similar to: Disable unsecure POP3 at all (Dovecot 2.1)

Hi, I try to set up dovecot as a proxy server, to proxy requests to several dovecot-based backend servers. I wand external clients who connects to this proxy Dovecot to use TLS (this is easy to set up) while want to have unsecured (plain IMAP/POP) connections to backends. You see, links to backends are over LAN so no TLS needed, and these backends are poor old machines (with old Docecots like

auth process receives the protocol requested when performing authentication as variable %s (see https://wiki2.dovecot.org/Variables) You can use this to choose the value you return for port. Aki > On 17 September 2018 at 16:56 Alexander Chekalin <alexander.chekalin at gmail.com> wrote: > > > Seen that URL but port= is strange due to there is no protocol connection. > So

Thank you! Ok, so I can omit ssl=no and startssl=no, and this results in default settings for ssl which is 'off'? Or the defaults are 'on' anyway? Can I somehow specify ports on remote hosts that proxy will use to connect to? Like (just image): 'proxy host_imap=10.1.1.1:143 host_pop=10.1.1.1:110' or somehow? On Mon, Sep 17, 2018 at 4:33 PM Aki Tuomi <aki.tuomi at

Seen that URL but port= is strange due to there is no protocol connection. So if I set port=12345 then what proto will I see there? Misleading setting this is why I mentioned (non-existing) per-proto port setting above. May I please ask for any example on how to pass port per proto? It is a bit fuzzy for me to figure it out but I do believe you used to use it somehow. On Mon, Sep 17, 2018 at

The port is determined with port=nnn setting. You can't return per-protocol port like that, you need to look at the protocol requested by user and return port based on that, or you can omit port to default into "standard port". not using ssl/starttls is default. > On 17 September 2018 at 16:35 Alexander Chekalin <alexander.chekalin at gmail.com> wrote: > > >

I am trying to run the CyberMegaPhone demo to see the WebRTC Video Conference demonstration from AstriDevCon 2017 I have been able to make WebRTC work on this same box with SIPML5 demo but not the CMP2K. When I attempt to access the https://myip:8089/cmp2k I am prompted for the unsecure web. I enable unsecure web. (Using the asterisk local certificate generation from the SIPML5 demo). After

Hello, Before writing here I really tried almost everything, reading the archives here, the FAQ and dozens of more or less well commented online guides and posts. My environment is a Windows server, with IIS as web server (I know, blame and flame on me, but this was available on my hands at the time). The server is hosting several websites and an icecast 2.4.4 running an online radio. The radio

I am trying to download a version of OpenSSH newer than the one preinstalled with my OS. But sadly I find that I can only download it through *unsecured* plain http/ftp/rsync protocol, vulnerable to attacks by anyone in the network path. It is odd that *the* software about security and encryption across untrusted network is distributed to everyone insecurely and not encrypted. Is there any future

Hello In my installation the disable_plaintext_auth does not appear to take effect. I can see that the value is correct using doveconf -a but it doesn't change anything. Whenever attempting to log in using IMAP I get this: * BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. ls NO

On 2017-04-25, 15:40, Andrew Bartlett via samba wrote: > This looks like the instructions: > https://social.technet.microsoft.com/wiki/contents/articles/2751.kerberos-interoperability-step-by-step-guide-for-windows-server-2003.aspx#Using_an_MIT_KDC_with_a_Stand-alone_Windows_Server_TwentyOhThree_Client Thanks Andrew! This is quiet useful info. > Also, you still have to create all the

Hi, I install centos 7.2 with kernel version of 3.10.0-327.36.4.el7.x86_64. Where to get its kernel source? Thanks! Regards andrew

Hello, I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is CBC therefore considered as broken and unsecure (in general or SSH implementation)? I also read a lot of references (see below) but still not clear to me what's the actual "security status" of CBC and why it has been removed in general. http://www.openssh.com/txt/release-6.7 sshd(8): The default set

Hi, I must find a way around the way live migration now uses ssh. I tested it and I see high cpu usage by SSH and overall sense of things being slow. My prod systems have a dedicated, fast link for live migration, but with ssh it would be crippled down to a <1Gbit. Does anyone have a working example of how to not use SSH as the transport layer? I guess this is what the -s option is for, but I

Hi, I must find a way around the way live migration now uses ssh. I tested it and I see high cpu usage by SSH and overall sense of things being slow. My prod systems have a dedicated, fast link for live migration, but with ssh it would be crippled down to a <1Gbit. Does anyone have a working example of how to not use SSH as the transport layer? I guess this is what the -s option is for, but I

Hello, We have identified functions in LLVM sources using a static code analyzer which are marked as a "security vulnerability"[1][2]. There has been work already done to address some of them for Linux (e.g. snprintf). We are attempting to solve this issue in a comprehensive fashion across all platforms. Most of the functions identified are for manipulating strings. Memcpy is the most

>>> >>> Can I suggest that you do what I did, create your own small test >>> domain in VMs using Bind9 >> >> Yes, that is a good idea. However, from what I had read before, much >> of it on the Samba wiki, I was expecting Samba4 to just work with >> multiple DCs. I still wonder why no one ever seems to have tested or >> questioned that

One step further in my quest to create a replacement mail server. I now have my old mail server (2.3.19.1, macOS + MacPorts) and my new (2.3.20, Alpine Linux, Docker, apk package). When I turn on replication it works, but, after a while I see: Jan 06 00:50:31 replicator: Panic: data stack: Out of memory when allocating 268435496 bytes Jan 06 00:50:32 replicator: Fatal: master:

On Sep 20, 2012, at 3:01 AM, Dmitri Gribenko <gribozavr at gmail.com> wrote: > On Wed, Sep 19, 2012 at 3:00 AM, Martinez, Javier E > <javier.e.martinez at intel.com> wrote: >> We have identified functions in LLVM sources using a static code analyzer >> which are marked as a “security vulnerability”[1][2]. There has been work >> already done to address some of

I am trying to backup a gmail account (not the one I am writing from) to dovecot, using doveadm-backup and imapc, but am having ssl connection problems. ted at expectation:~# doveadm backup -D -R -u ted imapc: dsync(ted): Info: imapc(imap.gmail.com:993): Connected to 74.125.71.108:993 (local 10.7.1.179:53852) dsync(ted): Warning: imapc(imap.gmail.com:993): Server disconnected unexpectedly:

Quoting Reindl Harald <h.reindl at thelounge.net>: > Am 18.03.2015 um 20:56 schrieb Conrad Kostecki: >> Am 2015-03-18 20:46, schrieb Reindl Harald: >>> Am 18.03.2015 um 20:40 schrieb Conrad Kostecki: >>>> Hi! >>>> Currently, the passwords are stored in plaintext for my dovecot, as I >>>> am >>>> still using cram-md5 AND