similar to: Dovecot 2.1.7 still accepting SSLv3 though disabled?

Thomas Preissler: > ssl_protocols = !SSLv3 !SSLv2 that disable SSLv3 > When I enable verbose_ssl I get this: > 2015-03-15 08:27:39 imap-login: Warning: SSL: where=0x2001, > ret=1: SSLv3 flush data [$CLIENTIP] > ... > Is this right? Is SSLv3 used on this connection? The logging is right, but SSLv3 isn't used. Today it's not uncommon that application /log/

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

Hi, I tracked down a tricky bug in dovecot that can cause the imap-login and pop3-login processes to crash on handshake failures. This can be tested by disabling SSLv3 in the dovecot config (ssl_protocols = !SSLv2 !SSLv3) and trying to connect with openssl and forced sslv3 (openssl s_client -ssl3 -connect localhost:995). This would cause a crash. What was going on is this: In

Connecting to dovecot with ssl3 causes imap-login to die: $ openssl s_client -connect localhost:993 -ssl3 CONNECTED(00000003) 4277630796:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1461:SSL alert number 40 4277630796:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:645: --- no peer certificate available --- No client certificate

Hi, Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13? TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones upgraded: Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 04 19:49:16 imap-login: Debug:

Hi all, after upgrade from some 2.0 version to 2.2.19 (debian) i face map login problems: # doveconf -n # 2.2.19 (ca91d540fd87): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.9 # OS: Linux 2.6.32-5-amd64 x86_64 Debian 8.2 ext4 auth_debug = yes auth_debug_passwords = yes auth_verbose = yes auth_verbose_passwords = plain debug_log_path = /var/log/dovecot-debug.log hostname = test.my.domain.de

Hello, After client (Thunderbird, now version 31.0) updated today, it stopped connecting to Dovecot IMAP4S. The infamous "SSL alert number 42" is reported. Mail server uses local (created for intranet) CA certificate as root. I would appreciate pieces of advice on how to handle that without enabling plaintext authentication over insecure channels. Other intranet services work with

Recently thunderbird and Dovecot IMAPS cannot agree on SSL however Evolution, on the exact same system, is working fine with the same accounts. Tried recreating the Dovecot cert and also the thunderbird accounts from scratch. The OpenSSL raw client works fine as well. Would someone also confirm the openssl commands to create a selfsigned cert for dovecot imaps. They cert created does work

Hello. Few days ago upgraded from v2.2.26.0 >v2.2.27 and now windows 10, with any outlook version (2007,2010,2013,2016) doesn't connect IMAP SSL: Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Dec 12 12:29:35 server dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key

Fran and/or Matthias, Could you publish your doveconf -n? I can't get dovecot to authenticate with my AD. Maybe you have a solution I could try. What mail client(s) are you using? I assume by "AD 2003/8" You mean SBS2003/8 and are therefore using Outlook? --Mark -----Original Message----- > Date: Wed, 9 Sep 2015 17:22:34 +0200 > From: Matthias Lay <matthias.lay at

I would expect the public cert to be imported as a "server" not an "auth" The attached image shows that TBird wants an httpS url for a webserver, for the source. Ages ago, I think it prompted for "do you want to trust this new cert" and YES added it (assuming that is the public key) to the server list.? A bit confused by this. <see attached thunderbird

Hello, This is a selfsigned cert. Both of the below methods were used. May I ask for 1. pointer to info setting up "intermediate certs" and where the certfile goes? The objective is to generate a self-signed cert and use it for just internal use with IMAPS dovecot. Separately, what are your thoughts as to why evolution works and thunderbird does not? Thank you, ==1 openssl

Hi! I am trying to make Windows 8 using Live 2012 and Outlook 2010 login in Dovecot POP3s. However, I receive this message in log: Feb 28 07:32:05 ipanema dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.0.0.10, lip=10.0.0.1, TLS handshaking: Disconnected, session=<joP78nTz9ACsFQAF> Note that user is sent as blank and this is the only log line. I used

After the submission with dovecot it sends it to postfix, the postfix log is: postfix/submission/smtpd[19509]: connect from example.org[192.168.1.1] postfix/submission/smtpd[19509]: client=example.org[192.168.1.1], sasl_method=PLAIN, sasl_username=test at example.org postfix/submission/smtpd[19509]: *warning: non-SMTP command from example.org <http://example.org>[192.168.1.1]:

Postfix debug peer logging Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: > server.example.org[XX.XX.XX.XX]: 250 2.1.5 Ok Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: watchdog_pat: 0x55ef4ec020180 Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: vstream_fflush_some: fd 10 flush 28 Dec 18 17:08:11 mail postfix/submission/smtpd[10626]: vstream_buf_get_ready: fd 10 got 15 Dec

I can get messages without SSL with no problems. but i need to setup server accept only SSL secured connections. I think my configuration is very proper, but cant find "obvious" problem. Postfix 2.3.3 + dovecot 2.0.13-1_129.el5 + PostfixAdmin 2.3.3 I made own CA. configured postfix and dovecot with same cert key ca. Same public cert i gave for client just converted it to PKCS#12. I cant

Hi all, I think I've found a small bug in how Dovecot logs SSL/TLS info. Basically, if I connect to the server using TLS, the logs have a lot of entries saying I used SSLv3 (which is not allowed). Here's my system info: OSX Yosemite (x86_64, HFS+) Dovecot 2.2.15 (via Homebrew) OpenSSL 0.9.8zd The configuration (see below) disallows SSLv3, and if I try and connect with OpenSSL to test

Hi, after the upgrade from dovecot 2.0.13 (ubuntu oneiric) to dovecot 2.0.19 (ubuntu precise), in my logs I have a lot of these errors: Jun 23 00:20:29 server1 dovecot: master: Error: service(imap-login): child 6714 killed with signal 11 (core dumps disabled) I tested 2.0.21 and the problem is still here. The problem seems to appear only when the client is ms outlook, thunderbird works fine

> On Jun 28, 2016, at 10:32 PM, Mark Foley <mfoley at ohprs.org> wrote: > > Aki - partial success! I rebuilt my dovecot with ./config --with-gssapi, and restarted. Now I > don't get that "Unknown authentication mechanism 'gssapi'" message in maillog, and mail is > delivered successfully to the other domain users having PLAIN authentication. That's a

Hello, my dovecot installation has been working fine against AD till we upgrade from AD 2003 to AD 2008. As http://wiki2.dovecot.org/AuthDatabase/LDAP said, now I'm not able to connect AD through 389 port. The port 3268 works fine though. (...) Sep 7 19:02:05 <dovecotServer> dovecot: imap-login: Error: master(imap): Auth request timed out (received 0/12 bytes) Sep 7 19:02:05