similar to: Allow both SSL/993 and STARTTLS/143 connections (secure only)

Displaying 20 results from an estimated 10000 matches similar to: "Allow both SSL/993 and STARTTLS/143 connections (secure only)"

2017 Aug 22
3
pop 110/995, imap 143/993 ?
On 22.08.2017 03:56, Peter wrote: >>> Lest anyone think STARTTLS MITM doesn't happen, >>> >>> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ > Right, the attack does happen, but it can be prevented by properly > configuring the server and client. Dovecot, by default, requires STARTTLS before accepting plaintext
2011 Apr 09
1
143 STARTTLS/ 993 SSL/TLS query
I'm testing my new dovecot server with Thundirbird I can have it working on port 143 with STARTTLS, or on port 993 with SSL/TLS my uderstanding is that on 993 I get encrypted 'password and mail transfer' (yes ?) so what happens if I use 143 with STARTTLS, is that equivalent to port 993 if STARTTLS is used ? thanks for any insights.. -- Voytek
2014 Aug 18
2
IMAP on 993/SSL or 143/STARTTLS?
Hi, I have a postfix+dovecot-2.2.13 system and have configured it to support IMAPS on 993 with SSL/TLS. I'm noticing with users using Thunderbird, the autodetect defaults to IMAPS on 143 with STARTTLS. Which is preferred? Which is more secure? Which is more common? Why would someone choose one over the other? Can I ask the same question about SMTP and submission? Why would one choose 587
2017 Aug 22
1
pop 110/995, imap 143/993 ?
Robert Wolf wrote: >> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you >> have enabled something like cram-md5. > > Hi, > > exactly, this is the reason, why plain-text is still needed. You don't need > encryption for authentication, if you have secure authentication. Without > knowing original password, the MITM cannot generate correct hash
2010 May 24
2
STARTTLS does not seem to work
I believe I have the configuration set to use START TLS on IMAP4 (143) and POP3 (110) ports. ?However, it does not seem to be working. ?Yet "STARTTLS" is listed as a capability (which tells me I probably do have it configured right). In the session below, 172.30.0.24 is the mail server I'm putting up. 64.26.60.229 is an outside mail service. A similar thing happens on POP3. The
2018 Sep 17
2
Using both starttls and ssl in passdb on proxy results in timeouts
Hi List, I have a dovecot which proxies to different backends depending on an entry in a mysql-database. The mysql-query sets ?ssl? to ?any-cert? and this works fine. But this causes me a problem: sieve-backends only support STARTTLS and if I set ?ssl? to ?any-cert? (or yes), it will attempt a TLS-connection to the sieve-backends, which fails. My attempt was to alter the query to include
2018 Sep 18
0
Using both starttls and ssl in passdb on proxy results in timeouts
I tried some more things, such as setting starttls=NULL or ssl=NULL, which does the same as setting it to ?no?. Interestingly, if I set ssl=NULL and don?t set starttls at all, it still tries an SSL connection to the backend. Is there no way to use starttls or ssl depending on a variable? It could also be possible that I have starttls-backends and ssl-backends which would be a similar use-case to
2020 May 29
3
identify 143 vs 993 clients
> Le 29 mai 2020 ? 11:17, Stuart Henderson <stu at spacehopper.org> a ?crit : > > On 2020-05-26, mj <lists at merit.unu.edu> wrote: >> Hi, >> >> On 25/05/2020 23:04, Voytek wrote: >>> jumping here with a question, if I use 143 with STARTTLS, and, force >>> TLS/SSL in configuration, that's equivalent from security POV, isn't
2004 Jan 06
3
SSL and STARTTLS
I wanted to enable SSL on some alternate ports so that a limited number of people could try SSL access. But doing so enabled STARTTLS in IMAP, so that all IMAP users got surprised (at least those whose clients attempted to use it automatically). e.g.: # IP or host address where to listen in for SSL connections. Defaults # to above non-SSL equilevants if not specified. imaps_listen =
2016 May 05
1
[MASSMAIL] Dovecot on C7.2 - secure internet access
Am 05.05.2016 um 16:18 schrieb Gary Stainburn: > I've tried the changes that I put below. Users are still able to log in from > the LAN. > > However, despite putting the appropriate rule in my firewall allowing port 143 > I cannot create a user on a PC outside my network. > > I'm using Thunderbird to do the testing. Is there a better way to test my > setup?
