in TB3 I see the "Public" folder grayed out. I cannot subscribe. Toggling the subscriptions flag doesn't help. What did I miss here? Any helpful comment would be highly appreciated. If this is a TB3 problem: Which MUA would you suggest? Regards Harri

Hi All, I''ve run into a bit of a tangle. I currently have two puppet masters which are "load balanced" with round robin DNS (one is also the CA). I''m using dns_alt_names to let them each answer to puppet.my.domain.com For the past year this has been fine. About a week ago I tried to add a third & while all my Linux clients are happy with the new arrangement,

On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: > On Monday 17 of October 2016, KT Walrus wrote: >>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: >>> >>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >>>> Is there a way to log SNI hostname used in TLS session? Info is there in >>>>

> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >> Is there a way to log SNI hostname used in TLS session? Info is there in >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to >> ssl_io->host. >> >> Unfortunately I don't see it expanded to any

Hi. Little story :-) I'm playing with dovecot 2.2.25 and multiple SSL certificates. ~7000 certificates which are loaded twice, so my dovecot has ~14 000 certificate pairs (14k key + 14k cert) in config. 14 000 local_name entries. Like these: local_name imap.example.com { ssl_cert = </etc/certs/cert1.pem ssl_key = </etc/certs/cert1.pem } local_name pop3.example.com { ssl_cert =

Hello, Trying to get this ''thing'' to do something for me - whenever I run script/something I get the following error: ./script/../config/boot.rb:6:in `require'': No such file to load -- pathname (LoadError) from ./script/../config/boot.rb:6 from script/generate:2:in `require'' from script/generate:2 and boot.rb:6 says require

I want to supply separate Letsencrypt certificates for each virtual domain and seeing that SNI does not work I need to allocate separate IPs. Could anyone give some pointers, or keywords to search for, on... a) how to make dovecot listen for different domains on different IPs? b) how to configure separate SSL certs for each of these IPs?

On 20.10.2016 15:41, Arkadiusz Mi?kiewicz wrote: > On Thursday 20 of October 2016, Aki Tuomi wrote: >> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: >>> On Monday 17 of October 2016, KT Walrus wrote: >>>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> >>>>> wrote: >>>>> >>>>> On Monday 30

Is there a way to log SNI hostname used in TLS session? Info is there in SSL_CTX_set_tlsext_servername_callback, dovecot copies it to ssl_io->host. Unfortunately I don't see it expanded to any variables ( http://wiki.dovecot.org/Variables ). Please consider this to be a feature request. The goal is to be able to see which hostname client used like: May 30 08:21:19 xxx dovecot:

Hello Timo, I'd like to check if my understanding of dovecot-1.2.x's SSL certificate handling is correct : SSL does not provide the server any mechanism to choose which certificate it must send relatively to the name the client is using. Thus, if you want to use different certificates, you have to listen to different addresses. This is an SSL limitation, not a dovecot nor

Good morning, I was wondering what you think about SNI (server name indication) support to OpenSSH? Background: SSH is one of the rare protocols in the data center that cannot be easily load balanced, proxied or made highly available. If the ssh client would indicate to which host it wants to connect to, a proxy or load balancer could easily be implemented. While this is an obvious feature for

Hello, We?re rolling out large SNI deployments for our mail servers. Each domain gets an entry like this in the config: local_name mail.foo.com { ssl_cert = </ssl/domain_tls/*.foo.com/combined ssl_key = </ssl/domain_tls/*.foo.com/combined } There are a couple problems we?re finding with this approach: 1) Dovecot wants to load everything at once, which has some machines taking

Hi!! Of late, I'm getting a lot of un-solicited mails from this list, and inspite of un-subscribing mails, messages, threats , nothing really seems to work... My question: 1. Is there any way I can 'avoid' or 'bounce' incoming messages at the mail-server level?? 2. I cannot change my address (alias) as such... since this involves sending reminders to God knows how many

Hello, I'm looking into deploying dovecot as a proxy, currently using perdition. Have been using dovecot on the actual servers for years, nearly a decade. So far just 1.x, but for the proxy it will have to be 2.x (2.1.7 is the current Debian version), as the trigger for this change is the need to support multiple SSL certificates. All that happens on the proxy seems to be handled by the