Displaying 20 results from an estimated 2000 matches similar to: "logging TLS SNI hostname"
2016 Oct 17
2
logging TLS SNI hostname
> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote:
>
> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote:
>> Is there a way to log SNI hostname used in TLS session? Info is there in
>> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to
>> ssl_io->host.
>>
>> Unfortunately I don't see it expanded to any
2016 Oct 20
2
logging TLS SNI hostname
On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote:
> On Monday 17 of October 2016, KT Walrus wrote:
>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote:
>>>
>>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote:
>>>> Is there a way to log SNI hostname used in TLS session? Info is there in
>>>>
2016 Oct 20
2
logging TLS SNI hostname
On 20.10.2016 15:41, Arkadiusz Mi?kiewicz wrote:
> On Thursday 20 of October 2016, Aki Tuomi wrote:
>> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote:
>>> On Monday 17 of October 2016, KT Walrus wrote:
>>>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl>
>>>>> wrote:
>>>>>
>>>>> On Monday 30
2016 Oct 20
0
logging TLS SNI hostname
On Thursday 20 of October 2016, Aki Tuomi wrote:
> On 20.10.2016 15:41, Arkadiusz Mi?kiewicz wrote:
> > On Thursday 20 of October 2016, Aki Tuomi wrote:
> >> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote:
> >>> On Monday 17 of October 2016, KT Walrus wrote:
> >>>>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl>
>
2016 Oct 20
0
logging TLS SNI hostname
On Thursday 20 of October 2016, Aki Tuomi wrote:
> On 18.10.2016 14:16, Arkadiusz Mi?kiewicz wrote:
> > On Monday 17 of October 2016, KT Walrus wrote:
> >>> On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl>
> >>> wrote:
> >>>
> >>> On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote:
> >>>> Is there
2016 Oct 18
0
logging TLS SNI hostname
On Monday 17 of October 2016, KT Walrus wrote:
> > On Oct 17, 2016, at 2:41 AM, Arkadiusz Mi?kiewicz <arekm at maven.pl> wrote:
> >
> > On Monday 30 of May 2016, Arkadiusz Mi?kiewicz wrote:
> >> Is there a way to log SNI hostname used in TLS session? Info is there in
> >> SSL_CTX_set_tlsext_servername_callback, dovecot copies it to
> >>
2016 Oct 26
2
multiple SSL certificates story
Hi.
Little story :-)
I'm playing with dovecot 2.2.25 and multiple SSL certificates. ~7000 certificates
which are loaded twice, so my dovecot has ~14 000 certificate pairs
(14k key + 14k cert) in config.
14 000 local_name entries. Like these:
local_name imap.example.com {
ssl_cert = </etc/certs/cert1.pem
ssl_key = </etc/certs/cert1.pem
}
local_name pop3.example.com {
ssl_cert =
2016 Oct 20
4
logging TLS SNI hostname
On 20.10.2016 15:52, Arkadiusz Mi?kiewicz wrote:
> > ... -servername something
If you want to try out, try applying this patch...
>From 066edb5e5c14a05c90e9ae63f0b76fcfd9c1149e Mon Sep 17 00:00:00 2001
From: Aki Tuomi <aki.tuomi at dovecot.fi>
Date: Thu, 20 Oct 2016 16:06:27 +0300
Subject: [PATCH] login-common: Include local_name in login_var_expand_table
This way it can be used
2016 Nov 10
4
lazy-load SNI?
Hello,
We?re rolling out large SNI deployments for our mail servers. Each domain gets an entry like this in the config:
local_name mail.foo.com {
ssl_cert = </ssl/domain_tls/*.foo.com/combined
ssl_key = </ssl/domain_tls/*.foo.com/combined
}
There are a couple problems we?re finding with this approach:
1) Dovecot wants to load everything at once, which has some machines taking
2016 Nov 11
2
lazy-load SNI?
