similar to: using ecc-certificates (ellyptic curve) will not establish connection

hello, and some update short version: the error is still there, but I have some more data to share, thanks in advance for further advice first, I am using Mutt 1.10.1 (2018-07-13) as mail client, so it is not an obsolete version. second... at the moment I can send email through postfix on the same server, with the same certificates (almost: I still have to fix some stuff, but is NOT related to

Hi, Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13? TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones upgraded: Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 04 19:49:16 imap-login: Debug:

Greetings, I have had to reinstall my email server on another Linux (centos 7.6) VPS, with a newer version of dovecot, other software and a brand new letsencrypt certificate just for email withpostfix and dovecot (that certificate works fine with postfix). Output of dovecot --version and dovecot -n on the new server is below. Now, messages ARE delivered in the right IMAP mailboxes, but when I try

Hello Aki, maybe I misunderstood you, but both adding an "ssl = yes" line to this section of dovecot.conf, and commenting out the whole "four lines starting at "inet_listener imaps" do not have any effect : service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } this is the error I still get after

> Le 4 sept. 2019 ? 20:11, Henrik Johansson via dovecot <dovecot at dovecot.org> a ?crit : > > Hi, > > Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13? > > TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones

Hi! You have misconfigured service imap-login, remove the 993 listener config (it's there by default) or add ssl = yes to it. Aki On 11.12.2018 11.58, Marco Fioretti wrote: > hello, and some update > short version: the error is still there, but I have some more data to > share, thanks in advance for further advice > > first, I am using Mutt 1.10.1 (2018-07-13) as mail client,

Hello, I came across a strange problem with my Dovecot 2.1.7 installation (updated Debian Wheezy) in regards to SSL/TLS connections. My configuration is as follows: $ dovecot -n | grep ssl service imap-login { ssl = yes ... } ssl_cert = <...... ssl_cipher_list =

Hello, After client (Thunderbird, now version 31.0) updated today, it stopped connecting to Dovecot IMAP4S. The infamous "SSL alert number 42" is reported. Mail server uses local (created for intranet) CA certificate as root. I would appreciate pieces of advice on how to handle that without enabling plaintext authentication over insecure channels. Other intranet services work with

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

I can get messages without SSL with no problems. but i need to setup server accept only SSL secured connections. I think my configuration is very proper, but cant find "obvious" problem. Postfix 2.3.3 + dovecot 2.0.13-1_129.el5 + PostfixAdmin 2.3.3 I made own CA. configured postfix and dovecot with same cert key ca. Same public cert i gave for client just converted it to PKCS#12. I cant

Recently thunderbird and Dovecot IMAPS cannot agree on SSL however Evolution, on the exact same system, is working fine with the same accounts. Tried recreating the Dovecot cert and also the thunderbird accounts from scratch. The OpenSSL raw client works fine as well. Would someone also confirm the openssl commands to create a selfsigned cert for dovecot imaps. They cert created does work

Postfix debug peer logging Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: > server.example.org[XX.XX.XX.XX]: 250 2.1.5 Ok Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: watchdog_pat: 0x55ef4ec020180 Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: vstream_fflush_some: fd 10 flush 28 Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: vstream_buf_get_ready: fd 10 got 15 Dec

After the submission with dovecot it sends it to postfix, the postfix log is: postfix/submission/smtpd[19509]: connect from example.org[192.168.1.1] postfix/submission/smtpd[19509]: client=example.org[192.168.1.1], sasl_method=PLAIN, sasl_username=test at example.org postfix/submission/smtpd[19509]: *warning: non-SMTP command from example.org <http://example.org>[192.168.1.1]:

Hi, I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with SSL certificate not being accepted by the email client. I have my own CA and I have generated certificates for web usage without a problem. For imaps and pop3s what I did was generate a certificate for the hostname of my dovecot server and then cat that cert with the intermediate and root CA certificates. No

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

Hi! I am trying to make Windows 8 using Live 2012 and Outlook 2010 login in Dovecot POP3s. However, I receive this message in log: Feb 28 07:32:05 ipanema dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.0.0.10, lip=10.0.0.1, TLS handshaking: Disconnected, session=<joP78nTz9ACsFQAF> Note that user is sent as blank and this is the only log line. I used

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

Hello. Few days ago upgraded from v2.2.26.0 >v2.2.27 and now windows 10, with any outlook version (2007,2010,2013,2016) doesn't connect IMAP SSL: Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key

> I did some local testing and it seems that you are using a curve that is not acceptable for openssl as a server key. > > I tested with openssl s_server -cert ec-cert.pem -key ec-key.pem -port 5555 > > using cert generated with brainpool. Everything works if I use prime256v1 or secp521r1. This is a limitation in OpenSSL and not something we can really do anything about. > >