similar to: Auth-policy: auth_policy_server_url and https support

> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>: > > > So I added > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > But alas: > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in

After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings this: May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken

> On Mar 28, 2019, at 10:29 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> On 28 March 2019 16:08 Robert Kudyba via dovecot <dovecot at dovecot.org> wrote: >> >> >> dovecot-2.3.3-1.fc29.x86_64 >> >> Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed:

dovecot-2.3.3-1.fc29.x86_64 Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207)

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 21:31 Robert Kudyba <rkudyba@fordham.edu> wrote: </div> <div> <br> </div> <div> <br>

* Aki Tuomi <aki.tuomi at dovecot.fi>: > > > So I added > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > > > But alas: > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in /etc/dovecot/conf.d/10-ssl.conf:36: ssl_ca_file has been replaced by ssl_ca = <file > > > > > > Gnarf! As you can

You know that imapc != imap proxy. imapc is a thin client, which is a "mail storage provider" like maildir. imap proxy is when you proxy the connection somewhere. this is done with proxy_ settings in passdb. You need to specify ssl_client_ca_dir = /etc/ssl/certs to get cert verification working with imapc. it's required. Aki > On 27/10/2020 10:54 David Tildesley <davotnz

> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Aki Tuomi <aki.tuomi at dovecot.fi>: > > > > > So I added > > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > > > > > But alas: > > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting

Hi, I am trying to get fts_solr working and my index server is available via HTTPS only. Dovecot is running on a Debian Jessie system and the Solr server has a letsencrypt certificate. My dovecot version is: 2.2.devel (a9ed8ae) The current setup is: 10-mail.conf: mail_plugins = fts fts_solr 90-fts.conf: plugin { fts = solr fts_autoindex = yes fts_solr =

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 21:52 Robert Kudyba <rkudyba@fordham.edu> wrote: </div> <div> <br> </div> <div> <br>

> Set > > ssl_client_ca_file=/path/to/cacert.pem to validate the certificate Can this be the Lets Encrypt cert that we already have? In other words we have: ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem Can those be used? > Are you using haproxy or something in front of dovecot? No. Just Squirrelmail webmail with sendmail.

imap proxy is a "dumb proxy", it will just pass everything to google & back after you've authenticated. imapc allows you to use imap sieve to some extent. I'm not sure what kind of Sieve manipulations you have in mind. Aki > On 27/10/2020 11:42 David Tildesley <davotnz at yahoo.co.nz> wrote: > > > Hi Aki, > > Thanks. I didn't know that about

Hi! I upgraded the 2.2 packages today (from 2:2.2.28-1~auto+5 to 2:2.2.28-1~auto+8) I now I'm getting an error: Mar 20 13:25:58 mproxy dovecot: auth: Error: imapc(email.charite.de:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) I checked, and alas, I had ssl_client_ca_dir = ssl_client_ca_file = So I set:

Hello, Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica). The ssl config on my both server: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = </etc/ssl/private/private.key ssl_cert =

Hi, I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1 (8e2f634). The old server uses self signed SSL certificate. I'm using the following configuration: imapc_host = 10.1.1.3 imapc_user = %u imapc_features = rfc822.size fetch-headers imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no mail_prefetch_count = 20 mail_shared_explicit_inbox = no Launching dsync

>>>> Set >>>> >>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate >>> >>> Can this be the Lets Encrypt cert that we already have? In other words we have: >>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem >>> ssl_key = </etc/pki/dovecot/private/dovecot.pem >>> >>> Can those be

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 22:02 Aki Tuomi via dovecot <dovecot@dovecot.org> wrote: </div> <div> <br> </div> <div> <br>

Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = </etc/ssl/private/private.key ssl_cert = </etc/ssl/certs/key.crt ssl_client_ca_file = </etc/ssl/certs/GandiCA2.pem # Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 ssl= yes } } and doveadm_port = 12345 // mail_replica =

* Aki Tuomi <aki.tuomi at dovecot.fi>: > > > On 20.03.2017 14:30, Ralf Hildebrandt wrote: > > ssl_client_ca_file = </etc/ssl/certs/ca-certificates.crt > > Leave the < out. It is misleading, I know, but it does say file. =) Makes no difference: # doveconf |fgrep ssl_client_ca ssl_client_ca_dir = ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt and with

xxxx at imapproxy01:/etc/dovecot/conf.d$ dovecot -n# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf# Pigeonhole version 0.5.7.2 ()# OS: Linux 5.4.0-1031-azure x86_64 Ubuntu 20.04.1 LTS# Hostname: imapproxy01.trf04sdec2hu1b4wur4lazeo3f.px.internal.cloudapp.netauth_verbose = yesdisable_plaintext_auth = noimapc_host = imap.gmail.comimapc_password = # hidden, use -P to show itimapc_port = 993imapc_ssl