On 11.11.2016 19:17, Arkadiusz Mi?kiewicz wrote:
> On Friday 11 of November 2016, Aki Tuomi wrote:
>
>> If you are interested in testing, please find patch attached that allows
>> you to specify
>>
>> local_name *.foo.bar {
>> }
>>
>> or
>>
>> local_name *.*.foo.bar {
>> }
>>
>> so basically you can now use certificate
2018 Mar 19
3
v2.2.35 released
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
??? - charset_alias: compile fails with Solaris Studio, reported by
??? ? John Woods.
??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
??? - imapc: Don't try to add mails to index if they already exist there.
??? - imapc: If email is modified in
2018 Mar 19
3
v2.2.35 released
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
??? - charset_alias: compile fails with Solaris Studio, reported by
??? ? John Woods.
??? - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
??? - imapc: Don't try to add mails to index if they already exist there.
??? - imapc: If email is modified in
2015 Dec 08
3
v2.2.20 released
On Tuesday 08 of December 2015, Gerhard Wiesinger wrote:
> On 07.12.2015 20:13, Timo Sirainen wrote:
> > http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz
> > http://dovecot.org/releases/2.2/dovecot-2.2.20.tar.gz.sig
> >
> > This could be (one of) the last v2.2.x release. We're starting v2.3
> > development soon.
>
> Great!
>
> What's on
2018 Jan 23
2
Dovecot 2.3.0 TLS
On Thursday 11 of January 2018, Aki Tuomi wrote:
> Seems we might've made a unexpected change here when we revamped the ssl
> code.
Revamped, interesting, can it support milions certs now on single machine? (so
are certs loaded by demand and not wasting memory)
> Aki
--
Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org )
2016 Nov 11
2
lazy-load SNI?
>>>
>>> Great! Seems to be working fine for my usage and makes my configs 50%
>>> smaller (which is gigantic improvement). Will do more testing though.
>>>
>>> Thanks!
>>>
>>>
A little bit offtopic, but what is the point of using imap/pop SNI? All
clients want to connect to their own domain or what?
--
Kaspars
2016 Nov 21
4
nologin + reason -> logging reason
Hi.
I'm using nologin with own reason [1]. That works fine. For example pop3
client gets nice message like "-ERR [AUTH] Account is locked. Please contact
support."
Unfortunately maillog lacks information details about why user was not allowed
to log in.
pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<testuser>,
method=LOGIN, rip=1.1.1.1, lip=2.2.2.2,
2016 Nov 11
3
lazy-load SNI?
On 11.11.2016 12:22, Arkadiusz Mi?kiewicz wrote:
> On Friday 11 of November 2016, Felipe Gasper wrote:
>> Hello,
>>
>> We?re rolling out large SNI deployments for our mail servers. Each domain
>> gets an entry like this in the config:
>>
>> local_name mail.foo.com {
>> ssl_cert = </ssl/domain_tls/*.foo.com/combined
>> ssl_key =
2018 Mar 21
1
v2.2.35 released
On Wednesday 21 of March 2018, Arkadiusz Mi?kiewicz wrote:
> On Monday 19 of March 2018, Aki Tuomi wrote:
> > https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz
> > https://dovecot.org/releases/2.2/dovecot-2.2.35.tar.gz.sig
>
> [...]
>
> > - Fix local name handling in v2.2.34 SNI code, bug found by cPanel.
>
> That change broke handling of such
2018 Nov 13
3
dovecot lmtp thinks that "disk quota exceeded" is "internal error"
2.2.36 (not migrated to 2.3 yet) reports such problem:
> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=<ACYRCtLk6ltiEQAALZVUYQ>, Error: open(/var/mail/xxx/mailboxes.lock1bf6ad16b7b8b703) failed: Disk quota exceeded
> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=<ACYRCtLk6ltiEQAALZVUYQ>, Error: Couldn't create mailbox list lock /var/mail/xxx/mailboxes.lock:
2009 Mar 27
7
multiple sql servers - loadbalancing and failover
Hi,
Is there a way for dovecot to use a pool of sql (mysql) servers and load
balance queries between these?
Also fallback to next available sql server if connection to previous one
fails.
Can dovecot do such things currently? (If not this is feature request).
--
Arkadiusz Mi?kiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/