Displaying 20 results from an estimated 9000 matches similar to: "Disable Client Certificate Authentication for Unencrypted Connections?"
2016 Jan 29
2
Disable Client Certificate Authentication for Unencrypted Connections?
> On 27 Jan 2016, at 21:55, Axel Luttgens <axel.luttgens at skynet.be> wrote:
>
> Hello Haravikk,
>
> Perhaps could you try to devise an exception based on one (or more) "remote" section(s), as in:
>
> remote ip.of.webmail.server {
> ssl_verify_client_cert = no
> [other settings, if needed]
> }
>
> But I guess you would need to combine
2016 Feb 02
2
Disable Client Certificate Authentication for Unencrypted Connections?
On 02 Feb 2016, at 13:09, Haravikk <dovecot at haravikk.me> wrote:
>
> So I still haven?t found a way to require client certificates only for port 993/IMAPS while leaving unencrypted IMAP open for local, trusted, services.
>
> Is there really no way to do this? I just found out how to do the same thing for postfix (turns out it?s fairly easy, just a matter of adding the
2010 Dec 19
2
Problem with requiring client certificates for external connections
Folks,
I'm trying to configure my dovecot installation to require client
certificates for external/Internet connections, while still allowing my
local network to not need certificates.
This configuration is for Dovecot 2 (2.0.8 in Fedora 14), and I've
tried to use the "remote" block to give different definitions for my
local network vs the defaults. While most options seem to
2011 Dec 22
1
proxying, SSL, and client certificate
How do I configure dovecot-2.0.x to present a client SSL certificate when proxying?
If dovecot on server1.example.com has:
passdb {
driver = static
args = proxy=y host=server2.example.com nopassword=y ssl=yes
}
and dovecot on server2.example.com has:
ssl_verify_client_cert = yes
auth_ssl_require_client_cert = yes
then when a client connects to server1 and authenticates, a connection is
2018 Feb 01
2
Why does dovecot reject password when authorizing by a certificate?
We have FreeBSD-server with dovecot installed on it as IMAP-server. My user and password database is a text file with plaintext passwords. Clients connect to imap-server via TLS protocol and plaintext password. All works fine. But I want to configure ability to authorize with a client certificates. I have generated a client certificate and imported it to email-client. Also I have configured
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
>From the config : auth_ssl_require_client_cert = no
GMail empty vcard ... I have no ideas . so sorry.
Coding snippets. What can I provide for you that will help?
NOTE: it is pretty much the default config from Debian.
Thank you,
On Sun, May 24, 2020 at 9:29 PM Benny Pedersen <me at junc.eu> wrote:
>
> On 2020-05-25 02:54, hanasaki at gmail.com wrote:
> > Config has
>
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Config has
ssl_verify_client_cert = no
What options might have the client auth turned on?
TYIA
On 5/24/20 6:40 PM, Felipe Gasper wrote:
> From what I can tell, ?SSL alert number 42? means that you?ve configured Dovecot to require client authentication.
>
> Otherwise, your Let?s Encrypt certificate (with its authority chain) should suffice.
>
> -FG
>
>> On May 24,
2015 Jul 01
4
Dovecot auth username mapping
Thank you for the response Axel. I will look into that.
I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. For example, with PAM/Kerberos, a user can log into webmail and have all of their emails/folders showing almost immediately. When using Dovecot LDAP, it takes literally 8-10 seconds to see the same thing.
I
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
Hello Aki and all,
The below lines are in the dovecot config file. This seems to be the
same as Aki's suggestion. correct? I have also double checked file
perms, tried with several new key gens, several versions of thunderbird
and created completely new thunderbird profiles.
Thank you,
ssl_cert = </etc/letsencrypt/live/...../fullchain.pem
ssl_key =
2009 Oct 01
6
Apple mail troubles
Hello
I have an Apple computer user who has great problems
using IMAP and Dovecot.
Some same messages seems to stay in two or more folders
and are impossible to erase from the Apple mail client
Anyone has that kind of troubles ?
Thanks
2018 Feb 01
2
Why does dovecot reject password when authorizing by a certificate?
I have added "auth_debug_password=yes" to "10-logging.conf" and restarted dovecot.?But I do not see any information about the password in the logs. Does this mean that the thunderbird does not send the password??Although it asks for the password and I enter one.
New log:
dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0 code=kill)
dovecot: master: Dovecot
2020 May 25
2
How to make IMAPS SSL Cert for Dovecot that works with Thunderbird
s_client: Option unknown option -trace
***
x509: Unknown parameter text
On 5/25/20 11:49 AM, Aki Tuomi wrote:
> Hi!
>
> Can you do
>
> openssl x509 text -noout </etc/letsencrypt/live/...../fullchain.pem
>
> and check these things:
>
> your server hostname isn included in SubjectAlternativeNames, and that the cert hasn't got MUST-STAPLE attribute? You can see
2016 Feb 01
2
Mail User Agent?
Hi,is there a way to log which MUA is being used from an user?
# dovecot --version2.0.9
Thank you
2014 Apr 22
2
"Reapplying" sieve rules
I did a mistake (shame on me).
While migrating accounts on a new server, I didn't pay attention to a detail: sieve_max_actions, that I set to a low value for my testings, but then forgot to raise before the migration.
As a result, several redirect-only accounts have now their inbox filled with messages that should have been redirected to "real people", then discarded.
Would there
2009 Jul 01
4
mbox format and UIDVALIDITY
My base concern may be illustrated with the help of that simple telnet
session:
# telnet 127.0.0.1 imap
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
AUTH=PLAIN] Dovecot ready.
a1 login testuser ******
a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE SORT
2014 Apr 18
1
doveadm auth and the "nologin" extra field
Hello,
Still busy with details...
Considering, as in my previous example, a password_query returning '!' or NULL for the "nologin" column, depending on an account's status (suspended or not).
Let's consider a suspended user "some.user".
In the case of a successful authentication, one has:
sh-3.2# doveadm auth test some.user goodpassword; echo $?
passdb:
2015 Jul 01
2
Dovecot auth username mapping
I have an interesting case here ?
Virtual mailboxes, domain/username/aliases stored in MySQL, authentication done using PAM. PAM authenticates through Kerberos, which are internal realms and not the email domains ? for example, my username would be laz at PARAVIS.LOCAL <mailto:laz at PARAVIS.LOCAL> and my email address would be laz at paravis.net <mailto:laz at paravis.net>.
All of
2012 May 29
1
Different SSL requirements for connections on different ports?
Hi All,
I'm running dovecot 2.0.19.
I currently have remote users access mail using IMAP over SSL, with
their client certificates being both required and verified. I do this
using "ssl = required" and "ssl_verify_client_cert = yes".
I would now like to add a webmail front-end (squirrelmail) running on
the same server. In order to achieve this I would like to have
2013 Jul 14
2
2.2.4 - quota-status changing the user it is running as
Hello,
I'm currently experimenting with this quota-status service configuration:
service quota-status {
client_limit = 1
executable = quota-status -p postfix
# Let's make the default explicit.
user = root
unix_listener /var/spool/postfix/private/quota-policyd {
user = postfix
}
}
The idea is to run the service as root during the preliminary tests (at worst, since
2010 Dec 15
2
ssl enabled, but ssl_cert not set ( 2.0.7 freebsd 8.1 )
hello
trying to install dovecot 2 on a fresh installed machine
I get this error message :
doveconf -n > dovecot-new.conf
doveconf: Error: ssl enabled, but ssl_cert not set
doveconf: Fatal: Error in configuration file
/usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set
the ssl config file look like the following :
Thanks for any info.
##
## SSL settings
##
# SSL/TLS