similar to: Dovecot LMTP Proxy + STARTTLS?

NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy Am 23. November 2017 09:31:41 MEZ schrieb Tobi <tobisworld at gmail.com>: >Hi > >I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is >configured to act as director and delivers to my two backend

Hi thanks for the link. Read that page before but somehow missed the comment about ssl+lmtp proxy :-) Are there any plans to implement that to dovecot in future? Regards tobi Am 23.11.2017 um 18:38 schrieb Carsten Rosenberg: > NOTE: LMTP/doveadm proxying doesn't support SSL/TLS currently - any ssl/starttls extra field is ignored > >

Hi, when proxying lmtp from director to backend, director does not use STARTTLS. Delivering mails with postfix via lmtps to backend or director works encrypted. Is there a way to force the use of STARTTLS on dovecot director lmtp proxy? Regards, Matthias -- BOFH excuse #446: Mailer-daemon is busy burning your message in hell. (hbox storage?)

The wiki <http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy> page says this: "The connections created to the destination server can't be TLS/SSL encrypted.". Hrmm. Right now, with perdition, I'm forcing the use of STARTTLS on the internal connections. I'd just as soon get rid of perdition (to have one less moving part in my architecture), but I need the

Hello list we encounter a weird SSL issue with one of our dovecot (2.2.24 on Centos6) which we can only explain if our assumtion is correct Symptoms are that imaps connections (on port 993) suddenly get veeeery slow. Up to 180s for one connection with openssl s_client The thing we do not understand is that in the same time imap connections with starttls are just 1s. We can see that entropy on the

How exactly is LMTP proxying supposed to work? According to the example on http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/Proxy I'm only seeing "proxy" in the password_query statements. But LMTP never sends a password. IMAP Proxying is working OK: Sep 24 12:51:09 imap-login: Info: proxy(ralf.hildebrandt at charite.de): started proxying to dovecot.charite.de:993:

Hi everyone! I have dovecot (1.2.11) on one our external mail servers acting as a proxy. The client (ifor now, my iphone) connects fine via ssl to the external mailserver but I can't seem to get a secure connection now to the internal destination imap server (between external mail server and internal imap server, it's going through port 143). Running tcpdump, I can clearly see my

Hi! With static db, you should use args instead override_fields. Aki > On 03 August 2018 at 16:42 grupo correo <grupodecorreo10 at gmail.com> wrote: > > > Hi, > I have configured 20-lmtp conf file to use proxy and into the protocol > section i added: > > passdb { > driver = static > override_fields = proxy=y protocol=smtp port=25 host=x.x.x.x >

Op 25/06/2018 om 21:42 schreef Stephan Bosch: > > > > Op 14/06/2018 om 22:24 schreef grupo correo: >> Hi, >> I need to use lmtp server proxy, to proxy a remote smtp server, the >> documentation says "It's possible to use Dovecot LMTP server as a >> proxy to remote LMTP or SMTP servers", but i do not find how to >> configure. Can anybody

Hi, I need to use lmtp server proxy, to proxy a remote smtp server, the documentation says "It's possible to use Dovecot LMTP server as a proxy to remote LMTP or SMTP servers", but i do not find how to configure. Can anybody gel me to understand? Best regards -------------- next part -------------- An HTML attachment was scrubbed... URL:

On my POP3 server, I need to be able to control the use of STARTTLS by client IP address. Specifically: * Clients on certain internal subnets (e.g., 192.168.1.0/24) must not have the option to use TLS. If the client tries to use STARTTLS, the option should be rejected. This is to satisfy US FCC rules regarding the use of encryption over certain radio frequencies. * All other internal clients

Abstract from http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy > > host=s: The destination server's *IP address*. This field is required. > Note that currently it's required to use an IP address since no DNS > resolving is done. > Hello Timo, Here goes one more item for the v2.0 wishlist: Will it become possible to do dovecot imap proxying based on a

Hi, Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot proxy servers, I've reconfigured them to use "mail_max_userip_connections = 50" in the "protocol imap" section, followed by restarting Dovecot. Yet, I'm still seeing 160+ established connections from a single IP address for the same email account. Am I missing anything? # 2.2.27

On 12/06/2014 02:35 AM, Nick Edwards wrote: > On 12/5/14, ML mail <mlnospam at yahoo.com> wrote: >> Hello, >> >> I am wondering which variant is more secure for user authentication and >> password scheme. Basically I am looking at both variants: >> >> 1) MD5-CRYPT password scheme storage with CRAM-MD5 auth mechanism >> 2) SHA512-CRYPT password

Dave McGuire writes: >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >> >> then setup fail2ban to manage extrafields > > Now that's a very interesting idea, thank you! I will investigate this. If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries any

Hi, mail_max_userip_connections is only enforced at the backend level. The setting has no effect on proxy. If you want to force the limit then you can only do it in the backend. Sami > On 9 Mar 2017, at 12.05, Adi Pircalabu <adi at ddns.com.au> wrote: > > Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per

Hi, I have a postfix+dovecot-2.2.13 system and have configured it to support IMAPS on 993 with SSL/TLS. I'm noticing with users using Thunderbird, the autodetect defaults to IMAPS on 143 with STARTTLS. Which is preferred? Which is more secure? Which is more common? Why would someone choose one over the other? Can I ask the same question about SMTP and submission? Why would one choose 587

Hi Aki, On 10.02.20 17:03, Aki Tuomi wrote: > Try setting > > login_trusted_networks = lb-ip/32 > > See? > https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks I do have login-trusted_networks set already. Along with the proxy protocol (haproxy_trusted_networks = lb-ip) I had to set login_trusted_networks to 0.0.0.0/0 actually because the proxy

Hello, I've been running dovecot for over 3 years now and it works with no problems. I have it setup so that it authenticates users against Active Directory via LDAP and so far no problems. What I would like to know is if there is any way that I could deny access for users trying to access email via cellphones or email clients outside the company. I can

> Are you 100% sure your interpretation of the FCC rules is correct? Yes > Do you really want passwords going out over RF unencrypted? No. I don't plan to use plaintext auth methods. > As far as I know, only ham bands are not allowed to use encryption. Even > baby monitors these days are DECT. (Mind you, not good encryption.) Correct. It is ham radio. Michael