Displaying 20 results from an estimated 3000 matches similar to: "dovecot on wheezy, best ssl configuration ?"
2015 Jan 09
2
dovecot on wheezy, best ssl configuration ?
Hi thanks for your help!
Trying to set your same parameters, when restarting dovecot, gives the
error:
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line 136: Unknown setting: ssl_prefer_server_ciphers
doveconf: Error: managesieve-login: dump-capability process returned 89
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf
line 136: Unknown setting:
2017 Apr 27
2
confused with ssl settings and some error - need help
Hi,
To default dovecot.conf file I added (based on found documentation):
ssl = required
disable_plaintext_auth = yes #change default 'no' to 'yes'
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
ssl_dh_parameters_length = 2048
ssl_cipher_list =
2017 Apr 27
2
confused with ssl settings and some error - need help
Cipher list which You post provide better compatibility or security than
those which I currently have?
On older software version these cipher list works well and not generate any
errors when I run Internal PCI scan test from https://cloud.tenable.com for
another server. But for new server with newer software during test I got
errors in mail.err.
2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi
2017 Apr 27
2
confused with ssl settings and some error - need help
Thank You for answers. But:
1. How should be properly configured ssl_cipher_list?
2. Ok, removed !TLSv1 !TLSv1.1.
3. Strange thing with ssl_protocols and ssl_cipher_list, because on older
server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two
lines looks exactly this same and no errors in mail.err file and mailes
works without any problem.
4. No, currently I don't use LMTP.
2017 Apr 30
2
confused with ssl settings and some error - need help
What kind of test are you running?
Aki
> On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> wrote:
>
>
> I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test
> still gives errors:
> Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error:
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
2019 Oct 11
3
Error: SSL_accept() syscall failed
In setting up my new mail server, I am getting the following in the logs:
Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS
handshaking: SSL_accept() syscall failed: Success*,
session=<B9OokqCUD+UYNU8K>
I have tried various ssl_protocols entries, but for now have defaulted
back to
2018 Dec 08
6
"no shared cypher", no matter what I try
Greetings,
I have had to reinstall my email server on another Linux (centos 7.6)
VPS, with a newer version of dovecot, other software and a brand new
letsencrypt certificate just for email withpostfix and dovecot (that
certificate works fine with postfix). Output of dovecot --version and
dovecot -n on the new server is below.
Now, messages ARE delivered in the right IMAP mailboxes, but when I
try
2015 Feb 06
2
TLS config check
Hi All
First the essentials:
dovecot --version: 2.2.15
/usr/local/etc/dovecot/conf.d/10-ssl.conf:
ssl = required
ssl_cert =
</usr/local/openssl/certs/mail.domain.com.chained.dovecot.ecdsa.crt
ssl_key = </usr/local/openssl/certs/mail.domain.com.ecdsa.key
ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list =
2016 Mar 09
2
Client-initiated secure renegotiation
On 09/03/16 10:44, Florent B wrote:
> Hi,
>
> I don't see any SSL configuration option in Dovecot to disable
> "Client-initiated secure renegotiation".
>
> It is advised to disable it as it can cause DDoS (CVE-2011-1473).
>
> Is it possible to have this possibility through an SSL option or other ?
>
> Thank you.
>
> Florent
ssl_protocols = !SSLv3
2016 Mar 10
2
Client-initiated secure renegotiation
On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote:
> On 09-03-16 13:14, djk wrote:
>> On 09/03/16 10:44, Florent B wrote:
>>> Hi,
>>>
>>> I don't see any SSL configuration option in Dovecot to disable
>>> "Client-initiated secure renegotiation".
>>>
>>> It is advised to disable it as it can
2018 Jan 04
1
TLS problem after upgrading from v2.2 to v2.3
Hi *,
The change in default SSL settings between 2.2 and 2.3 cut off a few
clients; Microsoft-hosted Exchange (?) being one of them:
Jan 4 11:02:56 kremail dovecot: pop3-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=40.101.4.hisip, lip=myip, TLS
handshaking: SSL_accept() failed: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher,
2014 Dec 02
2
disabling certain ciphers
On 12/2/2014 1:32 AM, Reindl Harald wrote:
>
> Am 02.12.2014 um 06:44 schrieb Will Yardley:
>> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote:
>>> On 12/1/2014 4:43 PM, Will Yardley wrote:
>>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config
>>>> (in a way that's sane)?
>>>
>>>> Is there a
2015 Jan 16
4
Outlook and TLSv.1
Hi Folks,
after adding TLSv1.2 to by TLS options a lot of Outlook users complaint
about connection errors, openssl s_client and Thunderbird works fine.
I found some posts about this but none of them had a real solution on
this - I meanwhile disabled TLSv1.2 which made the Outlook users happy.
I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014
ssl_cert = </var/qmail/control/servercert.pem
2020 Mar 30
2
Panic/Assert dns-lookup.c
Hi,
currently we deploying Dovecot as imap/pop3 proxy. Every few minutes some panic/assert occurred (we connect roughly 7k - 8k user at one imap proxy with a connection rate of 200/s).
We activate core dumps. Concerning the sensitive information in the dump we would prefer to not share the dump (e.g. i found our ssl private key in the dump).
Log/Stack trace:
Mar 30 15:54:06 imap16 dovecot:
2014 Apr 17
1
How to disable Director service?
Hi All,
Does anyone know how to disable the Director service. In our current
running Dovecot 2.2.4, if the director configuration is commented out
and Dovecot has no errors nor warnings. But the version 2.2.12 I'm
testing with gives out fatal errors. We have dedicated Dovecot Director
servers that serve the public frontend and separate dedicated imap/pop3
servers on the backend
2016 Oct 10
1
Hierarchy separator and LAYOUT=FS change
Hello,
I stumbled across a 5-year-old post on the dovecot list about changing the dovecot hierarchy separator to enable shared mailboxes (http://www.dovecot.org/list/dovecot/2011-January/056201.html <http://www.dovecot.org/list/dovecot/2011-January/056201.html>).
At the moment I?m stuck in a pretty similar situation. Migrated from courier to dovecot 2 years ago and preserved the
2017 Jan 17
3
Correct settings for ssl protocols" and "ssl ciphers"
I have the following two settings in my "10-ssl.conf" file
# SSL protocols to use
ssl_protocols = !SSLv2
# SSL ciphers to use
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
I have seen different configurations while Googling. I am wondering
what the consensus is for the best settings for these two items. What
do the developers recommend?
Thanks!
--
Jerry
2018 Nov 23
2
doveadm dsync-server doesn't use user parameter?
Hi,
I tried to migrate my dovecot 2.2 to a new server with a other storage
configuration and dovecot 2.3.
New (and old) Server uses mysql for user information
I use the following storage settings
mail_home = /storage1/vmail/%{userdb:path}
mail_location =
2020 Aug 31
2
how fetch zlibed mails with doveadm
Hey there,
i need some help with an administrativ dovecot question.
I run a dovecot 2.2.33 ubuntu server with mdbox and "zlib_save = gz
zlib_save_level = 6". Now i want to fetch the mailheader from some mails via
doveadm fetch -u <user> hdr uid <uid>. The only thing what i receive is some
binary stuff. Is there a way, i can tell the dovemadm fetch command, that he
2019 Sep 04
4
TLS not working with iOS beta?
Hi,
Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13?
TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones upgraded:
Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization
Sep 04 19:49:16 imap-login: Debug: