similar to: Fwd: STARTTLS bug - background story

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:

Hi, I'm having a bit of a problem trying to setup a dovecot proxy. I have a setup with two nodes. One is a working Dovecot/Postfix mail server (node a). The other is running a dovecot proxy and roundcube webmail. Currently I can telnet to port 143 (or openssl s_client to port 993) to localhost on node b. I can then login to a test account on node a. This all works. However, once I instruct

Hi all, Ok, up until now, I've only always allowed IMAPS connections to dovecot on port 993. I want to also start allowing clients to user port143+STARTTLS, but I walso want to make sure both ports are locked down to ONLY allow secure connections. So... is disable_plaintext_auth = yes in the main config enough to accomplish this? http://wiki2.dovecot.org/SSL/DovecotConfiguration says:

On Wed, Jan 6, 2016 at 12:56 PM, Graham Allan <allan at physics.umn.edu> wrote: > On 01/06/2016 01:34 PM, Lee Brown wrote: > >> On Wed, Jan 6, 2016 at 10:36 AM, Graham Allan <allan at physics.umn.edu >> <mailto:allan at physics.umn.edu>> wrote: >> >> On 01/06/2016 09:53 AM, Graham Allan wrote: >> >> >> The packet dump

I have a user who has Mac OS 10.4.8 with Entourage X. The email server is sendmail 8.13.8 and is setup to use STARTTLS on a CentOS 4.4 system. It appears from everything I have googled that only Entourage 2004 will properly function with STARTTLS. Has anybody any experience with Entourage X ... specifically is there something I am missing regarding the CentOS server setup or are all Entourage

> Jun 27 12:03:27 bubba dovecot: auth: > ldap(SomeUser at MyDomain.com,127.0.0.1): invalid credentials > > The only other thing I can think of - Postfix runs on this server and > uses Dovecot SASL. Is it possible the Dovecot auth log line is caused > by a Postfix connection attempt? That would have been my first guess. Why don't you actually try it out (i.e. login in to

Hi, I have a small question with sendmail and tls verification. The tls verify fails on our internal/external sendmail servers. For example: STARTTLS=server, relay=mx1.imt-systems.com [89.146.219.60], version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 STARTTLS=server, relay=acsinet12.imt-systems.com [89.146.219.42], version=TLSv1/SSLv3, verify=FAIL,

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 27 Jul 2015, Piotr Rotter wrote: > I tryed to eneble TLS connection from postfix to dovecot lmtp. Unfortunely I > have problem with certificate, postfix shows, post the output of doveconf -n > > 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS > connection established to

Hi Christian, first of all I appreciate your quick answer. You are correct, if I "openssl -starttls smtp -connect <host>:<port>" I notice the AUTH capability is published, so that explains why the clients that I configure with STARTTLS are able to find out the AUTH mechanisms and authenticate correctly. I also found out that the AUTH is shown before entering STARTTLS if

Alexandre <byalefp at yahoo.com.br> wrote: > I can send and receive mails using: > IMAP 143 with TLS OK, IMAP STARTTLS is working in some sense. (Your MTA handles SMTP, not dovecot.) > The hangup occours inside of my LAN using Outlook 2016, and Outside > also trying access on 4G from my Android smartphone. > > My goal is enable also POP3s and IMAPs using TLS.

Hi, I have a postfix+dovecot-2.2.13 system and have configured it to support IMAPS on 993 with SSL/TLS. I'm noticing with users using Thunderbird, the autodetect defaults to IMAPS on 143 with STARTTLS. Which is preferred? Which is more secure? Which is more common? Why would someone choose one over the other? Can I ask the same question about SMTP and submission? Why would one choose 587

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19/08/15 15:56, Kai Bojens wrote: > Hello everybody, I just got the email about the enforcing of HTTPS > for the CentOS Websites which I really appreciate: > > ?The CentOS Project infra team has decided to implement TLS > wherever we can (?)? > > Does anybody know if and when mail.centos.org will be able to > deliver its

thank you for guidance, just to recap the issue was about squirrelmail giving a wrong message : "connection dropped by imap server" instead of "invalid user or password" as advised i connected using command line on both my old and new servers, and have posted the details including the output of dovevcot -n. 1) command prompt login. i put wrong password telnet x.x.x.x 143

Hello, I tryed to eneble TLS connection from postfix to dovecot lmtp. Unfortunely I have problem with certificate, postfix shows, 2015-07-27T12:51:15.025333+02:00 k30 postfix/lmtp[4572]: Untrusted TLS connection established to 192.168.67.30[192.168.67.30]:24: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) I checked certs by openssl s_client: #openssl s_client -connect

Hello, I have this problem: May 5 21:02:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.52.31, lip=78.46.216.126 Connecting via Thunderbird to STARTTLS won't work, but with a website from the same server it works for tls://opsys.de. So why is the port closed for external ip's? IPTABLES entry for imap is this: fail2ban-dovecot-pop3imap tcp -- anywhere

> but i try to this command > > openssl s_client -connect mail.mydomain:pop3s -starttls imap > > it says CONNECTED and hang. second command is correct? Uh, "pop3s" != "imap", and IMAP/STARTTLS is not the same as IMAP/SSL (or whatever the hell the terminology is nowadays). If you're testing IMAP, try one or the other or both depending of how many flavours

Marcio Merlone <marcio.merlone at a1.ind.br> writes: > Only openssl s_client -connect localhost:993 works fine and fast, while > all MUA's and telnet does not. Telnet timeouts waiting for banner after > a minute or so: > > root at netuno:~# openssl s_client -connect localhost:993 > ... > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE

On 08/19/2015 06:56 AM, Kai Bojens wrote: > Hello everybody, > I just got the email about the enforcing of HTTPS for the CentOS Websites > which I really appreciate: > > ?The CentOS Project infra team has decided to implement TLS wherever we > can (?)? > > Does anybody know if and when mail.centos.org will be able to deliver its > mails with STARTTLS? There seems to be

I have centos 4.8 i686. It has stock sendmail. see file below. I am getting reports that it is an open relay. I have searched all around and it seems like it should be closed. I have dnl for accept_unresolvable_domains. What can I do to close my sendmail. Thanks, Jerry My sendmail.mc is as follows: --------------------------------- divert(-1)dnl dnl # dnl # This is the sendmail macro config