similar to: TLS SNI with Dovecot

Hi, I have an already working dovecot server on Ubuntu 10.04 with self-created packages version 2.1.13. This setup is working prefect. Now that I do not wish to continue using Ubuntu (to much work for Upgrading), I decided to switch to Gentoo, as I had made best experiences in the past? I have installed Dovecot on Gentoo and I copied over all my configs and certs and stuff. Also created a user

Hi list, Does anyone have a working crm114 config for dovecot-antispam? I have mailreaver running perfectly otherwise, but it doesn't seem to be called correctly from dovecot-antispam - the css files show no change. Piping a message to the command... `/usr/share/crm114/mailreaver.crm --good -u /shared/domains/domain.tld/users/pfern/.crm/` works as expected, and the logs don't indicate

I'm a bit further along but haven't figured out why Authentication is still failing. I've tried a telnet to port 143 and openssl connection to 993. The command I issued, per the debugging page on the wiki, is: a login info at aesoft-sbcs.com crap Here is a snapshot from my logs (yup second try and blank lines to make it easier for me to read). Oct 7 08:17:20 mx0 dovecot:

Hi, I had enabled an option in dovecot. mail_attachment_dir = /var/mail/virtual/copymail/attachments After a while I checked /var/mail/virtual and did some cleanup. I did not remember that copymail was specified in dovecot and erased it. Oct 30 10:56:05 mx0 dovecot: imap(hidden): Error:

Hi, I know I must have done some misconfiguration, but I do not know where to start searching for. All began when looking at my weekly cron message, where doveadm purge -A is run. That fails. So I tried doveadm quota -A as well, which several weeks ago was working perfectly. Example: doveadm quota get -A doveadm(root): Error: User listing returned failure doveadm: Error: Failed to iterate

Hi! I set up two mail servers with Postfix and Dovecot and I would like to sync all mails between the servers. So I set up replication. Now I'm still getting the following errors: =======Server 1======= Sep 11 13:43:52 mx0 dovecot: master: Dovecot v2.1.7 starting up (core dumps disabled) Sep 11 13:43:52 mx0 dovecot: auth-worker(4245): mysql(127.0.0.1): Connected to database mailserver Sep

Hi, I still have some problems with thunderbird and Dovecot. I added ACL/shared-folders to dovecot. While everything is working perfectly under Apple Mail and roundcube, thunderbird behaves very strange. What I did: 1. Step I have three mail accounts set up in thunderbird. In the second and third account I managed IMAL-ACLs on the INBOXes, with following flags: eilrwtsd 2. Step At the first

The dovecot instance set up with auth_realms and auth_default_realm variables and it is working well. In saslauthd configurations setting same variables giving configuration parsing error (I think it is not right way to configure kerberos realm in saslauthd). However testsaslauthd working without any problems even if I don't specify realm parameter from command line. On 03/10/17 06:17,

Hello I just finished setting up FreeIPA with Dovecot + Postfix + Saslauthd. I can easily access to mails using imap via dovecot with gssapi authentication and postfix also delivering mails very well. But I cannot send email from postfix using gssapi authentication (plain and login authentication working fine) because saslauthd is not specifying realm when requesting service from freeipa domain.

FYI? dovecot 2.2.10 from RedHat 7 has an issue with clients, which won't send SNI.?As you are using version 2.2.27 you might encounter the same behaviour. If the client won't send SNI, my server randomly answers with any cert instead of?the default cert,? --Perhaps dovecot just utilises the last used cert? One speciality?of my certs is, that both share the same Common Name (CN) but differ

Is there a way to log SNI hostname used in TLS session? Info is there in SSL_CTX_set_tlsext_servername_callback, dovecot copies it to ssl_io->host. Unfortunately I don't see it expanded to any variables ( http://wiki.dovecot.org/Variables ). Please consider this to be a feature request. The goal is to be able to see which hostname client used like: May 30 08:21:19 xxx dovecot:

On Thursday 20 of October 2016, Aki Tuomi wrote: > On 20.10.2016 15:41, Arkadiusz Mi?kiewicz wrote: > > On Thursday 20 of October 2016, Aki Tuomi wrote: > >> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: > >>> On Monday 17 of October 2016, KT Walrus wrote: > >>>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> >

-----BEGIN PGP SIGNED MESSAGE----- ##### ## ## ###### ## ### ## ## ##### ## # ## ## ## ## ### ## ##### . ## ## . ###### . Secure Networks Inc. Security Advisory

Hi I have some problem with SNI and dovecot 2.2.36.4 Server debian 9.x ad dovecot-2.2.36.4 default server ssl cert is a wildcard like *.domain.com (digicert) ssl_ca = /var/control/cert.pem ssl_cert = </var/control/cert.pem I added for test another domain (in dns to) for another ssl (letsencrypt) from https://wiki.dovecot.org/SSL/DovecotConfiguration like: local_name

On Monday 17 of October 2016, KT Walrus wrote: > > On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > > > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: > >> Is there a way to log SNI hostname used in TLS session? Info is there in > >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to > >>

On Thursday 20 of October 2016, Aki Tuomi wrote: > On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote: > > On Monday 17 of October 2016, KT Walrus wrote: > >>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> > >>> wrote: > >>> > >>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: > >>>> Is there

On Friday 11 of November 2016, Felipe Gasper wrote: > Hello, > > We?re rolling out large SNI deployments for our mail servers. Each domain > gets an entry like this in the config: > > local_name mail.foo.com { > ssl_cert = </ssl/domain_tls/*.foo.com/combined > ssl_key = </ssl/domain_tls/*.foo.com/combined > } Lack of glob/regexp support here is also a

>>> >>> Great! Seems to be working fine for my usage and makes my configs 50% >>> smaller (which is gigantic improvement). Will do more testing though. >>> >>> Thanks! >>> >>> A little bit offtopic, but what is the point of using imap/pop SNI? All clients want to connect to their own domain or what? -- Kaspars

Hello, How feasible would it be to have a ?pluggable? Dovecot setup that would permit arbitrary logic for fetching TLS/SNI certificates and key, rather than having to hard-code each domain?s resources in a configuration file? A couple scenarios that I envision such a framework being able to accommodate: 1) An internal TLS service that accepts queries via a UNIX socket by domain name and

> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote: > > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote: >> Is there a way to log SNI hostname used in TLS session? Info is there in >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to >> ssl_io->host. >> >> Unfortunately I don't see it expanded to any