Displaying 20 results from an estimated 9000 matches similar to: "Dovecot and thunderbird authentication issue?"
2020 Apr 20
0
Dovecot and thunderbird authentication issue?
On 19.04.20 23:44, David Mehler wrote:
> I'm using Dovecot 2.2, Postfix 3.5, and am atempting to get the latest
> version of Thunderbird to work. I tried account autoconfig which did
> not work, so I had to manually enter information and correct other
> information. On my server dovecot supports plane and login
> authentication methods but only over starttls i've got a
2016 Mar 03
4
Implementation of TLS OCSP Stapling
Hi all,
About a year ago, Torsten already asked for OCSP stapling
(http://dovecot.org/pipermail/dovecot/2015-April/100632.html).
Unfortunately, there was no answer to his question.
Now RFC 7633 ("TLS Feature Extension",
https://tools.ietf.org/html/rfc7633, a.k.a. "Must Staple") has landed,
revocation is getting serious! I personally would like to embed all my
TLS
2017 Jan 04
3
Dovecot dsync tcps sends incomplete certificate chain
Hi,
I'm trying to configure a Dovecot dsync service between two servers, using a tcp+ssl connection and
a valid Let's Encrypt certificate.
I followed the guide on the wiki (http://wiki.dovecot.org/Replication) using the tcps method, but
when I launch the replication it fails writing on the log (/var/log/mail.err):
(Server 1 - sync "client" )| Error: sync: Disconnected from
2020 Mar 11
2
lmtp and recipient_delimiter
Hi list,
I have a small problem with recipient_delimiters contained in usernames.
Recently I have extended recipient_delimiter from "+" to "+-" in both
Postfix and Dovecot (using lmtp) and now any user that have a '-' in it's
username can't receive mail anymore, because lmtp truncates the localpart
after the '-' and of course can't find the first
2016 Jun 15
3
https and self signed
On Jun 15, 2016, at 9:02 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
>
> I do see WoSign there (though I'd prefer to avoid my US located servers
> have certificates signed by authority located in China, hence located sort
> of behind "the great firewall of China" - call me superstitious).
That?s a perfectly valid concern. The last I heard, modern
2016 Jun 15
8
https and self signed
On Jun 15, 2016, at 7:57 AM, ????????? ???????? <nevis2us at infoline.su> wrote:
>
> Nowadays it's quite easy to get normal ssl certificates for free. E.g.
>
> http://www.startssl.com
> http://buy.wosign.com/free
Today, I would prefer Let?s Encrypt:
https://letsencrypt.org/
It is philosophically aligned with the open source software world, rather than act as bait
2016 Mar 03
2
Implementation of TLS OCSP Stapling
On 03-03-16 14:09, Gedalya wrote:
> On 03/03/2016 07:30 AM, Stephan Bosch wrote:
>> BTW, I can imagine that Thunderbird can already do that, as it shares much of the Firefox code base.
> Thunderbird definitely does validate certificates via OCSP, enabled by default and I've run into that the hard way a couple of times wrt StartSSL having issues with their responder. This isn't
2017 Mar 20
2
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
The one that works fine was my openxchange server, that loads contacts
from openldap.
In my opinion I don't have installed a security framework list SELinux
or AppArmor.
The output of namei -l /etc/ssl/certs/LetsEncrypt.pem
f: /etc/ssl/certs/LetsEncrypt.pem
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
drwxr-xr-x root root certs
lrwxrwxrwx root
2016 Jun 17
2
https and self signed
On 17.06.2016 16:27, ????????? ???????? wrote:
> Walter H. ????? 2016-06-16 22:54:
>> On 16.06.2016 21:42, ????????? ???????? wrote:
>>>
>>> I don't think OCSP is critical for free certificates suitable for
>>> small businesses and personal sites.
>>>
>> this is philosophy;
>>
>> I'd say when you do it then do it good, else
2017 Jan 06
2
Dovecot dsync tcps sends incomplete certificate chain
On 01/05/2017 08:55 PM, Juri wrote:
> 5 Gennaio 2017 01:21, "John Fawcett" <john at voipsupport.it> wrote:
>
>> On 01/04/2017 08:40 PM, Juri wrote:
>>
>>
> Thank you.
