similar to: Question about Client Certificates

Hi All, I'm running dovecot 2.0.19. I currently have remote users access mail using IMAP over SSL, with their client certificates being both required and verified. I do this using "ssl = required" and "ssl_verify_client_cert = yes". I would now like to add a webmail front-end (squirrelmail) running on the same server. In order to achieve this I would like to have

Folks, I'm trying to configure my dovecot installation to require client certificates for external/Internet connections, while still allowing my local network to not need certificates. This configuration is for Dovecot 2 (2.0.8 in Fedora 14), and I've tried to use the "remote" block to give different definitions for my local network vs the defaults. While most options seem to

This issue is peripherally related to the following thread Re: [Dovecot] client certs with godaddy ssl cert This is running on CentOS 5.2 with latest Atrpms for Dovecot as of this weekend. # rpm -qa | grep dovecot dovecot-sieve-1.1.5-8.el5 dovecot-1.1.4-0_81.el5 With assistance from Rainer Frey (Inxmail GmbH), I am able to successfully use client ssl certs for imap access on both my Nokia

hello, first sorry for my poor english I'm doing the migration from UW-imap to Dovecot I have two question about the authentification in the imaps (port 993) process In dovecot .conf I can enable (or disable) the diff?rent port (pop, pops, imap, imaps) and may be restrict the access to the serveur with the ip adresse. Can I configure dovecot in imaps so it permit the access if the

Hi, I recently changed from uw imap to dovecot on the sound recommendation of a friend and have mostly succeeded in getting all of my clients up and running, but am really stuck with the iPhone which is failing to make connections. I run certificates on all of my clients and thunderbird happily connects both locally and remotely. I installed the certificate on the iPhone after great pain (pk12

Hi all I find this highly upsetting, I just upgrade my debian dovecot, and I specified that I dont want to upgrade the conf file. and on restarting, I get this in my syslog. Oct 24 17:33:33 mail dovecot: Dovecot v1.0.alpha3 starting up Oct 24 17:33:34 mail dovecot: Login process died too early - shutting down Oct 24 17:33:34 mail dovecot: imap-login: Can't load certificate file

I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, and I'm using Thunderbird to access my mail. I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I configure my Thunderbird for SSL/TLS connection with normal password. It works fine. However, with my config anybody

Hi, Is there any way to use something like OPIE (one-time passwords in everything, S/KEY) with dovecot? Here's what I want to do ultimately: * have an AUTH=XYZ method that relies on S/KEY as provided by the libpam-opie module (well, maybe not through pam) * have dovecot advertise authentication as follows: - local : PLAIN, XYZ - remote (encrypted) : EXTERNAL, and

Hi, I have a working mail system with postfix 2.7 and dovecot 1.2.15. I use secure connections for imap and smtp. When I try to use client certificate authorisation I have some problems. As soon as I enable the dovecot feature ssl_require_client_cert I have to present a valid certificate to receive or send email. Receiving emails works fine, but I can not send emails any more. The only way I

Q1) I can't get ssl_verify_client_cert=yes working. The ssl key and cert are signed using our CA. Also the ssl_ca_file has a CRL appended (no revokes yet). Expected behavior: Stop the SSL (the client doesn't have a cert installed) Current behavior: Mail clients accepts SSL and login succeeds. (both Evolution and Thunderbird). My bad? Please advise. Q2) The next step, if dovecot blocks

Hi I have set up dovecot with a self signed SSL certificate, created with the mkcert.sh script. Now I see the following in the log: pop3-login: SSL_accept() failed: error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown [206.124.112.22] pop3-login: Disconnected: rip=206.124.112.22, lip=204.3.153.71, TLS handshake Is this caused by my self certified certificates. Or is it

I would like to use Client certificate verification/authentication. My MTA used this function. I've a problem to make a valid certificate. For my MTA i used : openssl req -new -nodes -x509 -keyout user_key.pem -out user_req.pem -days 365 openssl ca -out user_signed.pem -infiles user_req.pem openssl pkcs12 -in user_signed.pem -inkey user_key.pem -out user.p12 -export -name "user at

Hi list, I'm currently looking into ways of making use of client certificates. I want to force external clients (i.e. anything outside the local subnet) to use client certificates. It is my understanding that this in itself can be achieved with the "ssl_require_client_cert" setting. However, I also want local clients (i.e. anything from a specific subnet) to be able to authenticate

Hello, My mail system is build with postfix, dovecot and roundcube. In first time users can view and "manage" their mail only on the webmail. So this one (webmail) use IMAP (no tls/ssl at all) authentication to give access to users maildir. This connection is made on the 'loopback' interface and use PLAIN method. This works fine (configuration below without ssl parameters).

Hi, there! Well, I am new to dovecot, so please be patient with me: I have a virtual server and want to setup simple mail delivery. postfix, saslauthd and dovecot basically work fine. The only open issue is, that (I guess) dovecot doesn't remove the mail when it's retrieved via pop3 from the server. It keeps sending me the same emails again and again. (The mail client (Thunderbird) is

> On 27 Jan 2016, at 21:55, Axel Luttgens <axel.luttgens at skynet.be> wrote: > > Hello Haravikk, > > Perhaps could you try to devise an exception based on one (or more) "remote" section(s), as in: > > remote ip.of.webmail.server { > ssl_verify_client_cert = no > [other settings, if needed] > } > > But I guess you would need to combine

# 1.1.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.28-14-server x86_64 Ubuntu 9.04 Here's the situation: I have several local clients (Thunderbird) which do not use TLS at all. It's plaintext completely, on port 143, because the connection is local and there are no unauthorized users on this network (it's a home network). I want to keep it that way to keep things simple. Tools /

I?m using dovecot to provide encrypted IMAP e-mail support for remote clients and it?s working great. However, I also need to set up a webmail front-end (Roundcube), which I?m hoping to have use unencrypted IMAP on port 143 (as only port 993 is available externally). The problem I?m running into is that I want to require client certificate authentication on port 993, but dovecot is apparently

hello, I made a modification to ssl-proxy-openssl.c (patch attached) zo that it a) disconnects when no client certificate is presented b) checks the client certificate against the crl for our root cert. (so you can't use a revoked client cert.) c) returns the CommonName from the client cert. in ssl_proxy_get_peer_name (this way it's easier to use dovecot as imap-proxy with a

Hello, we're running RC2 and seeing a problem with the way SSL certs are handled by Dovecot. We've set ssl_verify_client_cert=yes and ssl_require_valid_client_cert=no. Using this setup we get (rather interesting) log entries like these: Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <user cert> Jul 31 11:21:23 dev dovecot: imap-login: Invalid certificate: <CA