similar to: Do we need ssl_dh_parameters_length in version 2.3

On 2017-03-10 23:22, Christian Kivalo wrote: > Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob <mrobti at insiberia.net>: >> >>>> We have a need for some users to have an additional folder created >> and >>>> subscribed for them. >>>> >>>> Is is possible to return an override for the default "namespace >> inbox"

On 2017-03-13 19:31, MRob wrote: > On 2017-03-10 23:28, MRob wrote: >> On 2017-03-10 23:22, Christian Kivalo wrote: >>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob <mrobti at insiberia.net>: >>>> >>>>>> We have a need for some users to have an additional folder created >>>> and >>>>>> subscribed for them.

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

I know there's a couple third party repos offering PHP 7 for Centos. I prefer not to add too much third party that I don't have to and PHP 7 has been mainstream for some time now, I thought maybe it would be in EPEL by now. What is the most recommended and stable way to get an up to date PHP on Centos 7?

https://wiki.dovecot.org/SSL/DovecotConfiguration says: "Since v2.3.3+ Diffie-Hellman parameters have been made optional, and you are encouraged to disable non-ECC DH algorithms completely." and a bit later: "From version 2.3, you must specify path to DH parameters file using ssl_dh=</path/to/dh.pem" So. 1. Is ssl_dh an optional or a must? 2. I've disabled ssl_dh

On 14.03.2017 05:57, MRob wrote: > On 2017-03-13 13:40, Aki Tuomi wrote: >> On 2017-03-13 19:31, MRob wrote: >>> On 2017-03-10 23:28, MRob wrote: >>>> On 2017-03-10 23:22, Christian Kivalo wrote: >>>>> Am 11. M?rz 2017 08:04:28 MEZ schrieb MRob <mrobti at insiberia.net>: >>>>>> >>>>>>>> We have a need for

PowerDNS supports CAA records beginning with version 4.0, but the pdns package in EPEL for most recent centos versions is stuck at around version 3.4 (3.4.11 is what I have). Do I have no other choice but to manually compile and maintain my own pdns installation? I prefer to avoid this but I need up-to-date features. Perhaps there is a PowerDNS specific work-around? Maybe the EPEL

Hi, I originally picked mdbox because I had the impression from reading about it on the mailing list that it was more performant and that it would conserve disc space. But lately i found mailboxes have nearly double the storage as reported. I mean, IMAP QUOTA reports around 900MB for one account that has over 2GB when I inspect the mail location of the user using the linux command `du`

List, good afternoon, I was reading up on a TLS Diffie Hellman protocol weakness described here https://weakdh.org/sysadmin.html which is similar to the earlier FREAK attack, and can result in downgrade of cipher suites. Part of the solution workaround that the researchers describe for Dovecot here https://weakdh.org/sysadmin.html includes altering DH parameters length to 2048, and

I did that the last time one year ago, now on another machine with the same software (Ubuntu 16.04) it fails. openssl dhparam 4096 > /var/lib/dovecot/ssl-parameters.dat dd if=/var/lib/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /etc/dovecot/dh.pem last command fails with 681+0 records in 681+0 records out 681 bytes copied, 0,00278343 s, 245 kB/s unable to load

>> We have a need for some users to have an additional folder created and >> subscribed for them. >> >> Is is possible to return an override for the default "namespace inbox" >> containing the needed mailbox definitions in the userdb lookup for >> such users? If so, how would the userdb lookup result be formatted? >> Presumably as > >

on centos 7 I tried to install banshee from EPEL yum install banshee gotting this error: Error: Package: banshee-2.6.2-11.el7.x86_64 (epel) Requires: libgpod-sharp >= 0.8.2 You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest seems known problem but ignored to fix it in a year or more:

How can I query the current pigeonhole version from a running instance to verify it is what I expect? Possible to get `dovecot --version` to show things like that?

Based on the recent found weaknesses in DH key exchange, http://weakdh.org/ I increased ssl_dh_parameters_length to 2048 bits, and found waited for 5+ minutes for dovecot to come back online after a restart. Unless you got a fast machine, the initialization of DH parameters can exceed your patience. Regeneration may not be a problem (if ssl_parameters_regenerate=0 or if Dovecot uses old

> On 19 August 2018 at 20:55 Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > > On 19 August 2018 at 19:38 Kai Schaetzl <maillists at conactive.com> wrote: > > > > > > Aki Tuomi wrote on Sun, 19 Aug 2018 18:21:31 +0300: > > > > > Just generate new parameters on some machine with good entropy source. > > > > So, if

On Wed, Nov 27, 2019 at 11:31 AM Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > On 27/11/2019 21:28 Mark Moseley via dovecot <dovecot at dovecot.org> > wrote: > > > > > > On Tue, Nov 26, 2019 at 11:22 PM Aki Tuomi via dovecot < > dovecot at dovecot.org> wrote: > > > > > > On 21.11.2019 23.57, Marc Roos via dovecot

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 16 June 2019 15:47 Marvin Gülker via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div>

I have to manage 2 different domains, with 1 ssl certificate each, but I don't know how to configure them. I tried this example: "Different certificates per IP and protocol" http://wiki2.dovecot.org/SSL/DovecotConfiguration but I got this error: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set I dont find any documentation

Is it possible to configure a network for a cert instead of an ip? Something like this: local 192.0.2.0 { ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem } Or local 192.0.2.0/24 { ssl_cert = </etc/ssl/dovecot/imap-02.example.com.cert.pem ssl_key = </etc/ssl/dovecot/imap-02.example.com.key.pem }

Dear Dovecot lovers! When starting Dovecot 1.x the first time, it runs "ssl-build-params" to generate a file named "ssl-parameters.dat". This takes a couple of minutes. During this time users have no access to their mail, but this can be planned in advance and users can be notified. This is explained in http://wiki.dovecot.org/SSL/DovecotConfiguration With Dovecot 2.0.rc4,