similar to: Server certificate verification error with Dovecot 2.3.2.1

On Wed, 12 Sep 2018, Robert Gill wrote: > I'm attempting to upgrade my Dovecot installation to 2.3.2.1. My SSL > certificate authority provides a bundle containing their CA, plus > intermediate CAs, which I configure using the 'ssl_ca' option. The > comments in the configuration file say to only set this when you're > requiring client certificates, which I'm

Hello, I'm using a dovecot as proxy, connecting to one or more backends. The backends use X.509 certificates. The proxy's passdb returns extra fields: user=foo proxy host=backend1.<domain> ssl=yes nopassword=y Thus the proxy connects to the backend but can't verify the backends certificate. The following comment suggests using ssl_client_ca_file for

We are seeing a few (0-15) proxy failures like the following out of ~3m successful proxied connections a day. Average session creation load over our peak hour is about 47/sec. The backend servers aren't logging anything that would suggest any internal problem like insufficient processes to handle the load. It doesn't seem to happen when utilization is lowest at night. dovecot:

Hello, Currently working on migrating our existing directors from 2.1.13 to 2.2.10. In 2.2.10 when issuing the logout command on an unauthenticated connection, the connection is closed before the server sends the BYE line to the client. The new version works as expected with a non-secure connection. I will include the strace output from the imap-login process that shows the connection closing

After upgrading to 2.31 I'm getting this error. Not sure what I'm doing wrong. No (No signatures could be verified because the chain contains only one certificate and it is not self signed.) ssl = yes ssl_cert = </etc/exim/certs/ctyme.com.crt ssl_key = </etc/exim/certs/ctyme.com.key ssl_ca = </etc/exim/certs/ca.crt local mail.ctyme.com { ? protocol imap { ??? ssl_cert =

On 28.05.2018 14:30, Hauke Fath wrote: > On Mon, 28 May 2018 13:52:01 +0300, Aki Tuomi wrote: >> I'm sure. But putting it as ssl_ca makes no sense, since it becomes >> confused what it is for. > I guess - I haven't had a need for client certs, and only ever used > ssl_ca for the server ca chain. > >> We can try restoring this as ssl_cert_chain setting in

On 11 Oct 2015, at 20:04, Heiko Schlittermann <hs at schlittermann.de> wrote: > > Hello, > > I'm using a dovecot as proxy, connecting to one or more backends. > The backends use X.509 certificates. > > The proxy's passdb returns > > extra fields: > user=foo > proxy > host=backend1.<domain> > ssl=yes > nopassword=y

On Mon, 21 Sep 2015, Edgar Pettijohn wrote: > doveconf -n? doveconf -n|grep ssl should suffice: ssl = required ssl_ca = </usr/local/share/certs/ca-root-nss.crt ssl_cert = </path/to/my/file.pem ssl_key = </path/to/my/file.pem ssl_require_crl = no I'm using "ssl_ca = </usr/local/share/certs/ca-root-nss.crt" as a temporary workaround, even though this is not what

You forgot to cc the list. ssl_ca is used only for validating client certificates. ---Aki TuomiDovecot oy -------- Original message --------From: Marc Perkel <marc at perkel.com> Date: 21/05/2018 18:25 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Subject: Re: SSL error after upgrading to 2.31 On 05/21/2018 07:54 AM, Aki Tuomi wrote:

Hi all, I'm testing the SNI configuration from dovecot's wiki page, to have multiple domains. I'm using letsencrypt certificates. On the 10-ssl.conf, when I only use one domain, like this, it works : ssl_ca = </etc/letsencrypt/live/mail.mydomain.fr/chain.pem ssl_cert = </etc/letsencrypt/live/mail.mydomain.fr/cert.pem ssl_key =

I've had 2x director ring up and running with production load on 2.1.8 with around 10,000 active connections for two weeks and everything has been working great - until this morning. There isn't anything obvious in the logs beyond the fact that the director connections started bouncing. It was not resolved by reloads or restarts or an upgrade to 2.1.9 (only the directors.) I've

On Wed, 7 Aug 2019 20:24:13 +0300 (EEST), Aki Tuomi via dovecot wrote: >> i thought ssl_ca is where to put the intermediate cert? Well, it surely worked that way until v2.3... > (Sorry for duplicate mail, keyboard acted up...) > > No, that has always been a mistake and it was fixed in 2.3. Our SSL > pages in documentation & wiki have always recommended concatenating >

Greetings, The log reports that a process cannot create the needed folders. Please review and tell me what I have done wrong. dovecot 2.0.9 # 2.0.9: /etc/dovecot/dovecot.conf doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:85: protocol { ssl_listen } has been replaced by service

Never mind, I am stupid and did not read all available information. Needed to change permissions on /var/mail/* Thank You, Ken Z -----Original Message----- From: Ken Zachreson Sent: Wednesday, March 15, 2017 10:28 AM To: 'dovecot at dovecot.org' <dovecot at dovecot.org> Subject: Unable to create needed folders Greetings, The log reports that a process cannot create the needed

Hello We are looking for information on how to use Vacation auto-reply . I've read http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage and a few other pages, but have not found how to set it up. We use sogo and thunderbird . Is there a how to or document for this somewhere? This is our configuration information: dovecot -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux

> On May 31, 2017 at 6:10 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Ralf Hildebrandt <Ralf.Hildebrandt at charite.de>: > > > So I added > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > But alas: > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting in

After upgrading from 2.2.28-1~auto+45 to 2.2.29-1~auto+25 I'm gettings this: May 31 16:44:31 mproxy dovecot: auth: Fatal: passdb imap: Cannot verify certificate without ssl_ca_dir or ssl_ca_file setting May 31 16:44:31 mproxy dovecot: master: Error: service(auth): command startup failed, throttling for 8 secs May 31 16:44:31 mproxy dovecot: imap-login: Disconnected: Auth process broken

> On June 1, 2017 at 1:42 PM Ralf Hildebrandt <Ralf.Hildebrandt at charite.de> wrote: > > > * Aki Tuomi <aki.tuomi at dovecot.fi>: > > > > > So I added > > > > ssl_ca_file = /etc/ssl/certs/ca-certificates.crt > > > > > > > > But alas: > > > > May 31 16:50:24 mproxy dovecot: config: Warning: Obsolete setting