similar to: proxying, SSL, and client certificate

Folks, I'm trying to configure my dovecot installation to require client certificates for external/Internet connections, while still allowing my local network to not need certificates. This configuration is for Dovecot 2 (2.0.8 in Fedora 14), and I've tried to use the "remote" block to give different definitions for my local network vs the defaults. While most options seem to

> On 27 Jan 2016, at 21:55, Axel Luttgens <axel.luttgens at skynet.be> wrote: > > Hello Haravikk, > > Perhaps could you try to devise an exception based on one (or more) "remote" section(s), as in: > > remote ip.of.webmail.server { > ssl_verify_client_cert = no > [other settings, if needed] > } > > But I guess you would need to combine

I?m using dovecot to provide encrypted IMAP e-mail support for remote clients and it?s working great. However, I also need to set up a webmail front-end (Roundcube), which I?m hoping to have use unencrypted IMAP on port 143 (as only port 993 is available externally). The problem I?m running into is that I want to require client certificate authentication on port 993, but dovecot is apparently

Hi all, As I reported earlier (with a typo in the work [BUG]) client certification validation *does not* work even if you do everything exactly according to all documentation and attempts at helpful advice. I have seen this issue with both startssl.com and self-signed certificates, and based on what I've seen from searching the web, this is a problem that has gotten little attention because

>From the config : auth_ssl_require_client_cert = no GMail empty vcard ... I have no ideas . so sorry. Coding snippets. What can I provide for you that will help? NOTE: it is pretty much the default config from Debian. Thank you, On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote: > > On 2020-05-25 02:54, hanasaki at gmail.com wrote: > > Config has >

I just upgraded my Ubuntu server from 11.10 to 12.04.1 and that upgraded Dovecot to 2.0.19. For some reason I'm getting a lot more (5 times) disconnect in IDLE and inactivity time outs. I'm using only IMAP with two users. Both users access the server from multiple devices, phone, tablet and desktop computer. I had previously set the max_userip_connections to 20 and rarely got the

Hello Aki and all, The below lines are in the dovecot config file. This seems to be the same as Aki's suggestion. correct? I have also double checked file perms, tried with several new key gens, several versions of thunderbird and created completely new thunderbird profiles. Thank you, ssl_cert = </etc/letsencrypt/live/...../fullchain.pem ssl_key =

?I've a dovecot instance setup with submission proxy, protocols = imap lmtp submission sieve hostname = internal.mx.example.com submission_relay_host = internal.mx.example.com submission_relay_port = 465 submission_relay_trusted = yes submission_relay_ssl = smtps submission_relay_ssl_verify = yes service submission-login { inet_listener submission { address = 10.2.2.10,

s_client: Option unknown option -trace *** x509: Unknown parameter text On 5/25/20 11:49 AM, Aki Tuomi wrote: > Hi! > > Can you do > > openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem > > and check these things: > > your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see

We have FreeBSD-server with dovecot installed on it as IMAP-server. My user and password database is a text file with plaintext passwords. Clients connect to imap-server via TLS protocol and plaintext password. All works fine. But I want to configure ability to authorize with a client certificates. I have generated a client certificate and imported it to email-client. Also I have configured

Hello In my installation the disable_plaintext_auth does not appear to take effect. I can see that the value is correct using doveconf -a but it doesn't change anything. Whenever attempting to log in using IMAP I get this: * BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. ls NO

Hi, After upgrading to dovecot 2.1.12, I see a lot of these errors: # 2.1.12: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.14.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) # Filesystem: ext4 with mdbox storage Dec 10 15:21:04 mail dovecot: imap(user at example.org): Error: Cached message size smaller than expected (5010 < 8192) Dec 10 15:21:04 mail dovecot: imap(user at example.org):

I am trying to get Dovecot IMAP and Outlook to talk to each other with SSL and client certificates enabled. In Dovecot, I have the following options enabled: ssl_ca = ... ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes when I try to connect with Outlook, I get: May 12 08:07:50 mail dovecot: imap-login: Disconnected (client didn't

Config has ssl_verify_client_cert = no What options might have the client auth turned on? TYIA On 5/24/20 6:40 PM, Felipe Gasper wrote: > From what I can tell, ?SSL alert number 42? means that you?ve configured Dovecot to require client authentication. > > Otherwise, your Let?s Encrypt certificate (with its authority chain) should suffice. > > -FG > >> On May 24,

hello trying to install dovecot 2 on a fresh installed machine I get this error message : doveconf -n > dovecot-new.conf doveconf: Error: ssl enabled, but ssl_cert not set doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set the ssl config file look like the following : Thanks for any info. ## ## SSL settings ## # SSL/TLS

I have added "auth_debug_password=yes" to "10-logging.conf" and restarted dovecot.?But I do not see any information about the password in the logs. Does this mean that the thunderbird does not send the password??Although it asks for the password and I enter one. New log: dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0 code=kill) dovecot: master: Dovecot

hi we are using dovecot version 2.2.7 (config file given below) centos 6, qmail, vpopmail, mysql server configuration hex core processor, 16 gb ram 1 X 600 gb 15 k rpm for main drive and 2 X 2000 gb hdd for data (No raid) busy server with around 4000 email ids --- load is around 2 to 10 the issue is that SQUIRRELMAIL webmail users suddenly lose connection while they are working on the webmail.

Hello, I would like to set up an authentication using certificate with Dovecot: A user sends mail to Postfix and Dovecot authentication is valid only if certificate is trusted. So, I enable the parameter auth_ssl_require_client_cert in dovecot configuration but it is not running. Here are the postfix logs: Aug 16 09:51:48 myserver dovecot: auth: Debug: Loading modules from directory:

Hello, I've ran into problem with Dovecot and dsync replication. Everything works perfectly, including replication of sieve scripts, except fact that if user activates the 'managesieve' ruleset (I'm using currently Roundcubemail) on "mail1" host, it wouldn't be activated on "mail2" host, by creating symlink ".dovecot.sieve ->

I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, and I'm using Thunderbird to access my mail. I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I configure my Thunderbird for SSL/TLS connection with normal password. It works fine. However, with my config anybody