similar to: doveadm service: verify client cert

Hi I'm trying to use dovecot with client certificates. We produce our certificates with our on CA and we do NOT use certificate revocation lists. So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If

The openssl library in Debian unstable (targeting Buster) supports TLS1.2 by default. The library itself supports also TLS1.1 and TLS1.0. If the admin decides to also support TLS1.[01] users he can then enable the lower protocol version in case the users can't update their system. Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc> --- src/config/all-settings.c

Greetings all, I have verified a bug that has long been attributed to lack of knowledge on the part of the user. Dovecot rejects StartSSL client certificates due to reject StartSSL root CA when doing client verification even though the appropriately constructed ca-bundle.pem has been created and applied vi ssl_ca = </etc/dovecot/ca-bundle.pem. openssl verify -CAfile ca-bundle.pem

Try adding auth_debug_password=yes Aki On 01.02.2018 10:27, yuryb wrote: > We have FreeBSD-server with dovecot installed on it as IMAP-server. My > user and password database is a text file with plaintext passwords. > Clients connect to imap-server via TLS protocol and plaintext > password. All works fine. But I want to configure ability to authorize > with a client certificates.

Hi, This is my first post to the list, so greetings to you all! I am seeking your help with SSL/TLS client authentication. I currently have the following setup: * Server: - Debian Squeeze (fully patched) - OpenSSL 0.9.8o - Dovecot v2.1.10 (Debian backport package from Wheezy) - SSL listener on port 993 with the Dovecot selfsigned certificate that was created during

We have FreeBSD-server with dovecot installed on it as IMAP-server. My user and password database is a text file with plaintext passwords. Clients connect to imap-server via TLS protocol and plaintext password. All works fine. But I want to configure ability to authorize with a client certificates. I have generated a client certificate and imported it to email-client. Also I have configured

Have you specified the path to ca-certificates? On Debian it's normally something like that #10-ssl.conf ssl_client_ca_dir = /etc/ssl/certs see http://wiki.dovecot.org/Replication#SSL Am 10.11.2016 um 16:09 schrieb nerbrume at free.fr: > Hello, > > I'm using dovecot 2.2.13 on Debian stable. > My users are authenticated through PAM, and stored in an LDAP backend >

You probably need to also enable auth_debug=yes auth_verbose=yes also, are you sure you just don't have wrong password? Aki On 01.02.2018 12:08, yuryb wrote: > I have added "auth_debug_password=yes" to "10-logging.conf" and > restarted dovecot.?But I do not see any information about the password > in the logs. Does this mean that the thunderbird does not

Solved, thank you. TCPS was the issue. From: Aki Tuomi <aki.tuomi at open-xchange.com> Sent: Wednesday, November 20, 2019 08:54 To: Miro Igov <miro.igov at gmail.com>; dovecot at dovecot.org Subject: Re: Doveadm replicator ssl issues On 18.11.2019 22.30, Miro Igov via dovecot wrote: Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard certificates. Email

I have added "auth_debug_password=yes" to "10-logging.conf" and restarted dovecot.?But I do not see any information about the password in the logs. Does this mean that the thunderbird does not send the password??Although it asks for the password and I enter one. New log: dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0 code=kill) dovecot: master: Dovecot

Dovecot version: 2.2.25 (7be1766) I?m looking into an issue we?re having with a new setup. We have one fronted host with two backend hosts, and we?re attempting to use doveadm to allow us to administer sieve on the frontend and have it replicated to the backend hosts. When I attempt to use doveadm sieve put on the frontend host, i get the following on the frontend host: frontend-machine $ cat

Hi, Some time ago I posted the below but never got a reponse that I could work with. So i am retrying now in the hope that there might be a better idea/suggestion on how to approach this. Situation; I have two nodes, which should replicate to eachother. My main machine receives most mail and the other one receives mostly system messages and should get replicated. (This used to be delivered on

?I've a dovecot instance setup with submission proxy, protocols = imap lmtp submission sieve hostname = internal.mx.example.com submission_relay_host = internal.mx.example.com submission_relay_port = 465 submission_relay_trusted = yes submission_relay_ssl = smtps submission_relay_ssl_verify = yes service submission-login { inet_listener submission { address = 10.2.2.10,

Hello, I'm using dovecot 2.2.13 on Debian stable. My users are authenticated through PAM, and stored in an LDAP backend I'm trying to set-up replication with ssl, following (mainly) this : http://wiki2.dovecot.org/Replication 1) I only diverted from the instructed setup by not setting "doveadm_port = 12345", as it would give me errors of the like: > Fatal:

On 18.11.2019 22.30, Miro Igov via dovecot wrote: > > Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard > certificates. > > Email clients connect fine, https://www.immuniweb.com/ssl/ tests show > certificates are ok. > > However I can?t make replication work when I add ssl = yes. > > Without ssl it works ok. > > ? > > I added

Hi, Anyone has suggestions? The situation also happends when I ?delete? a message from my Phone. It seems to get replicated instantly and the just deleted email is back in the mailbox again. I did remove HA Proxy support in the meantime to rule that out and I have enabled the default replication_max_conns. thanks Remko > On 13 Oct 2017, at 11:56, Remko Lodder <remko at FreeBSD.org>

5 Gennaio 2017 01:21, "John Fawcett" <john at voipsupport.it> wrote: > On 01/04/2017 08:40 PM, Juri wrote: > >> Hi, >> I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and >> a valid Let's Encrypt certificate. >> I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the

Hi, I'm trying to migrate IMAP mails from dovecot 1.1.20apple0.5 (osx) to dovecot 2.2.33.2 (ubuntu). I'm using "doveadm backup" to migrate my data. It works fine for all subfolders, but the root INBOX stay empty on the new server. I suspect a problem related with hierarchy separator ("." on previous server, "/" on new) or with the namespace prefix (set to

In hopes that searching may turn up the solution for others: The reason client certificate validation was failing in Thunderbird when it had previously succeeded with other servers (both IMAP and SMTP) is precisely that: the client and profile where the same ones used to connect to the server who's hostname hadn't changed, and email addresses and usernames were the same, and Thunderbird

Hello, after upgrade from [2.2.devel (34f7cc3)] to [2.2.devel (b3443fc)] dovecot stops with a segfault: Fatal: master: service(imap): child 21179 killed with signal 11 (core dumped) imap[21179]: segfault at 0 ip 00000000f726eef1 sp 00000000ffa3b050 error 4 in lib20_expire_plugin.so[f726d000+3000] gdb /usr/lib/dovecot/imap /var/_core/core_imap-11-5000-5000-21179 GNU gdb (Debian 7.12-6)