similar to: OpenSSH and CBC

On 15.06.2015 21:31, Christian Weisgerber wrote: > On 2015-06-15, Gerhard Wiesinger <lists at wiesinger.com> wrote: > >> I saw that OpenSSH release 6.7 removed all CBC ciphers by default. Is >> CBC therefore considered as broken and unsecure (in general or SSH >> implementation)? > CBC modes in SSH use the last encrypted block of the previous packet > as the IV

Hi Gerhard, This is not exactly true. CTR modes have the length field encrypted. etm MAC modes and AES-GCM have the length field in cleartext. CBC is dangerous because the length field is encrypted with CBC. aes128-ctr + hmac-sha256 doesn't have any known vulnerability and encrypts the packet length, but uses the bad practice of e&m. chacha20-poly1305 encrypts both payload and packet

OpenSSH Security Advisory: cbc.adv Regarding the "Plaintext Recovery Attack Against SSH" reported as CPNI-957037[1]: The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary

OpenSSH Security Advisory: cbc.adv Regarding the "Plaintext Recovery Attack Against SSH" reported as CPNI-957037[1]: The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary

Hello! Noone has running a sendmail/Mailscanner/procmail/mbox environment? Ciao, Gerhard ---------- Forwarded message ---------- Date: Mon, 24 Apr 2006 20:27:56 +0200 (CEST) From: Gerhard Wiesinger <lists at wiesinger.com> To: dovecot at dovecot.org Subject: [Dovecot] Dovecot LDA with sendmail/Mailscanner Hello! I'm running dovecot in a sendmail/Mailscanner/procmail/mbox

Hello! I'm running squirrelmail 1.4.8 (I know this is not the latest version) and know I'm having troubles with: 1.) Folder list view 2.) Save to sent or Drafts folder. Configuration worked well. I think it has to do with the upgrade from dovecot 1.0 to 1.1 and the LIST command. Thunderbird/alpine work well. Commands from rawlog are: A002 LIST "" "~/Mail/Drafts"

On 05 Dec 2015, at 11:32, Gerhard Wiesinger <lists at wiesinger.com> wrote: > > Is it possible to configure the secure session caching mechanism? > e.g. like in nginx: https://bjornjohansen.no/optimizing-https-nginx I remember hearing about various security vulnerabilities in that earlier.. I guess they're fixed now then, unless people find more ways to exploit it. Anyway

Hello! Currently I'm trying to integrate dovecot's deliver program into procmail. So basically I'd write a patch for procmail to deliver not directly into the mbox file but delivering with the dovecot deliver program. Do you think this is a good concept? For testing I use the commands discussed below. Currently I'm having a problem that deliver doesn't recognize the

http://dovecot.org/releases/dovecot-1.0.rc25.tar.gz http://dovecot.org/releases/dovecot-1.0.rc25.tar.gz.sig Instead of having "Should v1.0 be released already" discussion, how about having "What's still missing from wiki.dovecot.org and how could it be improved" discussion? And what should the wiki exported to doc/ directory in the tarball look like? * If time moves

http://dovecot.org/releases/dovecot-1.0.rc25.tar.gz http://dovecot.org/releases/dovecot-1.0.rc25.tar.gz.sig Instead of having "Should v1.0 be released already" discussion, how about having "What's still missing from wiki.dovecot.org and how could it be improved" discussion? And what should the wiki exported to doc/ directory in the tarball look like? * If time moves

Hello, I'm trying to move from procmail to dovecot sieve. I found the translation script at http://www.dovecot.org/tools/procmail2sieve.pl It works well except the following use cases: * ^From:.*myemail at mydomain.com.* | formail -I"X-Priority: 2 (high)" -I"X-mydomain-com-seen: yes" | $SENDMAIL -oi \ myemail at mydomain2.com \ myemail at mydomain3.com :0c *

http://dovecot.org/releases/2.1/dovecot-2.1.5.tar.gz http://dovecot.org/releases/2.1/dovecot-2.1.5.tar.gz.sig A few announcements first: I'm now going to start being more strict about not answering Dovecot questions sent to me privately (especially support requests, but also bug reports, feature requests, etc). Often those questions could be answered by other people in the mailing list as

http://dovecot.org/releases/2.1/dovecot-2.1.5.tar.gz http://dovecot.org/releases/2.1/dovecot-2.1.5.tar.gz.sig A few announcements first: I'm now going to start being more strict about not answering Dovecot questions sent to me privately (especially support requests, but also bug reports, feature requests, etc). Often those questions could be answered by other people in the mailing list as

Hello, I'm running dovecot in a classical vmail.vmail setup with pigeonhole and LMTP. Permission worked well in the initial setup but currently (maybe after Fedora 22 update) I'm having the following permission issue: lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied (euid=9999(vmail)

On 05.08.2015 13:06, Steffen Kaiser wrote: > On Tue, 4 Aug 2015, Gerhard Wiesinger wrote: > >> >> I'm running dovecot in a classical vmail.vmail setup with pigeonhole >> and LMTP. Permission worked well in the initial setup but currently >> (maybe after Fedora 22 update) I'm having the following permission >> issue: >> >> lmtp(root):

Hello, Is it possible to configure Dovecot as SASL client for central authentication (also remotely via TCP/TLS)? Following use case: IMAP server (host 1) <=> Windows Domain Controller and /etc/shadow authenticator via pam (host2) Should work as: IMAP server (host 1) <=> SASL Client via TLS <=> Network <=> SASL Server via TLS <=> Local SASL via pam <=>

http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added

http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.20.rc1.tar.gz.sig v2.2.20 probably will be released tomorrow or maybe during weekend. + Added mailbox { autoexpunge=<time> } setting. See http://wiki2.dovecot.org/MailboxSettings for details. + ssl_options: Added support for no_ticket + imap/pop3/managesieve-login: Added

Hello! As discussed in the previous thread about "Dovecot deliver logging problem and procmail" I have made a small patch for procmail to deliver through dovecot's deliver program (or any other delivery program). So Procmail does not write the mailboxes directly any more. So delivery is done through pipes and an external program which can deliver the files. Since dovecot's

Hello Timo, I think the following commit makes problems: http://hg.dovecot.org/dovecot-2.2/rev/68a8b650578e # Doesn't work A01 LIST "" ~/Mail/Gesendet # OK with quoted mailbox A02 LIST "" "~/Mail/Gesendet" Details: imap * PREAUTH [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS