similar to: Dovecot 2.3.0 TLS

On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: > Was the certificate path bundled in the server certificate? No, as a separate file, provided from the local (intermediate) CA: ssl_cert = </etc/openssl/certs/server.cert ssl_key = </etc/openssl/private/server.key ssl_ca = </etc/openssl/certs/ca-cert-chain.pem Worked fine with 2.2.x, 2.3 gives % openssl s_client -connect XXX:993

On 11.01.2018 12:18, Hauke Fath wrote: > All, > > our dovecot installation provides a bundle of intermedia CA > certificates using the ssl_ca option. > > 2.3.0 does not supply the bundle, resulting in various clients either > complaining about an unverifiable server cert, or quietly not > connecting. The log has > > Jan 5 17:01:46 Bounce dovecot: imap-login:

On 11.01.2018 13:20, Hauke Fath wrote: >/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =

On Thu, 11 Jan 2018 13:22:07 +0200, Aki Tuomi wrote: > Can you try if it works if you concatenate the cert and cert-chain > to single file? We'll start looking if this is misunderstanding or bug. This is a production machine, so I would rather stick with the downgrade until you've looked into the issue. I went home late yesterday. ;) Cheerio, Hauke -- The ASCII Ribbon

On 11.01.2018 13:20, Hauke Fath wrote: >/On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: />>/Was the certificate path bundled in the server certificate? />/No, as a separate file, provided from the local (intermediate) CA: />//>/ssl_cert = </etc/openssl/certs/server.cert />/ssl_key = </etc/openssl/private/server.key />/ssl_ca =

On 28.05.2018 14:30, Hauke Fath wrote: > On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote: >> I'm sure. But putting it as ssl_ca makes no sense, since it becomes >> confused what it is for. > I guess - I haven't had a need for client certs, and only ever used > ssl_ca for the server ca chain. > >> We can try restoring this as ssl_cert_chain setting in

On 28.05.2018 12:06, Hauke Fath wrote: > On 05/21/18 17:55, Aki Tuomi wrote: >> ssl_ca is used only for validating client certificates. > > But it was used (though not documented, IIRC) for validating server > certs, too. Since intermediate CA certs are usually valid a lot longer > than the server certs, having to concat the certs is awkward, at best. > > I would very

On 11.01.2018 13:20, Hauke Fath wrote: > On Thu, 11 Jan 2018 12:20:45 +0200, Aki Tuomi wrote: >> Was the certificate path bundled in the server certificate? > No, as a separate file, provided from the local (intermediate) CA: > > ssl_cert = </etc/openssl/certs/server.cert > ssl_key = </etc/openssl/private/server.key > ssl_ca = </etc/openssl/certs/ca-cert-chain.pem

On 28.05.2018 13:05, Hauke Fath wrote: > On 05/28/18 11:08, Aki Tuomi wrote: >> >> >> On 28.05.2018 12:06, Hauke Fath wrote: >>> On 05/21/18 17:55, Aki Tuomi wrote: >>>> ssl_ca is used only for validating client certificates. >>> >>> But it was used (though not documented, IIRC) for validating server >>> certs, too. Since

On 11/13/18 19:58, Aki Tuomi wrote: > On 13 November 2018 at 20:53 Arkadiusz Mi?kiewicz wrote: >> I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to >> dovecot 2.3.3 run with openssl 1.1.1. >> >> Currently I have both variants running with identical configs and certs >> (the only differences are due to config syntax changes in dovecot

Hi list, after about a day of operation, dovecot 1.0alpha5 (NetBSD/i386 2.1) died on me with Dec 14 10:53:52 bounce dovecot: pipe() failed: Too many open files Dec 14 10:54:23 bounce last message repeated 279661 times Dec 14 10:56:23 bounce last message repeated 1071807 times Dec 14 10:56:59 bounce last message repeated 325386 times -- any ideas on what to tune? hauke -- /~\ The ASCII

You forgot to cc the list. ssl_ca is used only for validating client certificates. ---Aki TuomiDovecot oy -------- Original message --------From: Marc Perkel <marc at perkel.com> Date: 21/05/2018 18:25 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Subject: Re: SSL error after upgrading to 2.31 On 05/21/2018 07:54 AM, Aki Tuomi wrote:

On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote: >> i thought ssl_ca is where to put the intermediate cert? Well, it surely worked that way until v2.3... > (Sorry for duplicate mail, keyboard acted up...) > > No, that has always been a mistake and it was fixed in 2.3. Our SSL > pages in documentation & wiki have always recommended concatenating >

http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz.sig This should be a good release. :) * doveconf now warns if it sees a global setting being changed when the same setting was already set inside some filters. (A common mistake has been adding more plugins to a global mail_plugins setting after it was already set inside protocol

http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz http://dovecot.org/releases/2.2/dovecot-2.2.24.tar.gz.sig This should be a good release. :) * doveconf now warns if it sees a global setting being changed when the same setting was already set inside some filters. (A common mistake has been adding more plugins to a global mail_plugins setting after it was already set inside protocol

Hi, the email status problem that I reported for Dovecot 0.99.10.5 on June 3rd does still show up in 0.99.10.6. Quoting myself: (1) When new mail is delivered to the inbox, the last read mail(s) change(s) to "unread". Clients: Eudora 6 (Mac), Mozilla 1.6 (NetBSD, Linux, Win XP), MS Outlook. (2) When you attempt to move mails from the inbox to another folder with Mozilla (1.6 on

Hi, there is an issue left in 0.99.10.5 which (I think) is a problem with imap status flags. It shows up in two places: (1) When new mail is delivered to the inbox, the last read mail changes to "unread". (2) When you move mails from the inbox to another folder with Mozilla (1.6 on win32, Linux, NetBSD), they are not removed from the inbox, effectively performing a copy instead of a

I see in the config file where I can enable syslog, but then all logging goes to the MAIL facility. I could find no reference to changing the facility:level for syslogging. Is that implemented, or planned? I know I could just write it to a file, but I'd prefer to use syslog because then I can pipe it to a central logging server.

Hello Once a day i have these errors in doveecot.log: =========================================== dovecot: Dec 16 14:06:04 Error: auth-worker(default): .Out of memory (Needed 52 bytes) dovecot: Dec 16 14:06:04 Error: auth-worker(default): sql(login,<ip>): Password query failed: MySQL client ran out of memory dovecot: Dec 16 14:06:06 Info: imap-login: Disconnected: user=<login>,

Timo, This might be a bit vague, but I have noticed that rc19 seems to have broken the read/unread/reply flags in imap. My officemate has had problems with messages that are read and marked as read then mysteriously get remarked as unread the next time email is checked. I've had problems where I reply to a message and it does not get marked as "answered". We didn't see this