Displaying 20 results from an estimated 2000 matches similar to: "proxy: get rid of redundant log-informations"
2015 Apr 28
1
Disable weak ciphers in vnc_tls
Dear libvirt team,
we a currently in a pci-dss certification process and our security
scanner found weak ciphers in the vlc_tls service on our centos6 box:
When I scan using sslscan I can see that sslv3 and rc4 is accepted:
inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted
Accepted SSLv3 256 bits DHE-RSA-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 128
2016 Oct 10
1
Hierarchy separator and LAYOUT=FS change
Hello,
I stumbled across a 5-year-old post on the dovecot list about changing the dovecot hierarchy separator to enable shared mailboxes (http://www.dovecot.org/list/dovecot/2011-January/056201.html <http://www.dovecot.org/list/dovecot/2011-January/056201.html>).
At the moment I?m stuck in a pretty similar situation. Migrated from courier to dovecot 2 years ago and preserved the
2015 Jan 09
2
dovecot on wheezy, best ssl configuration ?
Hi thanks for your help!
Trying to set your same parameters, when restarting dovecot, gives the
error:
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line 136: Unknown setting: ssl_prefer_server_ciphers
doveconf: Error: managesieve-login: dump-capability process returned 89
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line 136: Unknown setting:
2020 Mar 30
2
Panic/Assert dns-lookup.c
Hi,
currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s).
We activate core dumps. Concerning the sensitive information in the dump we would prefer to not share the dump (e.g. i found our ssl private key in the dump).
Log/Stack trace:
Mar 30 15:54:06 imap16 dovecot:
2014 Apr 17
1
How to disable Director service?
Hi All,
Does anyone know how to disable the Director service. In our current
running Dovecot 2.2.4, if the director configuration is commented out
and Dovecot has no errors nor warnings. But the version 2.2.12 I'm
testing with gives out fatal errors. We have dedicated Dovecot Director
servers that serve the public frontend and separate dedicated imap/pop3
servers on the backend
2019 Oct 11
3
Error: SSL_accept() syscall failed
In setting up my new mail server, I am getting the following in the logs:
Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS
handshaking: SSL_accept() syscall failed: Success*,
session=<B9OokqCUD+UYNU8K>
I have tried various ssl_protocols entries, but for now have defaulted
back to
2015 Feb 06
2
TLS config check
Hi All
First the essentials:
dovecot --version: 2.2.15
/usr/local/etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert =
</usr/local/openssl/certs/mail.domain.com.chained.dovecot.ecdsa.crt
ssl_key = </usr/local/openssl/certs/mail.domain.com.ecdsa.key
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list =
2014 Sep 24
2
getent passwd works but all wbinfo commands fail
hello.everyone.I am seeing a bizarre problem on one of my machines. The
machine is running Samba 3.5.10-125 and is a member server in a Windows
Active Directory domain. getent passwd and getent group works just fine and
returns all users,and groups from the AD domain. However, all wbinfo
commands (such as wbinfo -t or wbinfo -u) fail with the errors:
[root at testserver samba]# wbinfo -t
could
2006 Jan 18
1
SIP RTP Negotiation
Dear All,
I am having some problems with connecting with a UA. Sometimes there is not
sound in the call made, sometimes the caller would near no sound, while the
callee can hear the caller. I have attached the rtp debug and sip debug for
you comments. Please help me. Thank you all.
Asterisk Version is 1.2.1
Asterisk RTP Range is 10000 to 20000
UA Listen RTP Port is 15000
Below is the the
2010 Aug 30
1
Is it possible to live migrate guest OS'es between different versions of kvm/qemu-kvm with libvirt?
Hi,
I currently have a couple of Debian KVM servers with all a different
version of kvm or qemu-kvm.
I can live migrate a guest OS from one server to the other just fine, as
long as the version of qemu-kvm is the same.
However, when I try to migrate a guest to a server running a newer (or
older) version of qemu-kvm, I run into problems. I think this is because
the xml configuration differs
2015 Jan 09
4
dovecot on wheezy, best ssl configuration ?
