similar to: STARTTLS does not seem to work

Hi I have a problem with STARTTLS, with imaps all ok. I have tried to connect to server with different clients (thunderbird, the bat, mulberry) and had same result. Thunderbird log for example: 0[284708]: 25c0e08:192.168.4.200:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN 1920[25c77c8]: ImapThreadMainLoop entering [this=25c0e08] 1920[25c77c8]: 25c0e08:192.168.4.200:NA:ProcessCurrentURL:

Hi, I am using dovecot with postfix for authentication. Everything (TLS/SSL, authentication) is working fine, except that when I set: disable_plaintext_auth = yes I still can authenticate with plain text on a no TLS/SSL session: 20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2) EHLO [192.41.170.57] 250-mail2.cs.ait.ac.th 250-PIPELINING 250-SIZE 10240000 250-VRFY

Hello all, I've been trying to setup my postfix and dovecot to AUTH with mysql, and I'm almost there! BUT, for some reason, dovecot won't create the folders in their proper location. For some reason, instead of going into /var/vmail/pplsnet.com/{username}location, where the postfix put all the emails, dovecot creates a whole new set of folders in /var/vmail/{username} I have

Hi all, Ok, up until now, I've only always allowed IMAPS connections to dovecot on port 993. I want to also start allowing clients to user port143+STARTTLS, but I walso want to make sure both ports are locked down to ONLY allow secure connections. So... is disable_plaintext_auth = yes in the main config enough to accomplish this? http://wiki2.dovecot.org/SSL/DovecotConfiguration says:

Op 11/01/2019 om 16:05 schreef Dominik Menke: > Hello Gerald, > > that did the trick, thank you very much! > > --Dominik > > > On 1/11/19 10:54 AM, Gerald Galster wrote: >> Hi Dominik, >> >> I have set ssl = required in 10-ssl.conf globally but no ssl here: >> >> service managesieve-login { >> ?? inet_listener sieve { >> ???? port =

Hi Dominik, I have set ssl = required in 10-ssl.conf globally but no ssl here: service managesieve-login { inet_listener sieve { port = 4190 } ... } Nevertheless, STARTTLS is offered "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags

On my POP3 server, I need to be able to control the use of STARTTLS by client IP address. Specifically: * Clients on certain internal subnets (e.g., 192.168.1.0/24) must not have the option to use TLS. If the client tries to use STARTTLS, the option should be rejected. This is to satisfy US FCC rules regarding the use of encryption over certain radio frequencies. * All other internal clients

Hi List, I have a dovecot which proxies to different backends depending on an entry in a mysql-database. The mysql-query sets ?ssl? to ?any-cert? and this works fine. But this causes me a problem: sieve-backends only support STARTTLS and if I set ?ssl? to ?any-cert? (or yes), it will attempt a TLS-connection to the sieve-backends, which fails. My attempt was to alter the query to include

Hi, I would like to disable offering starttls to clients for certain dovecot services. Background is that I want to do let a load balancer do the TLS stuff right on connect time and let dovecot only do plain imap without offering starttls (because the clients do imaps actually). Getting rid of the starttls feature offering works only if I set ssl = no globally only. Setting it in the service

Hi All, I am runnig sendmail 8.12.8. I am getting the below error. [root at mail MailScanner]# tail -f /var/log/maillog Jan 11 11:20:40 mail sendmail[10646]: STARTTLS: read error=generic SSL error (0) Jan 11 11:20:41 mail last message repeated 22494 times Jan 11 11:20:41 mail sendmail[10646]: STARTTLS: read error=generic SSL error (0) Jan 11 11:20:41 mail last message repeated 8894 times Jan 11

Hi I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24. Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the

Hi all, Is there a way to enforce STARTTLS for all connections, regardless their authentication mechanism? disable_plaintext_auth only takes care of the auth conversation, but I would like to have all communication encrypted. As far as I can see, this would only be possible when using imaps and disabling imap. However, I would like to have the other way around; disabling imaps and using imap for

I have a user who has Mac OS 10.4.8 with Entourage X. The email server is sendmail 8.13.8 and is setup to use STARTTLS on a CentOS 4.4 system. It appears from everything I have googled that only Entourage 2004 will properly function with STARTTLS. Has anybody any experience with Entourage X ... specifically is there something I am missing regarding the CentOS server setup or are all Entourage

Hi, I have a postfix+dovecot-2.2.13 system and have configured it to support IMAPS on 993 with SSL/TLS. I'm noticing with users using Thunderbird, the autodetect defaults to IMAPS on 143 with STARTTLS. Which is preferred? Which is more secure? Which is more common? Why would someone choose one over the other? Can I ask the same question about SMTP and submission? Why would one choose 587

I wanted to enable SSL on some alternate ports so that a limited number of people could try SSL access. But doing so enabled STARTTLS in IMAP, so that all IMAP users got surprised (at least those whose clients attempted to use it automatically). e.g.: # IP or host address where to listen in for SSL connections. Defaults # to above non-SSL equilevants if not specified. imaps_listen =

Hi, I'm having a bit of a problem trying to setup a dovecot proxy. I have a setup with two nodes. One is a working Dovecot/Postfix mail server (node a). The other is running a dovecot proxy and roundcube webmail. Currently I can telnet to port 143 (or openssl s_client to port 993) to localhost on node b. I can then login to a test account on node a. This all works. However, once I instruct

I'm testing my new dovecot server with Thundirbird I can have it working on port 143 with STARTTLS, or on port 993 with SSL/TLS my uderstanding is that on 993 I get encrypted 'password and mail transfer' (yes ?) so what happens if I use 143 with STARTTLS, is that equivalent to port 993 if STARTTLS is used ? thanks for any insights.. -- Voytek

NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld at gmail.com>: >Hi > >I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is >configured to act as director and delivers to my two backend

Greetings - I have been looking at Dovecot with a view to migrating us to it from the Washington IMAP server on our Sun systems. To start our testing we first of all installed the pre-built version of Dovecot from the Blastwave (www.blastwave.org) community supported packaged software site. This was Dovecot 0.99.10.4 and we successfully got it working in our test environment: at first just

Hi there, We are using DoveCot 1.0.7. User will use POP3 or POP. We want to force user to securely send their credential and keep a secure connection between us and them. We can do TLS/SSL on port 995, or STARTTLS on port 110. The problem is that we have no way to enforce STARTTLS on 110, user can connect to DoveCot on port 110, sending user credential without STARTTLS (thus insecure).