similar to: How to require client SSL certificate, except for local connections

Folks, I'm trying to configure my dovecot installation to require client certificates for external/Internet connections, while still allowing my local network to not need certificates. This configuration is for Dovecot 2 (2.0.8 in Fedora 14), and I've tried to use the "remote" block to give different definitions for my local network vs the defaults. While most options seem to

> On 27 Jan 2016, at 21:55, Axel Luttgens <axel.luttgens at skynet.be> wrote: > > Hello Haravikk, > > Perhaps could you try to devise an exception based on one (or more) "remote" section(s), as in: > > remote ip.of.webmail.server { > ssl_verify_client_cert = no > [other settings, if needed] > } > > But I guess you would need to combine

How do I configure dovecot-2.0.x to present a client SSL certificate when proxying? If dovecot on server1.example.com has: passdb { driver = static args = proxy=y host=server2.example.com nopassword=y ssl=yes } and dovecot on server2.example.com has: ssl_verify_client_cert = yes auth_ssl_require_client_cert = yes then when a client connects to server1 and authenticates, a connection is

Good time of the day! My English is not very good, excuse me if I said something wrong. I use dovecot-2.1.16 on Gentoo Linux amd64. I need to setup dovecot (imap and pop3) for SSL and non-SSL connection simultaneously. For SSL connections client must submit a valid SSL certificate. Now SSL part of dovecot.conf looks like this: ----------------- ssl = yes ssl_cert =

I've been using Dovecot 2.1.8 on OpenBSD 5.2 i386 for about a month. It works great. Dovecot serves IMAPS only, and I'm using Thunderbird to access my mail. I configured Dovecot to allow clients that present a valid certificate when establishing SSL connection. I configure my Thunderbird for SSL/TLS connection with normal password. It works fine. However, with my config anybody

I?m using dovecot to provide encrypted IMAP e-mail support for remote clients and it?s working great. However, I also need to set up a webmail front-end (Roundcube), which I?m hoping to have use unencrypted IMAP on port 143 (as only port 993 is available externally). The problem I?m running into is that I want to require client certificate authentication on port 993, but dovecot is apparently

Hi, This is my first post to the list, so greetings to you all! I am seeking your help with SSL/TLS client authentication. I currently have the following setup: * Server: - Debian Squeeze (fully patched) - OpenSSL 0.9.8o - Dovecot v2.1.10 (Debian backport package from Wheezy) - SSL listener on port 993 with the Dovecot selfsigned certificate that was created during

On 02 Feb 2016, at 13:09, Haravikk <dovecot at haravikk.me> wrote: > > So I still haven?t found a way to require client certificates only for port 993/IMAPS while leaving unencrypted IMAP open for local, trusted, services. > > Is there really no way to do this? I just found out how to do the same thing for postfix (turns out it?s fairly easy, just a matter of adding the

Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. Please find patches for v2.2.36 and v2.3.4 attached, or download new version from https://dovecot.org Yours sincerely, Aki Tuomi Open-Xchange Oy

Hello, I would like to set up an authentication using certificate with Dovecot: A user sends mail to Postfix and Dovecot authentication is valid only if certificate is trusted. So, I enable the parameter auth_ssl_require_client_cert in dovecot configuration but it is not running. Here are the postfix logs: Aug 16 09:51:48 myserver dovecot: auth: Debug: Loading modules from directory:

Greetings all, I have verified a bug that has long been attributed to lack of knowledge on the part of the user. Dovecot rejects StartSSL client certificates due to reject StartSSL root CA when doing client verification even though the appropriately constructed ca-bundle.pem has been created and applied vi ssl_ca = </etc/dovecot/ca-bundle.pem. openssl verify -CAfile ca-bundle.pem

Try adding auth_debug_password=yes Aki On 01.02.2018 10:27, yuryb wrote: > We have FreeBSD-server with dovecot installed on it as IMAP-server. My > user and password database is a text file with plaintext passwords. > Clients connect to imap-server via TLS protocol and plaintext > password. All works fine. But I want to configure ability to authorize > with a client certificates.

You probably need to also enable auth_debug=yes auth_verbose=yes also, are you sure you just don't have wrong password? Aki On 01.02.2018 12:08, yuryb wrote: > I have added "auth_debug_password=yes" to "10-logging.conf" and > restarted dovecot.?But I do not see any information about the password > in the logs. Does this mean that the thunderbird does not

In hopes that searching may turn up the solution for others: The reason client certificate validation was failing in Thunderbird when it had previously succeeded with other servers (both IMAP and SMTP) is precisely that: the client and profile where the same ones used to connect to the server who's hostname hadn't changed, and email addresses and usernames were the same, and Thunderbird

Good time of the day! It is possible to setup dovecot with different requirements for SSL and non-SSL protocols? What would I like to do: pop3/imap non-SSL = allowed plain text authentication. pop3/imap with SSL = allowed plain text authentication with required valid SSL certificates. I need to allow access from any IP address for first group of users, which have valid SSL certificates. And

hello trying to install dovecot 2 on a fresh installed machine I get this error message : doveconf -n > dovecot-new.conf doveconf: Error: ssl enabled, but ssl_cert not set doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set the ssl config file look like the following : Thanks for any info. ## ## SSL settings ## # SSL/TLS

We have FreeBSD-server with dovecot installed on it as IMAP-server. My user and password database is a text file with plaintext passwords. Clients connect to imap-server via TLS protocol and plaintext password. All works fine. But I want to configure ability to authorize with a client certificates. I have generated a client certificate and imported it to email-client. Also I have configured

Hello, it seems there there is an issue regarding "TLS-Certtificate" authentication in Thunderbird and Dovecot. Obviously client certificate is recognized by Dovecot: Apr 25 14:29:01 dovecot dovecot: imap-login: Valid certificate: /emailAddress=christian.felsing at example.net/CN=Christian Felsing (Test)/OU=CF Certificates/O=example.net/C=DE AFAIK Dovecot always requires IMAP login,

I have added "auth_debug_password=yes" to "10-logging.conf" and restarted dovecot.?But I do not see any information about the password in the logs. Does this mean that the thunderbird does not send the password??Although it asks for the password and I enter one. New log: dovecot: master: Warning: Killed with signal 15 (by pid=19769 uid=0 code=kill) dovecot: master: Dovecot

Dear reader, we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a