Displaying 20 results from an estimated 3000 matches similar to: "Do we need ssl_dh_parameters_length in version 2.3"
2017 Mar 11
3
Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?]
On 2017-03-10 23:22, Christian Kivalo wrote:
> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob <mrobti at insiberia.net>:
>>
>>>> We have a need for some users to have an additional folder created
>> and
>>>> subscribed for them.
>>>>
>>>> Is is possible to return an override for the default "namespace
>> inbox"
2017 Mar 13
2
Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?]
On 2017-03-13 19:31, MRob wrote:
> On 2017-03-10 23:28, MRob wrote:
>> On 2017-03-10 23:22, Christian Kivalo wrote:
>>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob <mrobti at insiberia.net>:
>>>>
>>>>>> We have a need for some users to have an additional folder created
>>>> and
>>>>>> subscribed for them.
2019 Jun 16
2
Self-signed TLS client certificates
Dear List,
I self-host my e-mail and run Dovecot since ever I do that. Dovecot
version is 2.3.4.1 (f79e8e7e4), running on Debian testing.
Now I am trying to configure Dovecot for client TLS certificates. I have
a self-signed certificate whose private key resides on a smartcard
(Yubikey, to be exact). I wanted Dovecot to accept that TLS client
certificate instead of a password. So I searched and
2019 Apr 15
9
Recommended PHP 7 source for Centos 7
I know there's a couple third party repos offering PHP 7 for Centos. I
prefer not to add too much third party that I don't have to and PHP 7
has been mainstream for some time now, I thought maybe it would be in
EPEL by now.
What is the most recommended and stable way to get an up to date PHP on
Centos 7?
2019 Mar 16
3
ssl_dh
https://wiki.dovecot.org/SSL/DovecotConfiguration says:
"Since v2.3.3+ Diffie-Hellman parameters have been made optional, and
you are encouraged to disable non-ECC DH algorithms completely."
and a bit later:
"From version 2.3, you must specify path to DH parameters file using
ssl_dh=</path/to/dh.pem"
So.
1. Is ssl_dh an optional or a must?
2. I've disabled ssl_dh
2017 Mar 14
1
Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?]
On 14.03.2017 05:57, MRob wrote:
> On 2017-03-13 13:40, Aki Tuomi wrote:
>> On 2017-03-13 19:31, MRob wrote:
>>> On 2017-03-10 23:28, MRob wrote:
>>>> On 2017-03-10 23:22, Christian Kivalo wrote:
>>>>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob <mrobti at insiberia.net>:
>>>>>>
>>>>>>>> We have a need for
2017 Dec 08
2
CAA records using PowerDNS from EPEL
PowerDNS supports CAA records beginning with version 4.0, but the pdns
package in EPEL for most recent centos versions is stuck at around
version 3.4 (3.4.11 is what I have).
Do I have no other choice but to manually compile and maintain my own
pdns installation? I prefer to avoid this but I need up-to-date
features.
Perhaps there is a PowerDNS specific work-around? Maybe the EPEL
2019 Feb 03
2
Multi-dbox storage space
Hi, I originally picked mdbox because I had the impression from reading
about it on the mailing list that it was more performant and that it
would conserve disc space.
But lately i found mailboxes have nearly double the storage as reported.
I mean, IMAP QUOTA reports around 900MB for one account that has over
2GB when I inspect the mail location of the user using the linux command
`du`
2015 May 26
6
FREAK/Logjam, and SSL protocols to use
List, good afternoon,
I was reading up on a TLS Diffie Hellman protocol weakness described here
https://weakdh.org/sysadmin.html
which is similar to the earlier FREAK attack, and can result in
downgrade of cipher suites.
Part of the solution workaround that the researchers describe for
Dovecot here
https://weakdh.org/sysadmin.html
includes altering DH parameters length to 2048, and
2018 Aug 19
2
creation of ssl-parameters fails
I did that the last time one year ago, now on another machine with the
same software (Ubuntu 16.04) it fails.
openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat
dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam
-inform der > /etc/dovecot/dh.pem
last command fails with
681+0 records in
681+0 records out
681 bytes copied, 0,00278343 s, 245 kB/s
unable to load
2017 Mar 11
2
Auto create & subscribe folder from Userdb [Was: Users with extra mailbox: namespace/mailbox in userdb lookup?]
>> We have a need for some users to have an additional folder created and
>> subscribed for them.
>>
>> Is is possible to return an override for the default "namespace inbox"
>> containing the needed mailbox definitions in the userdb lookup for
>> such users? If so, how would the userdb lookup result be formatted?
>> Presumably as
>
>
2018 Oct 02
1
How to install Banshee on CentOS 7?
on centos 7 I tried to install banshee from EPEL
yum install banshee
gotting this error:
Error: Package: banshee-2.6.2-11.el7.x86_64 (epel)
Requires: libgpod-sharp >= 0.8.2
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
seems known problem but ignored to fix it in a year or more:
2016 Dec 04
1
Show pigeonhole version?
How can I query the current pigeonhole version from a running instance
to verify it is what I expect?
Possible to get `dovecot --version` to show things like that?
2015 Nov 04
1
ssl-params: slow startup (patch for consideration)
Based on the recent found weaknesses in DH key exchange,
http://weakdh.org/
I increased ssl_dh_parameters_length to 2048 bits, and found waited
for 5+ minutes for dovecot to come back online after a restart.
Unless you got a fast machine, the initialization of DH parameters can
exceed your patience.
Regeneration may not be a problem (if ssl_parameters_regenerate=0 or if
Dovecot uses old
2018 Aug 19
2
creation of ssl-parameters fails
> On 19 August 2018 at 20:55 Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
>
>
> > On 19 August 2018 at 19:38 Kai Schaetzl <maillists at conactive.com> wrote:
> >
> >
> > Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300:
> >
> > > Just generate new parameters on some machine with good entropy source.
> >
> > So, if
2019 Nov 27
1
Cert for ip range?
On Wed, Nov 27, 2019 at 11:31 AM Aki Tuomi <aki.tuomi at open-xchange.com>
wrote:
>
> > On 27/11/2019 21:28 Mark Moseley via dovecot <dovecot at dovecot.org>
> wrote:
> >
> >
> > On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot <
> dovecot at dovecot.org> wrote:
> > >
> > > On 21.11.2019 23.57, Marc Roos via dovecot
2019 Jun 16
0
Self-signed TLS client certificates
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 16 June 2019 15:47 Marvin Gülker via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
2011 Jun 27
2
Per IP ssl certificates
I have to manage 2 different domains, with 1 ssl certificate each, but I don't
know how to configure them.
I tried this example:
"Different certificates per IP and protocol"
http://wiki2.dovecot.org/SSL/DovecotConfiguration
but I got this error:
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl
enabled, but ssl_cert not set
I dont find any documentation
2019 Nov 21
2
Cert for ip range?
Is it possible to configure a network for a cert instead of an ip?
Something like this:
local 192.0.2.0 {
ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
}
Or
local 192.0.2.0/24 {
ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem
ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem
}
2010 Aug 05
1
Dovecot 2.0.rc4 not generating ssl-parameters.dat on first start
Dear Dovecot lovers!
When starting Dovecot 1.x the first time, it runs "ssl-build-params"
to generate a file named "ssl-parameters.dat". This takes a couple
of minutes. During this time users have no access to their mail,
but this can be planned in advance and users can be notified.
This is explained in http://wiki.dovecot.org/SSL/DovecotConfiguration
With Dovecot 2.0.rc4,