>
> In fact I tried both settings, that is
> |ssl_client_ca_dir = /etc/ssl/certs
> |ssl_client_ca_file = /etc/letsencrypt/live/mail.dividebyzero.it/chain.pem
> but with no
2017 Mar 20
2
Dovecot can't connect to openldap over starttls [REQUEST OF OPENLDAP]
I have a new pcap from beginning to the end with openldap "TLS
negoiation failed"
https://gwarband.de/openldap/tracefile.dump
The sourceports are 45376 and 45377
Tobias
Am 2017-03-20 19:59, schrieb Aki Tuomi:
> Well, those actually *reduce* the possible algorithms that can be
> used, so uncommenting those can make things worse.
>
> Anyways, your pcap seems incomplete,
2018 Jul 30
4
dovecot 2.3.x, ECC and wildcard certificates, any issues
I don't know how to get both RSA and ECC cert from letsencrypt.
Aki
> On 30 July 2018 at 20:43 David Mehler <dave.mehler at gmail.com> wrote:
>
>
> Hello,
>
> What acme implementation do you use for your letsencrypt certificates?
> If it's acme.sh how do you get both rsa and ecc certificates? What
> configuration options are you using in your
2017 Mar 03
6
letsencrypt
Hello,
I know some users here are using letsencrypt for their CA. If this is
to off topic write me privately.
I'm wanting letsencrypt to take over as my CA, replacing existing self
signed certificates. I've got web working, a certificate for https
sites and one for webmail as they have different names. What I'm now
wanting to do is get letsencrypt going for my email setup, the smtp
2016 Mar 03
3
Implementation of TLS OCSP Stapling
On 03-03-16 13:04, A. Schulze wrote:
>
> dovecot:
>
>> So I would like to know if Dovecot is planning to feature OCSP stapling.
>> That way I know for sure my "must staple" certificates can be used by
>> Dovecot. And in my opinion, every TLS offering daemon should be up to
>> par to the capabilities of TLS.. Not lag behind :)
>>
>> What's
2016 Jun 17
2
https and self signed
On 17.06.2016 19:57, ????????? ???????? wrote:
>>> Then OCSP stapling is the way to go but it could be a real PITA to
>>> setup for the first time and may not be supported by older browsers
>>> anyway.
>>>
>> not really, because the same server tells the client that the SSL
>> certificate is good, as the SSL certificate itself;
>> these must
2016 Jun 15
1
https and self signed
On Wed, Jun 15, 2016 at 10:02:57AM -0500, Valeri Galtsev wrote:
>
> On Wed, June 15, 2016 9:17 am, Warren Young wrote:
> >>
> >> Nowadays it's quite easy to get normal ssl certificates for free. E.g.
> >
> > Today, I would prefer Let???s Encrypt:
> >
> > https://letsencrypt.org/
> >
> > It is philosophically aligned with the open
2018 May 01
2
OCSP Stapling and Certificate Transparency
Hi,
For CAs that do not include a signed certificate timestamp in their newly-issued certificates, does Dovecot support either OCSP stapling or the Certificate Transparency TLS extension?
If the TLS extension is supported, how does the admin configure the timestamp for each certificate?
I?m wondering if any MUAs will follow Google?s lead and insist on CT.
Thank you!
-Felipe Gasper
2017 Nov 24
1
SSL configuration
Hello subscribers,
I have a very strange question regarding SSL setup on gluster storage.
I have create a common CA and sign certificate for my gluster nodes, placed host certificate, key and common CA certificate into /etc/ssl/,
create a file called secure-access into /var/lib/glusterd/
Then, I start glusterd on all nodes, system work fine, I see with peer status all of my nodes.
No problem.
2017 May 29
3
SSL problem - no banner
Hi,
I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has
a valid Letsencrypt certificate but the problem also happens with a
self-digned one.
Only openssl s_client -connect localhost:993 works fine and fast, while
all MUA's and telnet does not. Telnet timeouts waiting for banner after
a minute or so:
root at netuno:~# openssl s_client -connect localhost:993
2016 Jun 16
2
https and self signed
On 16.06.2016 21:42, ????????? ???????? wrote:
>> that is right, but hink of your potential clients, because
>> wosign has a problem - slow OCSP, ...
>> because their server infrastucture is located in China, and not the
>> best bandwidth ...
>>
>> when validity checks of the used SSL certificate very probable fail,
>> it is worse than not using SSL ...