Hi all, when hardening dovecot against the POODLE vulnerability,
we followed the advise to disable SSL2 and SSL3
but this is giving problems with some email clients (claws-mail).
ssl_protocols = !SSLv2 !SSLv3
results in the following error:
dovecot: pop3-login: Disconnected (no auth attempts in 1 secs): user=<>,
rip=XXX, lip=XXX, TLS handshaking: SSL_accept() failed:
error:1408A0C1:SSL
2018 Nov 23
2
doveadm dsync-server doesn't use user parameter?
Hi,
I tried to migrate my dovecot 2.2 to a new server with a other storage
configuration and dovecot 2.3.
New (and old) Server uses mysql for user information
I use the following storage settings
mail_home = /storage1/vmail/%{userdb:path}
mail_location =
2015 Mar 04
2
New FREAK SSL Attack CVE-2015-0204
On 04.03.2015 18:19, Emmanuel Dreyfus wrote:
> On Wed, Mar 04, 2015 at 06:13:31PM +0200, Adrian Minta wrote:
>> Hello,
>> about the CVE-2015-0204, in apache the following config seems to disable
>> this vulnerability:
>> SSLProtocol All -SSLv2 -SSLv3
>> SSLCipherSuite
>> HIGH:MEDIUM:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4
>>
>> Is
2014 Dec 02
0
disabling certain ciphers
Am 02.12.2014 um 17:33 schrieb Darren Pilgrim:
> On 12/2/2014 1:32 AM, Reindl Harald wrote:
>>>> ssl_cipher_list = HIGH:!RC4:!MD5:!SRP:!PSK:!aNULL:@STRENGTH
>>>> ssl_dh_parameters_length = 2048
>>>> ssl_parameters_regenerate = 0
>>>> ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2
>>>
>>> But why does ssl_protocols behave
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
Am 09.01.2015 um 08:07 schrieb ml at ruggedinbox.com:
> Hi all, when hardening dovecot against the POODLE vulnerability,
> we followed the advise to disable SSL2 and SSL3
> but this is giving problems with some email clients (claws-mail).
>
> ssl_protocols = !SSLv2 !SSLv3
>
> results in the following error:
>
> dovecot: pop3-login: Disconnected (no auth attempts in 1
2015 Jan 26
4
imap-login: Fatal: pipe() failed: Too many open files
Hi
I keep on getting errors and can't connect/login to Dovecot. I did my
research but unfortunately without success. It is for sure not ulimit
because ulimit is set to unlimited per default already. Still , it
complains about "Too many open files" but this is a test system and the
service dovecot and postfix have just been started. No one except me is
testing on this system.
2007 Nov 08
1
Getting an error when joing a windows 2003 domain controller
Im getting an erro while joing my domain in AD windows 2003
[root@TESTSERVER etc]# net ads join -Uadministrator%password Using short domain name -- FAMILYENRICHMEN
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Deleted account for 'TESTSERVER' in realm
2015 Jan 09
0
dovecot on wheezy, best ssl configuration ?
Am 09.01.2015 um 08:58 schrieb ml at ruggedinbox.com:
> Hi thanks for your help!
> Trying to set your same parameters, when restarting dovecot, gives the
> error:
>
> doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
> line 136: Unknown setting: ssl_prefer_server_ciphers
> doveconf: Error: managesieve-login: dump-capability process returned 89
>
2020 Mar 30
0
Panic/Assert dns-lookup.c
Hi!
Can you install dovecot-dbg to get debug symbols, open the core in gdb and run
bt full
Aki
> On 30/03/2020 17:21 tim at linux-daus.de wrote:
>
>
> Hi,
>
> currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s).
>
> We activate core
2017 Nov 10
2
Slow Kerberos Authentication
No, no idee, but really, upgrade to samba, best option, in my opinion.
If thats not possible, it happens..
A timeout option can be set in krb5.conf
for example : kdc_timeout = 5000
You have these for krb5.conf to try out also.
the complete list.
des-hmac-sha1
DES with HMAC/sha1 (weak)
aes256-cts-hmac-sha1-96 aes256-cts AES-256
CTS mode with 96-bit SHA-1 HMAC