2007 Jan 11
2
STARTTLS: read error=generic SSL error (0)"
Hi All, I am runnig sendmail 8.12.8. I am getting the below error. [root at mail MailScanner]# tail -f /var/log/maillog Jan 11 11:20:40 mail sendmail[10646]: STARTTLS: read error=generic SSL error (0) Jan 11 11:20:41 mail last message repeated 22494 times Jan 11 11:20:41 mail sendmail[10646]: STARTTLS: read error=generic SSL error (0) Jan 11 11:20:41 mail last message repeated 8894 times Jan 11
2017 Aug 21
6
pop 110/995, imap 143/993 ?
If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct??? Is there something to enable for perfect forward security with starttls? ? Original Message ? From: s.arcus at
2006 May 09
2
Dovecot 1.0beta7: STARTTLS/SSL not wanting to start
Greetings - I have been looking at Dovecot with a view to migrating us to it from the Washington IMAP server on our Sun systems. To start our testing we first of all installed the pre-built version of Dovecot from the Blastwave (www.blastwave.org) community supported packaged software site. This was Dovecot 0.99.10.4 and we successfully got it working in our test environment: at first just
2017 Aug 22
0
pop 110/995, imap 143/993 ?
On Tue, 22 Aug 2017, Aki Tuomi wrote: > else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you > have enabled something like cram-md5. Hi, exactly, this is the reason, why plain-text is still needed. You don't need encryption for authentication, if you have secure authentication. Without knowing original password, the MITM cannot generate correct hash for login, so
2016 Jan 06
2
Stymied with samba vs openldap SSL ("Failed to issue the StartTLS instruction...")
On 1/5/2016 7:19 PM, Lee Brown wrote: > > A total guess would be to use either ldaps:// and don't bother with > start_tls, or add the :636 to the end of the ldap:// specification as it > seems to me that start_tls is pretty agnostic regarding whatever > protocol it works against (SMTP, LDAP, etc.). ie > > passdb backend = ldapsam:"ldaps://ldap-server-fqdn" >
2010 Aug 05
1
Dovecot 2.0.rc4 not generating ssl-parameters.dat on first start
Dear Dovecot lovers! When starting Dovecot 1.x the first time, it runs "ssl-build-params" to generate a file named "ssl-parameters.dat". This takes a couple of minutes. During this time users have no access to their mail, but this can be planned in advance and users can be notified. This is explained in http://wiki.dovecot.org/SSL/DovecotConfiguration With Dovecot 2.0.rc4,
2016 Sep 14
2
Failed to issue the StartTLS instruction - yet ldap ssl = no is set
hi everbody I have in my smb.conf ldap ssl = no ldap ssl ads = no and even: ldap server require strong auth = No yet in logs I see: [2016/09/14 11:25:05.248282, 0] ../source3/lib/smbldap.c:575(smbldap_start_tls) Failed to issue the StartTLS instruction: Can't contact LDAP server and smbclient(any client) fails gee, that is weird! right? ldapsearch runs just fine.
2017 Aug 21
1
pop 110/995, imap 143/993 ?
On 21/08/17 16:25, Robert Wolf wrote: > On Mon, 21 Aug 2017, Sebastian Arcus wrote: > >> On 21/08/17 13:39, Robert Wolf wrote: >>> >>> On Mon, 21 Aug 2017, Sebastian Arcus wrote: >>> >>>> >>>> On 21/08/17 10:37, Gedalya wrote: >>>>> On 08/21/2017 07:28 AM, voytek at sbt.net.au wrote: >>>>>> is there a
2014 May 16
1
imapc Proxy to IMAPS Exchangeserver?
I'm trying to adapt http://wiki2.dovecot.org/HowTo/ImapcProxy to our Exchange Server, which has LOGINDISABLED on Port 143, and I offering LOGIN on Port 993. How do I go about this? Simply changing imapc_port to: imapc_port = 993 doesnt work: Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS
2017 Aug 21
2
pop 110/995, imap 143/993 ?
Lest anyone think STARTTLS MITM doesn't happen, https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Not only for security, I prefer port 993/995 as it's just plain simpler to initiate SSL from the get-go rather than to do some handshaking that gets you to the same point. Joseph Tam <jtam.home at gmail.com>