similar to: changing cipher for imap clients

Thank You for answers. But: 1. How should be properly configured ssl_cipher_list? 2. Ok, removed !TLSv1 !TLSv1.1. 3. Strange thing with ssl_protocols and ssl_cipher_list, because on older server on Ubuntu 14.04 LTS, dovecot 2.2.9 and postfix 2.11.0 these two lines looks exactly this same and no errors in mail.err file and mailes works without any problem. 4. No, currently I don't use LMTP.

Cipher list which You post provide better compatibility or security than those which I currently have? On older software version these cipher list works well and not generate any errors when I run Internal PCI scan test from https://cloud.tenable.com for another server. But for new server with newer software during test I got errors in mail.err. 2017-04-27 10:00 GMT+02:00 Aki Tuomi <aki.tuomi

What kind of test are you running? Aki > On April 27, 2017 at 12:00 PM Poliman - Serwis <serwis at poliman.pl> wrote: > > > I turned of ssl_cipher_list in dovecot.conf file (so it's default) but test > still gives errors: > Apr 27 08:55:06 serwer-1 dovecot: pop3-login: Error: SSL: Stacked error: > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown

Problem: We had Dovecot v2.2 working just fine under openSUSE Leap 42.3. But we upgraded openSUSE to Leap 15.0. In the process, Dovecot got upgraded from 2.2 to 2.3.1. It no longer works and I haven't figured out how to downgrade to the older working version. The key issue seems to be the change to requiring dh.pem and changing s sl_protocols to ssl_min_protocols.?I think I've navigated

CentOS 7 Dovecot 2.2.36 Nov 14 07:13:08 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=73.0.0.0, lip=192.64.118.242, TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher, session=<> Was working fine for over a year, until the cert expired and I replaced it. I've tried the good cert I have for

According to https://cipherli.st/ > ssl = yes > ssl_cert = </etc/dovecot.cert > ssl_key = </etc/dovecot.key > ssl_protocols = !SSLv2 !SSLv3 > ssl_cipher_list = AES128+EECDH:AES128+EDH > ssl_prefer_server_ciphers = yes # >Dovecot 2.2.6 > Is what you want. Ok, so I have changed my ssl_cipher_list to: ssl_cipher_list = AES128+EECDH:AES128+EDH Before I made this change

Hi, Have anyone else experienced problems using Dovecot with the mail app in beta releases of iOS/iPadOS 13? TLS is failing for my, it have worked fine for years and I am on the latest Dovecot version now, it works fine with older clients but not with the ones upgraded: Sep 04 19:49:16 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization Sep 04 19:49:16 imap-login: Debug:

On 12/2/2014 1:32 AM, Reindl Harald wrote: > > Am 02.12.2014 um 06:44 schrieb Will Yardley: >> On Mon, Dec 01, 2014 at 09:27:48PM -0800, Darren Pilgrim wrote: >>> On 12/1/2014 4:43 PM, Will Yardley wrote: >>>> Can you use both ssl_protocols *and* ssl_cipher_list in the same config >>>> (in a way that's sane)? >>> >>>> Is there a

Hello, I have 2 Dovecot 2.3.8 servers running SSL with valid wildcard certificates. Email clients connect fine, https://www.immuniweb.com/ssl/ tests show certificates are ok. However I can't make replication work when I add ssl = yes. Without ssl it works ok. I added verbose_ssl in config and error log shows: dovecot: doveadm(149.x.x.x): Error: SSL handshake failed: SSL_accept()

Am 07.02.2015 um 04:47 schrieb Reindl Harald: > > Am 06.02.2015 um 23:13 schrieb SW: >> According to https://cipherli.st/ >>> ssl = yes >>> ssl_cert = </etc/dovecot.cert >>> ssl_key = </etc/dovecot.key >>> ssl_protocols = !SSLv2 !SSLv3 >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> ssl_prefer_server_ciphers = yes #

> On 15/03/2023 13:12 EET Dejan <me at dejanstrbac.com> wrote: > > > > lmtp_save_to_detail_mailbox = yes > > Plus-delivery conflicts with existing, reserved files such as > "subscriptions": > > Message for kim+subscriptions@ results in: > > lmtp(kim@***.com)<14493><SK7sEvaHEWSdOAAAvAYmHA>: Error: >

> On 28/10/2019 16:12 Fourhundred Thecat via dovecot <dovecot at dovecot.org> wrote: > > > When my client connects, I see this in my log: > > dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 > bits) > > Whereas, when client connects to my postfix server, I see: > > Anonymous TLS connection established from * TLSv1 with cipher

> On 4 Sep 2019, at 16.38, R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> passdb { >> args = /etc/dovecot/master-users >> driver = passwd-file >> master = yes >> pass = yes >> } >> passdb { >> args = /etc/dovecot/dovecot-ldap.conf.ext >> driver = ldap >> } >> ... >> protocol sieve { >> passdb

Dear dovecot developers, I have an issue with the Pigeonhole IMAPSieve Plugin and the order in which administrator scripts are executed. Although I cannot find anything about the order in which the scripts are executed, I would expect they are executed in the order they are defined: the one defined by imapsieve_mailbox1_* before the one defined by imapsieve_mailbox2_* in case both match. I

Hi Folks, after adding TLSv1.2 to by TLS options a lot of Outlook users complaint about connection errors, openssl s_client and Thunderbird works fine. I found some posts about this but none of them had a real solution on this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 ssl_cert = </var/qmail/control/servercert.pem

Hi, To default dovecot.conf file I added (based on found documentation): ssl = required disable_plaintext_auth = yes #change default 'no' to 'yes' ssl_prefer_server_ciphers = yes ssl_options = no_compression ssl_dh_parameters_length = 2048 ssl_cipher_list =

Dovecot -n and version present at the bottom of the email for legibility. System is a Debian 10 + Virtualmin hosting setup for my domains ------------------------------------------------------------------- Hello everyone, my first post. Sorry for the long and confusing post, I'm pretty new to dovecot other than basic functionality. I recently in the last week went through the documentation

> On 2019-10-28 15:36, Aki Tuomi wrote: > Also, you could try the *default* cipher list (unset ssl_cipher_list), which is reasonable. Also make sure you have 'ssl_prefer_server_ciphers=yes', so that the server-side priority list is used. setting ssl_prefer_server_ciphers=yes did the trick. Now my imap client uses ECDHE-RSA-AES256-SHA many thanks,

> Am 03.09.2019 um 10:54 schrieb Sami Ketola via dovecot <dovecot at dovecot.org>: > > > >> On 3 Sep 2019, at 11.07, R.N.S. via dovecot <dovecot at dovecot.org> wrote: >> >> Hi, >> >> as Dovecot supports submission, which is the sending direction, I am interested to know, if I can configure a separate passdb backend just for submission.

I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail