similar to: Collecting S/MIME Certs from (incoming signed) E-Mails

On 03/22/2018 09:34 AM, Aki Tuomi wrote: >>> I have no idea why you would have nopassword=y set in the first >>> place, so it seems the simplest way to eliminate this problem is to >>> take that out and have a secure environment for sending mail. >> >> Yes, however, for SOGo with Native Outlook compatibility or SAML >> logon, the config is required.

Hello everyone, I work in a setting where remote logins are usually authenticated with SSH user keypairs, but many target accounts need to have a password set nonetheless (to use with sudo, log in via remote KVM, etc.) and cannot be put under a central user administration like LDAP. Enter a corporate password policy that requires passwords to be complex, different everywhere, and of limited

On 10/25/2017 12:58 PM, Heiko Schlittermann wrote: > We could create new "role" users, share the password and create an > additional account within the mail client (thunderbird) they use. From > users perspective it is exactly what they want. But I dislike the idea > of sharing the password. For what reason exactly? It not being personalized, too easy to leak, potentially

On 04.12.24 19:47, Brian Candler wrote: > debug1: Offering public key: /Users/brian/.ssh/id_rsa RSA [...] > debug1: send_pubkey_test: no mutual signature algorithm <<<< *THIS* > > I wonder if there could there be some way to highlight the "no mutual > signature algorithm" message more prominently in normal operation? Wouldn't the extra output, even in

On 06.07.23 23:37, MCMANUS, MICHAEL P wrote:> So changing the forced command as stated will break the application. I > would need to create a test bed to simulate the listener rather than > use the server as is, where is. That may produce false or misleading > results. Since the forced command is tied to the specific keypair in the authorized_keys, you could -- test with a different

On 11/17/2016 08:48 AM, Steve Litt wrote: > When I use an email client, its purpose is as a window into my Dovecot > IMAP, and as a mechanism to reply to and send emails. I don't do > filtering or calendaring on my email client (filtering via procmail > direct to Dovecot). > > What email clients are all of you using to look at your IMAP email? Plaintext or HTML mails?

On 05/16/2018 06:07 AM, Aki Tuomi wrote: >> On 15 May 2018 at 22:43 Gandalf Corvotempesta <gandalf.corvotempesta at gmail.com> wrote: >> Is possible to implement and end-to-end encryption with dovecot, where >> server-side there is no private key to decrypt messages? > > You could probably automate this with sieve and e.g. GnuPG, which would mean > that all your

On 12/15/2018 12:34 AM, @lbutlr wrote: > On 14 Dec 2018, at 16:30, @lbutlr <kremels at kreme.com> wrote: >> Is it possible to override the POP3 delete on download command and make >> sure that messages stay on the server for at least X hours or X days? >> It is important that the messages be around long enough to hit a snapshot >> cycle (using rsnapshot to backup

Hello everyone, I would like pointers on how to analyze the following situation, please: I'm running one test and one production dovecot IMAPS server for one of our platforms. The clients are essentially appliances we distribute, auth by client cert, virtual users only, mailboxes in maildir format: > auth_ssl_require_client_cert = yes > auth_ssl_username_from_cert = yes >

On 27.06.24 06:34, Henry Qin wrote: > *Specific use cases:* > 1. Combine sshd on an unprivileged port with kubectl port-forward to > replace kubectl exec for shelling into containers running in a secure > Kubernetes environment. Kubectl exec does not kill processes on disconnect, > and does not support remote port forwarding, while ssh does both of these > things. > 2. Run an

On 26.10.20 17:45, Mihai Badici wrote: > So I guess it is not trivial to sort again all the mails and > deliver each one in a mailbox after you mixed all together in a single > catchall mailbox. Could be done for sure but it is some work to do...? Determining the intended recipient of a specific *copy* of an e-mail (info contained in the envelope) from that copy *after* "final"

On 09/11/2018 08:20 PM, Kai Schaetzl wrote: > I have to disable mail acceptance for example1.com. > If not, mail sent *from* that server (e.g. from a web form) to that domain > will not leave the server. > However, if I disable example1.com for mail dovecot lmtp will not deliver > mail to this mail box anymore, although the mailbox still exists. First and foremost, you are

On 12/05/2018 06:57 PM, admin (@awib.it) wrote: > I have a group alias (all at company.com). > (1) Only company.com accounts should be able to send an email to > everybody in that company via all at company.com. Do you have a means to identify "some suitable account was used" - as opposed to a trivially forged sender address - *other* than by watching the actual MUA-to-MSA

On 24.08.24 03:16, Dave Close wrote: > Damien Miller wrote: >> This is ssh trying to connect to $SSH_AUTH_SOCK, perhaps JuiceSSH's >> agent that you've forwarded. > > No need to fix JuiceSSH. It's authors ignore all contact anyway. Fixed > on my system with a simple bash command: > "alias xssh="unset SSH_AUTH_SOCK; ssh". [scratches head]

On 02/20/2019 07:51 AM, Mark D. Baushke wrote: > There are too just many cases where both OpenSSH interoperating with > itself as well as other SSH implementations have needed this version > number to properly deal with bugs in the code via negitations. FWIW, and without dismissing the possibility of fingerprinting a server in other ways, the fact that clients that *can* pass

Hi Jochen, On Wed, 12 Feb 2020 at 00:16, Jochen Bern <Jochen.Bern at binect.de> wrote: > > On 02/11/2020 07:07 PM, Cl?ment P?ron wrote: > > - I have X devices (around 30) and one SSH server > > - Each of them have a unique public key and create one dynamic reverse > > port forwarding on the server > > - All of them connect with the same UNIX user (I don't

On 21.10.24 20:26, Chris Green wrote: > I have a small LAN at home with nine or ten systems on it running > various varieties of Linux. I 'do things' on the LAN either from my > dekstop machine or from my laptop, both run Xubuntu 24.04 at the > moment. > > There's a couple of headless systems on the LAN where login security > is important to me and I've been

On 24.10.24 02:06, Mabry Tyson wrote: > I [...] sent mail to openssh at openssh.com but the mail was not delivered. > 24 hours after I sent email to that address, I got a DSN indicating > >> Remote server returned '550 5.4.300 Message expired -> 451 Temporary >> failure, please try again later.' ... yeaaahhh whatever it takes to convince the MX that it's *not*

On 24.02.23 12:58, Keine Eile wrote: > does any one of you have a best practice on renewing ssh host keys on > cloned machines? > I have a customer who never thought about that, while cloning all VMs > from one template. Now all machines have the exact same host key. > My approach would be to store a machines MAC address(es). Then when > starting the sshd.service, check if

On 04.07.24 01:41, Manon Goo wrote: > - some users private keys are lost Then you go and remove the corresponding pubkeys from wherever they're configured. Seriously, even if you do not scan which pubkey is configured where *now* (as is part of our usual monitoring), it'll be your "number <3" task *then* to go hunt it down. > And you want to lock down the sshd