similar to: starttls for some services only

Displaying 20 results from an estimated 5000 matches similar to: "starttls for some services only"

2020 Feb 10
2
starttls for some services only
Hi Aki, On 10.02.20 17:03, Aki Tuomi wrote: > Try setting > > login_trusted_networks = lb-ip/32 > > See? > https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks I do have login-trusted_networks set already. Along with the proxy protocol (haproxy_trusted_networks = lb-ip) I had to set login_trusted_networks to 0.0.0.0/0 actually because the proxy
2020 Feb 10
0
starttls for some services only
> On 10/02/2020 19:17 Bjoern Jacke <lists2020 at j3e.de> wrote: > > > Hi Aki, > > On 10.02.20 17:03, Aki Tuomi wrote: > > Try setting > > > > login_trusted_networks = lb-ip/32 > > > > See? > > https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks > > I do have login-trusted_networks set already. Along
2020 Feb 10
0
starttls for some services only
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> Try setting </div> <div> <br> </div> <div> login_trusted_networks = lb-ip/32 </div> <div> <br> </div> <div> See <a
2009 Nov 10
2
v1.2.7 released
http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz.sig * IMAP: IDLE now sends "Still here" notifications to same user's connections at the same time. This hopefully reduces power usage of some mobile clients that use multiple IDLEing connections. * IMAP: If imap_capability is set, show it in the login banner. + IMAP:
2009 Nov 10
2
v1.2.7 released
http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz.sig * IMAP: IDLE now sends "Still here" notifications to same user's connections at the same time. This hopefully reduces power usage of some mobile clients that use multiple IDLEing connections. * IMAP: If imap_capability is set, show it in the login banner. + IMAP:
2010 May 07
4
Requiring STARTTLS only on some networks
Hello Timo, is there a way, either in 1.2.x or in 2.x to activate disable_plaintext_auth=yes only for some address or network ? The idea would be to enable clients from the internal networks to keep making clear text connections while forbidding it to the rest of the world. Thanks. -- Thomas Hummel | Institut Pasteur <hummel at pasteur.fr> | P?le informatique - syst?mes et
2020 Feb 12
2
feature request for setting alternative pidfile
Hi, because of an unsupported combination of configuration parameters for different dovecot services I looked into setting up two dovecot instances with different configurations on the same host. It looks like running two different dovecot instances on the same host is not easily possible because the pidfile seems to be hard-coded and there is no way to tell dovecot to use a different one, right?
2014 Dec 08
2
Required SSL with exceptions
I have a Dovecot cluster which is on separate machines from my webmail/caldav/cardav cluster, and I currently have the system setup with ssl = required. Unfortunately the caldav/cardav server I am running doesn't support STARTTLS so I was wondering if there is a way to still enforce ssl for every connection with the exception of a certain subnet, or if there is a better way to accomplish
2013 Apr 05
2
client limit and STARTTLS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I'm migrating from one system to another. Both are Arch Linux, but copying the configurations and just modifying them for IP addresses and hostnames didn't work. Here's doveconf -n # 2.1.15: /etc/dovecot/dovecot.conf doveconf: Warning: service auth { client_limit=256 } is lower than required under max. load (3072) doveconf:
2016 Jul 14
5
controlling STARTTLS by IP address
On my POP3 server, I need to be able to control the use of STARTTLS by client IP address. Specifically: * Clients on certain internal subnets (e.g., 192.168.1.0/24) must not have the option to use TLS. If the client tries to use STARTTLS, the option should be rejected. This is to satisfy US FCC rules regarding the use of encryption over certain radio frequencies. * All other internal clients
2009 Jan 15
3
Enforcing STARTTLS for all mechs while disabling imaps
Hi all, Is there a way to enforce STARTTLS for all connections, regardless their authentication mechanism? disable_plaintext_auth only takes care of the auth conversation, but I would like to have all communication encrypted. As far as I can see, this would only be possible when using imaps and disabling imap. However, I would like to have the other way around; disabling imaps and using imap for
2017 Nov 23
3
Dovecot LMTP Proxy + STARTTLS?
Hi I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is configured to act as director and delivers to my two backend servers. I enabled lmtp proxy on director to listen on port 24. Now I see in msg headers that the connection to the lmtp proxy uses STARTTLS but the connection from proxy to backend seems to be unencrypted. Is it possible to enforce the use of STARTTLS in the
2014 Aug 18
2
IMAP on 993/SSL or 143/STARTTLS?
Hi, I have a postfix+dovecot-2.2.13 system and have configured it to support IMAPS on 993 with SSL/TLS. I'm noticing with users using Thunderbird, the autodetect defaults to IMAPS on 143 with STARTTLS. Which is preferred? Which is more secure? Which is more common? Why would someone choose one over the other? Can I ask the same question about SMTP and submission? Why would one choose 587
2018 Sep 17
2
Using both starttls and ssl in passdb on proxy results in timeouts
Hi List, I have a dovecot which proxies to different backends depending on an entry in a mysql-database. The mysql-query sets ?ssl? to ?any-cert? and this works fine. But this causes me a problem: sieve-backends only support STARTTLS and if I set ?ssl? to ?any-cert? (or yes), it will attempt a TLS-connection to the sieve-backends, which fails. My attempt was to alter the query to include
2004 Jan 06
3
SSL and STARTTLS
I wanted to enable SSL on some alternate ports so that a limited number of people could try SSL access. But doing so enabled STARTTLS in IMAP, so that all IMAP users got surprised (at least those whose clients attempted to use it automatically). e.g.: # IP or host address where to listen in for SSL connections. Defaults # to above non-SSL equilevants if not specified. imaps_listen =
2014 Nov 21
3
Outlook Express and STARTTLS
I have one user that uses Outlook Express. Not only do I not use it, I don't have any systems here that can easily use it. I bit of a challenge. I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections. SO far a google search has not shown me how to configure this for a user. Anyone have a pointer to instructions so I can talk the person through the changes?
2007 Jan 11
2
STARTTLS: read error=generic SSL error (0)"
Hi All, I am runnig sendmail 8.12.8. I am getting the below error. [root at mail MailScanner]# tail -f /var/log/maillog Jan 11 11:20:40 mail sendmail[10646]: STARTTLS: read error=generic SSL error (0) Jan 11 11:20:41 mail last message repeated 22494 times Jan 11 11:20:41 mail sendmail[10646]: STARTTLS: read error=generic SSL error (0) Jan 11 11:20:41 mail last message repeated 8894 times Jan 11
2010 May 24
2
STARTTLS does not seem to work
I believe I have the configuration set to use START TLS on IMAP4 (143) and POP3 (110) ports. ?However, it does not seem to be working. ?Yet "STARTTLS" is listed as a capability (which tells me I probably do have it configured right). In the session below, 172.30.0.24 is the mail server I'm putting up. 64.26.60.229 is an outside mail service. A similar thing happens on POP3. The
2016 Jul 14
5
controlling STARTTLS by IP address
> Seems like your firewall could redirect to a different port that doesn't > offer starttls. Yes, of course. But that would require multiple ports, making the client configuration cumbersome and error-prone. Michael
2012 May 05
4
IMAP STARTTLS Problem
Hello, I have this problem: May 5 21:02:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.52.31, lip=78.46.216.126 Connecting via Thunderbird to STARTTLS won't work, but with a website from the same server it works for tls://opsys.de. So why is the port closed for external ip's? IPTABLES entry for imap is this: fail2ban-dovecot-pop3imap tcp -- anywhere