similar to: Mail-crypt plugin clarification

rje writes: > I'm looking into ways to encrypt the stored email on my server. The idea is > to make it impossible for my hosting provider (who has access to my VPS) to > read the mail from the disk. Just to be clear, if at any point your VPS has access to the plaintext mail (or keys that decrypt mail), then the VPS provider could access your decrypted mail. To make it unfeasible

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

It would be useful to run the "doveadm" utility on a non-dovecot server e.g. generating password hashes: # echo plaintextpass | doveadm pw -s BLF-CRYPT doveadm(user): Fatal: Error reading configuration: stat(/etc/dovecot/dovecot.conf) failed: No such file or directory Is there a way to circumvent the need for a configuration file? Joseph Tam <jtam.home at gmail.com>

On Fri, 29 May 2020, Sami Ketola wrote: >> # echo plaintextpass | doveadm pw -s BLF-CRYPT >> doveadm(user): Fatal: Error reading configuration: stat(/etc/dovecot/dovecot.conf) failed: No such file or directory >> >> Is there a way to circumvent the need for a configuration file? > > I don't think so. But you can specify the location of the config file with -c

Jerry Kemp <dovecot at oryx.us> wrote: > same ENV variable setup and configure statement as originally used, but again, :( > ended up failing here: > .......................................................................... > libtool: link: gcc -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes > -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 >

On Thu, 10 Aug 2017, Larry Rosenman wrote: > Which mail client on iOS? Sorry, maybe not iOS, but definitely MacOSX Mail app. Joseph Tam <jtam.home at gmail.com>

Michael Felt <michael at felt.demon.nl> writes: >> I use acme.sh for all of my LetsEncrypt certs (web & mail), it is >> written in pure shell script, so no python dependencies. >> https://github.com/Neilpang/acme.sh > > Thanks - I might look at that, but as Ralph mentions in his reply - > Let's encrypt certs are only for three months - never ending circus.

Kevin writes: > Appreciate if you could help with this. I have been trying to address this > "slow search" issue for a while with very limited success(I was trying to > implement FTS also), so I will appreciate if you could support. When I'm stumped, one of the diagnostic tools I use is process tracing. Connect via IMAP, in another window/session process trace the IMAP

A mail user reported that he filled up his INBOX (despite reminders he was approaching his filesystem quota), and furthermore, he could not fix the situation because he couldn't expunge message he marked for deletion. The dovecot logs revealed the cause dovecot: imap(user): Error: open(/var/mail/user.lock) failed: Disc quota exceeded This created an impasse where a user cannot free

On Fri, 22 Jun 2018, Aki Tuomi wrote: >> Do I need to make a fresh dh.pem? The upgrade doc tells how to convert >> ssl-parameters.dat but how to make a new one? > > ... or you can make a fresh one using openssl > gendh 4096 > dh.pem This also works openssl dhparam -out dh.pem 4096 > Note that this will require quite a lot of entropy, so you should > probably

On Thu, 20 Dec 2018 at 15:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > On 20 December 2018 at 14:33 Odhiambo Washington < odhiambo at gmail.com> > wrote: > > > On Thu, 20 Dec 2018 at 15:23, Aki Tuomi < aki.tuomi at open-xchange.com> > wrote: > > > > > On 20 December 2018 at 14:10 Odhiambo Washington < odhiambo at gmail.com>

"Scott W. Sander" writes: > I have noticed that the name of my private server running dovecot appears > in email headers rather than the public-friendly name of my server. Which headers are you taking about? If you're talking about Received: headers, that's usually inserted by your MTA, not dovecot. Joseph Tam <jtam.home at gmail.com>

I'm attempting to upgrade my Dovecot installation to 2.3.2.1. My SSL certificate authority provides a bundle containing their CA, plus intermediate CAs, which I configure using the 'ssl_ca' option. The comments in the configuration file say to only set this when you're requiring client certificates, which I'm not, but fetchmail complains with a "Server certificate

Lev <leventelist at gmail.com> wrote: > Yes, that was a bit odd. Same password, different hash. Even with > verify tool, there was mismatch. So I decided to go for SHA512, > without encryption. Using user at domain as your ID solved your problem, and this side issue of which hash scheme you're using is probably irrelevant. You misunderstand what {SHA512-CRYPT} does

"Davide Marchi" <danjde at msw.it> writes: >> UW-IMAP's mailutil, imapsync, YippieMove and Larch. Whatever you use, *don't* use UW-IMAP's mailutil unless you got lots of time to kill. It is dreadfully slow -- I used it to export some of my users' mailboxes to Gmail or other remote mail servers, and I could almost cut&paste the messages faster. Like Aki

Quoting Joseph Tam <jtam.home at gmail.com>: > Another privacy plugin that assumes the server operator is unmotivated or > respects your privacy anyways, and won't just skim your password right off > the top to look at your mail. A vault with steel walls and a dirt floor. *SIGH* As usual, you're right on the money, Joseph. I used to let things like this

Levente Kovacs writes: > I continuously get user authentication errors. I suspect that the problem is > with a password hashing. I used > > # doveadm pw -s SHA512-CRYPT > Enter new password: > Retype new password: > {SHA512-CRYPT}$6$1cCNWIMCTpuqmexO$cCq7nDEga1xza3967nZ.BFZaGWNoYwjnNfSCvZE/jGzYAY1hLWE1iHR1KYaO.mvVE4WVdDSrvPNtfwAUn/yk3/ Looks OK. > I have this at the

Timo announced: > https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.27.tar.gz.sig > > Note that the download URLs are now https with a certificate from Let's Encrypt. wget complained about ERROR: certificate common name `wiki.dovecot.org' doesn't match requested host name `dovecot.org'. and indeed, the

Any guess at what would cause this? Feb 7 21:20:53 server dovecot: imap(user): Panic: file mailbox-list-fs-iter.c: line 447 (fs_list_get_roots): assertion failed: (full_fs_access) (Sorry, no core dump) According to my logs, this user couldn't start an IMAP session for a 2 hour stretch for hundreds of connections. Then the problem seemed to have went away. I logged back as that

After setting imap_hibernate_timeout to 60s, I could not find any hibernated connections after a few hours. I tested hibernation and made an observation: IDLE'd imap sessions only hibernate if they don't have a mailbox SELECT'd, otherwise they never hibernate. Is this the way it's supposed to work? Joseph Tam <jtam.home at gmail.com>