similar to: Replication with SSL

5 Gennaio 2017 01:21, "John Fawcett" <john at voipsupport.it> wrote: > On 01/04/2017 08:40 PM, Juri wrote: > >> Hi, >> I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and >> a valid Let's Encrypt certificate. >> I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the

On Mon, 21 Sep 2015, Andrew McN wrote: >> http://wiki2.dovecot.org/Replication >> >> (quote) >> The client must be able to verify that the SSL certificate is valid, so >> you need to specify the directory containing valid SSL CA roots: >> >> ssl_client_ca_dir = /etc/ssl/certs # Debian/Ubuntu >> ssl_client_ca_file = /etc/pki/tls/cert.pem # RedHat

The result is the same with or without "<" before the file path. With "<" the inode atime is updated at Dovecot startup, so the file is at least opened, but Dovecot still can't verify the cert. The only place in the Wiki that shows an example of ssl_client_ca_file is on this page, and there's no "<" in front of the file path:

Hello! dsync SSL still doesn't work for replication, so I've disabled it and tried to sync without. But I have a problem with temp directory. Is it possible to change path to temp folder? I don't want to set permissions but change temporary folder for replication. Thanks in advance. dovecot: doveadm: Error: safe_mkstemp(/tmp/dovecot.doveadm.) failed: Permission denied

doveconf -n? On 09/21/2015 12:45 PM, Alex Bulan wrote: > On Mon, 21 Sep 2015, Andrew McN wrote: > >>> http://wiki2.dovecot.org/Replication >>> >>> (quote) >>> The client must be able to verify that the SSL certificate is valid, so >>> you need to specify the directory containing valid SSL CA roots: >>> >>> ssl_client_ca_dir =

Hello! I've got a problem to run syncing between both dovecot services on the separate servers. The error indicates to the problem with SSL. Directly using openssl command to connect from one server to other and vice versa is passed without any errors. OS: FreeBSD 11.1-RELEASE-p4 Dovecot: 2.2.33.2_2 and the older one dovecot-2.2.32.1_1 (or similar) - build by ports. OpenSSL:

On 2015-09-21 09:28, Alex Bulan wrote: > The result is the same with or without "<" before the file path. With > "<" the inode atime is updated at Dovecot startup, so the file is at > least opened, but Dovecot still can't verify the cert. > > The only place in the Wiki that shows an example of ssl_client_ca_file > is on this page, and there's

Hello, I'm using a dovecot as proxy, connecting to one or more backends. The backends use X.509 certificates. The proxy's passdb returns extra fields: user=foo proxy host=backend1.<domain> ssl=yes nopassword=y Thus the proxy connects to the backend but can't verify the backends certificate. The following comment suggests using ssl_client_ca_file for

On 21/09/15 17:28, Alex Bulan wrote: > The result is the same with or without "<" before the file path. With > "<" the inode atime is updated at Dovecot startup, so the file is at > least opened, but Dovecot still can't verify the cert. > > The only place in the Wiki that shows an example of ssl_client_ca_file > is on this page, and there's no

On 11 Oct 2015, at 20:04, Heiko Schlittermann <hs at schlittermann.de> wrote: > > Hello, > > I'm using a dovecot as proxy, connecting to one or more backends. > The backends use X.509 certificates. > > The proxy's passdb returns > > extra fields: > user=foo > proxy > host=backend1.<domain> > ssl=yes > nopassword=y

* Aki Tuomi <aki.tuomi at dovecot.fi>: > > > On 20.03.2017 14:30, Ralf Hildebrandt wrote: > > ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt > > Leave the < out. It is misleading, I know, but it does say file. =) Makes no difference: # doveconf |fgrep ssl_client_ca ssl_client_ca_dir = ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt and with

Hi! I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error: Mar 20 13:25:58 mproxy dovecot: auth: Error: imapc(email.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) I checked, and alas, I had ssl_client_ca_dir = ssl_client_ca_file = So I set:

On 20.03.2017 16:40, Ralf Hildebrandt wrote: > * Aki Tuomi <aki.tuomi at dovecot.fi>: >> >> On 20.03.2017 14:30, Ralf Hildebrandt wrote: >>> ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt >> Leave the < out. It is misleading, I know, but it does say file. =) > Makes no difference: > > # doveconf |fgrep ssl_client_ca >

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 21:52 Robert Kudyba <rkudyba@fordham.edu> wrote: </div> <div> <br> </div> <div> <br>

Hi, I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and a valid Let's Encrypt certificate. I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but when I launch the replication it fails writing on the log (/var/log/mail.err): (Server 1 - sync "client" )| Error: sync: Disconnected from

Hi all, Preparing for a replication setup, I read (at the bottom of <http://wiki2.dovecot.org/Replication>) that `dovecot --hostdomain` should give a different output on the two servers. This is not the case for me: both give "localhost". I'm trying to change my configuration to set the hostdomain to another value, but I can't find how to do this. I tried: ? setting

CentOS 7 Dovecot 2.2.36 Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<> Was working fine for over a year, until the cert expired and I replaced it. I've tried the good cert I have for

Hi, I have two Debian Jessie servers with Dovecot 2.2.13 TCP replication on that have worked fine for years, but now one of them is running low on disk space, so I wanted to try enabling zlib. I crafted a script following the description given in https://wiki.dovecot.org/Plugins/Zlib and xz'ed some inboxes on the stand-by server, the one with low disk space. So every email in those inboxes

Dovecot v2.2.18 OS: FreeBSD 10.1/amd64 Dovecot in proxy mode ignores the root certificate store and can't verify the backend's SSL certificate. I've pointed ssl_client_ca_file to my root certificate store, but I suspect ssl_client_ca_file is only used in imapc context. It seems to be ignored in proxy context. doveconf -n ssl_client_ca_file: ssl_client_ca_file =

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 22:02 Aki Tuomi via dovecot <dovecot@dovecot.org> wrote: </div> <div> <br> </div> <div> <br>