similar to: ssl-params: slow startup (patch for consideration)

Based on the recent found weaknesses in DH key exchange, http://weakdh.org/ I increased ssl_dh_parameters_length to 2048 bits, and found waited for 5+ minutes for dovecot to come back online after a restart. Unless you got a fast machine, the initialization of DH parameters can exceed your patience. Regeneration may not be a problem (if ssl_parameters_regenerate=0 or if Dovecot uses old

Hello list, I use currently a non-dovecot pop3 proxy which has the ability to scan all passing mails for viruses. And I like dovecot. I have to combine both. One (and the only) idea is to call a virusscanner a shellscript, installed as PostLoginScript. But I see multiple disadvantages: 1. it's a shellscript which tents to be slow. 2. it's called *on* the mailbox-host, not on a dedicated

Hello, after switching from version 2.2.7 to 2.2.7 I miss the loglines which say: ssl-params: Generating SSL parameters ssl-params: SSL parameters regeneration completed The configuration has not been changed and reads: | # 2.2.7: /usr/local/dovecot/etc/dovecot/dovecot.conf | # OS: Linux 2.6.35.14-106.fc14.i686.PAE i686 Fedora release 14 (Laughlin) ext3 | auth_mechanisms = plain login |

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 14 November 2018 at 21:19 "A. Schulze" < <a href="mailto:sca@andreasschulze.de">sca@andreasschulze.de</a>> wrote: </div>

Quoting Gedalya <gedalya at gedalya.net>: > On 05/26/2015 10:37 AM, Ron Leach wrote: >> https://weakdh.org/sysadmin.html >> >> includes altering DH parameters length to 2048, and re-specifying the >> allowable cipher suites - they give their suggestion. > > It looks like there is an error on this page regarding regeneration. In > current dovecots

Hello, I'm providing IMAP+Starttls on port 143 for users with legacy MUA. So I've to enable TLS1.0 up to TLS1.3 For IMAPS / port 993 I like to enable TLS1.2 and TLS1.3 only. Is this possible with dovecot-2.2.36 / how to setup this? Thanks for suggestions, Andreas

* Andreas Schulze <sca at andreasschulze.de> 2015.01.25 12:47: > I assume you drop multiple mailing lists together in a mailbox and separate them using the virtual plugin, right? > could publish how you configured dovecot virtual plugin? The namespace "Virtual" will look for its configuration in the user's home directory: namespace { location =

> On 23 Nov 2017, at 15.32, A. Schulze <sca at andreasschulze.de> wrote: > > > Steffen Kaiser: > >> Is the detail delived to Dovecot by the MTA at all? > sure! > > have to say: I faked that example. In reality I tested the inverse way: > My lab setup actually *do* deliver to folders and > I saw, setting lmtp_save_to_detail_mailbox to 'no' still

Andreas, can you explain "magic folder"? The only thing I tried was creating named FIFO .dovecot.sieve.log, and starting mailx user at my.domain.com < .dovecot.sieve.log which need to be done for each user of my domain, and better wrapped in some script which will make it started after each sievec run. -- Regards, Sergey. On Fri, Feb 2, 2018 at 7:23 PM, A. Schulze <sca at

> On November 14, 2018 at 12:46 PM "A. Schulze" <sca at andreasschulze.de> wrote: < > I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers. > IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS) "IMAPS" has been used forever. Every

> Le 14 avr. 2020 ? 18:57, A. Schulze <sca at andreasschulze.de> a ?crit : > > > > Am 13.04.20 um 20:52 schrieb David Mehler: >> Hello, >> >> Before I get in to my question is ssl on 993 or starttls on 143 better >> from a security perspective? > > implicit TLS is recommended: https://tools.ietf.org/html/rfc8314#section-3 One rational for

Quoting Gedalya <gedalya at gedalya.net>: > On 05/27/2015 09:55 AM, Rick Romero wrote: >> Quoting Gedalya <gedalya at gedalya.net>: >> >>> On 05/26/2015 10:37 AM, Ron Leach wrote: >>>> https://weakdh.org/sysadmin.html >>>> >>>> includes altering DH parameters length to 2048, and re-specifying the >>>> allowable

Am Donnerstag, den 03.04.2008, 19:29 -0700 schrieb Chris Lattner: > On Apr 2, 2008, at 9:54 AM, Dominic Hamon wrote: > > > Would it be reasonable for me to submit a patch whereby [...] the > > LLVMFoldingBuilder methods become virtual overrides of the base > > class methods? > > No, please don't do this. The idea of llvmbuilder is that it is a >

Hello, since some weeks I'm playing with namespaces. But I still did nod found a solution for all faces of different problems. Current issue: Public namespace. I have users inbox as follow: mail_home = /data/mail/%Ln/ mail_location = maildir:~/Maildir:INDEX=~/.dovecot.index namespace { inbox = yes separator = / prefix = INBOX/ } Public namespace: namespace { location =

Steffen Kaiser: > Is the detail delived to Dovecot by the MTA at all? sure! have to say: I faked that example. In reality I tested the inverse way: My lab setup actually *do* deliver to folders and I saw, setting lmtp_save_to_detail_mailbox to 'no' still deliver to folder while INBOX was expected. so, correct hint: I should really try on an other system ... But from my debug logs it

I went from a nightly of about 20051117 or so (about alpha4 generation) to 1.0beta1 yesterday, and dovecot is now spinning the CPU furiously apparently every ~10 minutes per: Jan 18 13:04:36 server dovecot: SSL parameters regeneration completed Jan 18 13:14:14 server dovecot: SSL parameters regeneration completed Jan 18 13:24:00 server dovecot: SSL parameters regeneration completed Jan 18

> On 30 March 2018 at 15:08 "A. Schulze" <sca at andreasschulze.de> wrote: > > > Hello, > > to build + packages dovecot I use the usual Debian tool chain. That includes build with selected GCC options and running lintian. > > I notice since a long time (read: many earlier versions, up to 2.2.35) this lintian warnings: > > I: dovecot-core:

On Fri, 4 Apr 2008, Joachim Durchholz wrote: >> No, please don't do this. The idea of llvmbuilder is that it is a >> "free" wrapper around the other existing API calls. Making the >> methods virtual would make them much more expensive. > > Wouldn't the class of the objects be known at compile time in most > cases? This is essentially just a case of

Am 14.11.18 um 20:22 schrieb Aki Tuomi: > Not possible I'm afraid. Hello Aki, is it not possible in 2.2.36 or not possible at all? I stumbled upon RFC 8314 *) and I found it a welcome option to enforce more modern protocols/ciphers. IMAPS/SUBMISSIONS aren't used widely (at least to my knowlege, many postmaster used to configure IMAP+SUBMISSION and STARTTLS) Switching Clients to

On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: > On 12/1/2014 4:43 PM, Will Yardley wrote: > > Can you use both ssl_protocols *and* ssl_cipher_list in the same config > > (in a way that's sane)? > > > Is there a way to exclude these ciphers, while still keeping my config > > easy to parse and avoiding duplicative or deprecated configs? > >