similar to: Hello some help on login users saying it's disabled

> On 26 May 2019 00:34 Remo Mattei via dovecot <dovecot at dovecot.org> wrote: > > > Hello I am experiencing some strange issue with the dovecot, the web round cube works fine but when I try to connect with an iPhone over IMAP IMAPs it tells me that the account is disabled. > > Please advice here is what I see in the logs: > > snip.. > > And the

Hello I am experiencing some strange issue with the dovecot, the web round cube works fine but when I try to connect with an iPhone over IMAP IMAPs it tells me that the account is disabled. Please advice here is what I see in the logs: May 25 14:30:32 imap-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=172.10.163.251, lip=208.53.44.237,

Robert Wolf wrote: >> else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you >> have enabled something like cram-md5. > > Hi, > > exactly, this is the reason, why plain-text is still needed. You don't need > encryption for authentication, if you have secure authentication. Without > knowing original password, the MITM cannot generate correct hash

Gary <lists at lazygranch.com> writes: > If I read this correctly, starttls will fail due to the MITM attack. > That is the client knows security has been compromised. I'm not sure what you man by "fail". STARTTLS is prone to MITM attacks if a client has not been configured to refuse non-STARTTLS/SSL sessions. For clients that will allow both secured and plaintext

Lest anyone think STARTTLS MITM doesn't happen, https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Not only for security, I prefer port 993/995 as it's just plain simpler to initiate SSL from the get-go rather than to do some handshaking that gets you to the same point. Joseph Tam <jtam.home at gmail.com>

On Oct 11, 2019, at 2:00 PM, Joseph Tam <jtam.home at gmail.com> wrote: > On Fri, 11 Oct 2019, @lbutlr wrote: > >>>> Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts in 33 secs): user=<myuser at covisp.net>, xx.xx.xx.xx, PLAIN, TLS >> >> This turns out to have been caused by the MUA attempting to connect to >> port 25

Hi, This is just a quick note to state that the recently reported SSL/TLS MITM attack[1] *does not* affect SSH. Like SSL/TLS, SSH supports key and parameter renegotiation, but it is not vulnerable because a session identifier is carried over from the first key exchange into all subsequent key exchanges. Technical details: In SSL, key exchanges and subsequent renegotiations are completely

Sent from my iPhone > On 14 Aug 2017, at 13:03, Alef Veld <alefveld at outlook.com> wrote: > > Hey Mike. > The iPhone and MacBook started working, but the two remaining iMacs still have problems. It's really weird. But if the first 2 are working it MUST be something local right? > > I removed the servers and re-added but no go. Maybe I'll need to remove the plist

On Fri, 11 Oct 2019, @lbutlr wrote: >>> Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts in 33 secs): user=<myuser at covisp.net>, xx.xx.xx.xx, PLAIN, TLS > > This turns out to have been caused by the MUA attempting to connect to > port 25 (despite clearly showing port 587 in the MUA settings). Thanks > to Mac/iOS account syncing, merely trying

HotSlots Webmaster <webmaster at hotslots132.com> writes: > I have had Dovecot working fine with SSL for nearly two years now. It's > time to renew the SSL certificate, so I did (same CA). The new > certificate works fine in Apache and Postfix. But when I update Dovecot > to use the same certificate, and restart the server, Dovecot stops > responding to connects. > ...

Adi Pircalabu writes: > For us it is, we're periodically getting hammered by iOS devices that > try to open 300+ simultaneous IMAP connections for a single user from > the same IP, while the average hovers usually below 50 for the busier > mailboxes with many folders. Oh yeah, I've seen this. I think this happens when someone does a global pattern search, which causes the

I deleted the certificate already, but I think it only uses that for imap/dovecot. I don't think it actually stores one for smtps (or am I not talking sense here). Sent from my iPhone > On 10 Aug 2017, at 23:25, Joseph Tam <jtam.home at gmail.com> wrote: > > >> On Thu, 10 Aug 2017, Larry Rosenman wrote: >> >> Which mail client on iOS? > > Sorry,

See comment in context below: On Fri, 2019-10-11 at 19:26 -0600, @lbutlr via dovecot wrote: > On Oct 11, 2019, at 2:00 PM, Joseph Tam <jtam.home at gmail.com> wrote: > > On Fri, 11 Oct 2019, @lbutlr wrote: > > > >>>> Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts in 33 secs): user=<myuser at covisp.net>, xx.xx.xx.xx, PLAIN, TLS

On 29/05/20 11:27 pm, mj wrote: > Thanks to all who participated in the interesting discussion. > > It seems my initial thought might have been best after all, and > discontinuing port 143 might be the safest way proceed. Yes and no. Some of the attack vectors mentioned are not reasonable and it really depends on the client. Thunderbird, for example, used to have settings for

Alef Veld writes: >> I'm wondering if there is any cache for a certificate or something, my >> maillog shows up something like 10 bytes read, -1. So it returns an >> error. I deleted the accounts and created them again, still no go. >> >> Anyone had anything similar before? On top of the usual mail set up problems (and it appears to be some SSL/STARTLS port

After setting imap_hibernate_timeout to 60s, I could not find any hibernated connections after a few hours. I tested hibernation and made an observation: IDLE'd imap sessions only hibernate if they don't have a mailbox SELECT'd, otherwise they never hibernate. Is this the way it's supposed to work? Joseph Tam <jtam.home at gmail.com>

>> Lest anyone think STARTTLS MITM doesn't happen, >> >> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/ Right, the attack does happen, but it can be prevented by properly configuring the server and client. >> Not only for security, I prefer port 993/995 as it's just plain >> simpler to initiate SSL from the get-go

Kenneth Porter <shiva at sewingwitch.com> writes: > Thanks. Some digging indicates that this is equivalent to doveadm reload. > Both paths ultimately send a SIGHUP to the server which initiates a full > reload of the configuration. > > I'll be combining this with a restart of sendmail. Alas, I don't see a way > to get it to reload its configuration. Should be the

> On 18 Oct 2015, at 20:25, Timo Sirainen <tss at iki.fi> wrote: > > On 18 Oct 2015, at 05:20, Joseph Tam <jtam.home at gmail.com> wrote: >> >> >> After setting imap_hibernate_timeout to 60s, I could not find any >> hibernated connections after a few hours. I tested hibernation and made >> an observation: IDLE'd imap sessions only

On 12/16/18 7:52 AM, Tributh via dovecot wrote: > > > Am 16.12.18 um 12:13 schrieb Michael A. Peters: >> Hi, for those who have adopted ECDSA, >> >> Are there still any commonly used IMAPS/POP3S clients that still can not >> handle ECDSA certificates? >> >> I know you can set up Dovecot dor dual cert, I am just trying to >> determine if there