similar to: [bug] ssl-params hangs when FIPS is enabled

Based on the recent found weaknesses in DH key exchange, http://weakdh.org/ I increased ssl_dh_parameters_length to 2048 bits, and found waited for 5+ minutes for dovecot to come back online after a restart. Unless you got a fast machine, the initialization of DH parameters can exceed your patience. Regeneration may not be a problem (if ssl_parameters_regenerate=0 or if Dovecot uses old

In src/lib-ssl-iostream/iostream-openssl-params.c a call is made to DH_generate_parameters. This function has been deprecated since OpenSSL 0.9.8. With OpenSSL 1.1 compilation will throw an error. Not sure how to send patches, I don't even know if the patch I wrote actually works (I don't program in C, but gave it a shot anyway) but below is the patch. ---

Hi, we were modifying old SELinux rules for dovecot 2.0. Everything seems ok, only one report seems odd: "SELinux is preventing /usr/sbin/dovecot "write" access on dovecot.conf." Looking at strace output, dovecot tries to use socket on /etc/dovecot/dovecot.conf which is regular file and no socket: ... geteuid() = 0 getegid()

Hi, we've seen SELinux reports from our users that dovecot tried to use something that needs CAP_NET_ADMIN capability. Before enabling it, we would like to know where it originated from. I've checked the sources, but was not able to find anything that would require this capability. Do you know for what it is used? CAP_NET_ADMIN Perform various network-related operations: * interface

Patch v2 --- a/src/lib-ssl-iostream/iostream-openssl-params.c +++ b/src/lib-ssl-iostream/iostream-openssl-params.c @@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) { DH *dh; unsigned char *p; - int len, len2; + int len, len2, success; +#if OPENSSL_VERSION_NUMBER >= 0x00908000L + success = DH_generate_parameters_ex(dh, bitsize,

> On April 26, 2017 at 3:15 PM Peter van der Does <peter at avirtualhome.com> wrote: > > > Patch v2 > > --- a/src/lib-ssl-iostream/iostream-openssl-params.c > +++ b/src/lib-ssl-iostream/iostream-openssl-params.c > @@ -13,10 +13,19 @@ generate_dh_parameters(int bitsize, buffer_t *output, const char **error_r) > { > DH *dh; > unsigned char *p;

Hi, yesterday lib-sql got driver-sqlpool with some changes in Makefile.am, but these changes in makefile works only for --with-sql=yes. When --with-sql=plugin is used build fails with: libtool --tag=CC --mode=link gcc -std=gnu99 -O2 -g -pipe -Wall -Wp,- D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 - m64 -mtune=generic -Wall -W -Wmissing-prototypes

On 4/12/19 12:48 AM, Stephan Bosch wrote: > > > On 29/03/2019 10:23, Michal Hlavinka via dovecot wrote: >> On 3/28/19 6:41 PM, Aki Tuomi via dovecot wrote: >>> >>>> On 28 March 2019 19:40 Michal Hlavinka via dovecot >>>> <dovecot at dovecot.org> wrote: >>>> >>>> ? Hi, >>>> >>>> when trying to

Hi, thanks for the answer. I think your environment was not set up correctly to reproduce this bug. I've retested with 2.3.5 and I can still reproduce it. I've attached a script that will configure everything for testing and if you have a virtual machine available, you can use it directly (it expects linux with systemd for dovecot restart). relevant section from config: namespace {

I tested with release 2.3.5, and doveadm -Dv acl debug -u testuser pub doveadm(testuser): Debug: acl vfile: file /etc/dovecot/global-acls/pub/INBOX not found doveadm(testuser): Debug: acl vfile: file /home/vmail/pub/Mail/mailboxes/INBOX/dbox-Mails/dovecot-acl not found doveadm(testuser): Debug: acl vfile: file /etc/dovecot/global-acls/ not found doveadm(testuser): Debug: acl vfile: file

Hi tl;dr: Seems that for Global ACL directory, namespace prefix is not part of the path, when looking for acl file. Long version: We're planning to update dovecot in next os update to 2.2.36 and while going through regression testing, we found a problem with ACL configuration combined with namespace. Test uses "Global ACL directory" configuration. Relevant configuration part:

Hi, Last tuesday I upgraded squirrelmail on two centos-3 mailservers. squirrelmail-1.4.8-8.el3.centos.1, 2.4.21-58.ELsmp, CentOS release 3.9, httpd 2.0.46 Since then I have some users who have problems with their sessions. They are logout out every now and them, and some sent mails have another user address in the From header. It looks like squirrel is mixing up sessions? Those users have used

On 29/03/2019 10:23, Michal Hlavinka via dovecot wrote: > On 3/28/19 6:41 PM, Aki Tuomi via dovecot wrote: >> >>> On 28 March 2019 19:40 Michal Hlavinka via dovecot >>> <dovecot at dovecot.org> wrote: >>> >>> ? Hi, >>> >>> when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in >>> >> >> Which

On 3/28/19 6:41 PM, Aki Tuomi via dovecot wrote: > >> On 28 March 2019 19:40 Michal Hlavinka via dovecot <dovecot at dovecot.org> wrote: >> >> >> Hi, >> >> when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in >> > > Which version of pigeonhole are you using? latest available - 0.5.5

Sorry, we have not yet been able to look into this.. It's now in our internal system as DOP-966 Aki > On 7 March 2019 17:31 Michal Hlavinka via dovecot <dovecot at dovecot.org> wrote: > > > Hi, > any progress with this issue? Do you need more information to debug and > fix this? > > Cheers > Michal Hlavinka > > On 9/18/18 4:10 PM, Michal Hlavinka

Hi, any progress with this issue? Do you need more information to debug and fix this? Cheers Michal Hlavinka On 9/18/18 4:10 PM, Michal Hlavinka wrote: > Hi > > tl;dr: > Seems that for Global ACL directory, namespace prefix is not part of the > path, when looking for acl file. > > Long version: > > We're planning to update dovecot in next os update to 2.2.36

Hi, when trying to build dovecot 2.3.5.1 pigeonhole testsuite crashes in Test case: ./tests/extensions/editheader/deleteheader.svtest: 1: Test 'Deleteheader - nonexistent' SUCCEEDED 2: Test 'Deleteheader - nonexistent (match)' SUCCEEDED 3: Test 'Deleteheader - one' SUCCEEDED 4: Test 'Deleteheader - two (first)' SUCCEEDED 5: Test 'Deleteheader - two

> On Apr 25, 2017, at 5:37 PM, KT Walrus <kevin at my.walr.us> wrote: > > Also, I spotted a deprecation warning that you might want to look into since it has to do with building against OpenSSL 1.1 (which is the default version for Debian 9). Oops!!! Forgot to attach the warning: libtool: compile: gcc -DHAVE_CONFIG_H -I. -I../.. -I../../src/lib -I../../src/lib-test

Hi, we're facing problem where dovecot 1.2rc5 is not able to authenticate user via gssapi. (I'm forwarding information from red hat's bugzilla) Steps to reproduce: 1. Install dovecot with kerberos support, create mailboxes for the client 2. Get initial credentials on client side 3. Attempt to log in via dovecot using gssapi -> login failed Client side 1. Email client displays:

Hi, /sbin/upsdrvctl is used as the near final step in /etc/init.d/halt to command the UPS to shut down power to the computer. On Fedora / Red Hat Enterprise Linux system, /usr can reside on its own partition. Drivers are linked to several libraries, but some of them lives in /usr/lib and this can be umounted when drivers are used. There are 16 libraries used on Fedora 11 system. This