similar to: replication fails and corrupts index with zlib enabled

I just added an ECDSA certificate to my mail server using ssl_alt_cert (the RSA certificate is specified by ssl_cert), both certificate files contain the certificate and a single intermediate (which currently happens to be the same intermediate from Let?s Encrypt). When connecting to the server using either RSA or ECDSA ciphers, the server sends the proper certificate, but also sends two

my ERROR.log show: [2020-06-28 07:54:24] INFO main/main.c Icecast 2.4.4 server started [2020-06-28 07:54:24] DBUG yp/yp.c Updating YP configuration [2020-06-28 07:54:24] INFO yp/yp.c YP update thread started [2020-06-28 07:54:24] INFO connection/connection.c SSL certificate found at icecast.pem [2020-06-28 07:54:24] INFO connection/connection.c SSL using ciphers

> On April 27, 2017 at 8:12 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Hi, > To default dovecot.conf file I added (based on found documentation): > ssl = required > disable_plaintext_auth = yes #change default 'no' to 'yes' > ssl_prefer_server_ciphers = yes > ssl_options = no_compression > ssl_dh_parameters_length = 2048 >

> On April 27, 2017 at 10:55 AM Poliman - Serwis <serwis at poliman.pl> wrote: > > > Thank You for answers. But: > 1. How should be properly configured ssl_cipher_list? ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW at STRENGTH To disable non-EC DH, use: ssl_cipher_list =

Hi, I have noticed the 'ssl_cipher_list' directive in the 1.0-test snapshots which is not in 0.99. It's default value seems to be "all:!low". However, this would not be compatible with openssl's cipher listing format. Thus, I would vote to change it's format to be openssl compatible. To be compatible, it has to be changed to "ALL:!LOW" (just upercased in

You probably need to increase ulimit -n Aki On 23.08.2017 14:10, Patrick Westenberg wrote: > Hi @all, > > after re-installing one of my two frontends/proxy-servers I get the > following error messages after some time (sometimes after 1h, sometimes > after 24h): > > > 11:23:55 imap-login: Error: socketpair() failed: Too many open files > 11:23:55 imap-login: Error:

Hello, are you using systemd? May be you have to edit unit-file for dovecotservice and increase filelimit LimitNOFILE=infinity Hajo Am 23.08.2017 um 14:21 schrieb Patrick Westenberg: > I haven't done this on the old, working machine. > > So there must be a difference between Debian 7 and 9 how open files are > handled? > > Regards > Patrick > > > > Aki

I have been reading up on TLS and Dovecot and came across this URL: https://www.weakdh.org/sysadmin.html which recommended these settings for Dovecot. I would like to know if they are correct? Some much documentation on the web is pure garbage. Dovecot These changes should be made in /etc/dovecot.conf Cipher Suites

On Thu, Mar 10, 2016 at 12:30 PM, Osiris <dovecot at flut.demon.nl> wrote: > On 09-03-16 13:14, djk wrote: >> On 09/03/16 10:44, Florent B wrote: >>> Hi, >>> >>> I don't see any SSL configuration option in Dovecot to disable >>> "Client-initiated secure renegotiation". >>> >>> It is advised to disable it as it can

On Sat, 2018-12-08 at 11:03 +0100, Marco Fioretti wrote: > Greetings, > I have had to reinstall my email server on another Linux (centos 7.6) > VPS, with a newer version of dovecot, other software and a brand new > letsencrypt certificate just for email withpostfix and dovecot (that > certificate works fine with postfix). Output of dovecot --version and > dovecot -n on the new

On 10 Jun 2020, at 23:19, @lbutlr <kremels at kreme.com> wrote: > On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote: >> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum. > > Apologies, I did not see the attachments. Will look on a real screen later. Looks like your main

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =

Am 11.06.20 um 18:08 schrieb @lbutlr: > On 10 Jun 2020, at 23:19, @lbutlr <kremels at kreme.com> wrote: >> On 10 Jun 2020, at 23:18, @lbutlr <kremels at kreme.com> wrote: >>> IF it?s not permissions you need to provide doveconf -n output. Bloglines for any fall, panic, or error level events at a minimum. >> >> Apologies, I did not see the attachments. Will

I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test still gives errors: Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Apr 27 08:55:07

Hi all; I've upgraded a ring of dovecot directors from 2.2.15 to 2.2.36. After the upgrade I've got some instability: a few time per day per server, seemly at random, the auth process stop responding and the clients cannot authenticate any more: Sep 6 14:45:51 imap-front13 dovecot: pop3-login: Warning: Auth process not responding, delayed sending initial response (greeting):

> For more clarity I also attach the content of > "/etc/dovecot/conf.d/15-mailboxes.conf" > > > # mailbox Junk { > # special_use = \Junk > # } > # mailbox Trash { > # special_use = \Trash > # } > mailbox INBOX/Junk { > auto = subscribe > special_use = \Junk > } > mailbox INBOX/Trash { > auto = subscribe >

Hello! I run dovecot for many years now, but today it ran into a bug I've never seen before. Searching the archives, this bug seems to occur very seldom. The current server installation & configuration is running since mid 2015, uptime of the server today is more than two months. It is a virtual machine in a data center, debian 7 / reiserfs, 'dovecot -n' output below. Just

Internal PCI Scan on Tenable.io website. Of course after register account. 2017-04-30 9:11 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > What kind of test are you running? > > Aki > > > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> > wrote: > > > > > > I turned of ssl_cipher_list in dovecot.conf file (so it's

Dear libvirt team, we a currently in a pci-dss certification process and our security scanner found weak ciphers in the vlc_tls service on our centos6 box: When I scan using sslscan I can see that sslv3 and rc4 is accepted: inf0rmix@tardis:~$ sslscan myhost:16514 | grep Accepted Accepted SSLv3 256 bits DHE-RSA-AES256-SHA Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128

I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? My config (default passdb block and auth_mechanisms, nothing more changed): root at vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d