similar to: Apple Mail Since upgrade to dovecot 2.3.x unable to connect

|Dear all,| |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, thereby upgrading dovecot from 2.2.x to 2.3.x. | |Since then, some older versions of apple's mail.app (bundled with el Capitano, released in 2016) no longer connect. When I turn on SSL debugging, I see:| |Debug: SSL error: SSL_accept() failed: error:14209102:SSL

> On 17/08/2020 12:51 Johannes Rohr <jorohr at gmail.com> wrote: > > > |Dear all,| > > |a couple of days ago I upgraded our server from Ubuntu 18.04 to 20.04, > thereby upgrading dovecot from 2.2.x to 2.3.x. > | > > |Since then, some older versions of apple's mail.app (bundled with el > Capitano, released in 2016) no longer connect. When I turn on

I've spent days scouring the Internet and trying various solutions on a problem with my Dovecot installation, so I thought I'd share what I learned in hopes of saving other people a lot of time.? The dedicated Dovecot hands will know all of the following already.? This is for those of us that have to cover a lot of bases. I upgraded my mail server from Ubuntu 18.04.1 to Ubuntu

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

Hello! On my testserver running CentOS8 I have installed dovecot v2.3.8. I can connect to the server using claws-mail on my PC but can't using K9-mail on android device. Jul 18 12:24:57 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Jul 18 12:24:57 imap-login: Debug: SSL:

I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. Now, there is no way to exclude a specific group of one or more TLS versions. For a new bug report, I think we need two new settings: * `ssl_tls13_ciphersuite` and * `ssl_tls10_cipher`

Also, more testimony to the same problem (by others) is posted over at ServerFault (StackOverflow): https://serverfault.com/questions/975871/forcing-dovecot-2-3-4-1-to-use-tlsv1-2 On 5/8/20 11:50 AM, Steve Egbert wrote: > I have an operational need to disable TLSv1.3 due to inadequate support > to exclude certain ciphers. > > Much to my dismay, the `ssl_protocols` had been

On 08 May 2020, at 09:43, Steve Egbert <s.egbert at sbcglobal.net> wrote: > I have an operational need to disable TLSv1.3 due to inadequate support to exclude certain ciphers. There is no need to disable TLSv1.3 and attempts to do so will be flagged as ?downgrade attacks?. > Much to my dismay, the `ssl_protocols` had been renamed and re-functionalized into `ssl_min_protocol`. >

hi, On 10/1/20 12:21 AM, JEAN-PAUL CHAPALAIN wrote: > I had the same problem when migrating from Dovecot V2.2.36 on, Centos-7 to?Dovecot v2.3.8 on Centos-8 My report is specifically/solely about the addition/use of the Options = ServerPreference parameter. I don't see that in your configuration. Are you using it? In a config using Dovecot's submission proxy?

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

Hi, I am having some issues with a new server install in Singapore. Outbound calls work fine. Inbound calls are not picked up by Asterisk. Zaptel 1.2.25 and Asterisk 1.2.28 both built from source. libpri installed wctdm and zaptel load without error Jun 6 23:34:03 fs01 kernel: [211138.372933] Zapata Telephony Interface Registered on major 196 Jun 6 23:34:03 fs01 kernel: [211138.372937]

> On 22/09/2020 21:00 PGNet Dev <pgnet.dev at gmail.com> wrote: > > > On 9/22/20 10:51 AM, Aki Tuomi wrote: > >>> > > > > Well, dovecot does not actually do any parsing for system-wide openssl.cnf. This sounds more like OpenSSL issue than dovecot issue. > > I've NO issue with that config/setting with any _other_ app -- whether in general

I don't know how to get both RSA and ECC cert from letsencrypt. Aki > On 30 July 2018 at 20:43 David Mehler <dave.mehler at gmail.com> wrote: > > > Hello, > > What acme implementation do you use for your letsencrypt certificates? > If it's acme.sh how do you get both rsa and ecc certificates? What > configuration options are you using in your

Hi, I can no longer connect to Dovecot (IMAP). The connection is terminated by Dovecot after Client Helo. My server: Dovecot 2.3.3 Debian buster/sid Architecture: ppc My problems started in late August after upgrading Dovecot. SSL settings: ssl_dh = </etc/ssl/dh2048.pem ssl_min_protocol = TLSv1.2 ssl_cipher_list =

Hello, The client in question is the latest version of AquaMail running on android. Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > You should, in practice, enable both. This gives best client compability. It > is possible you have clients that cannot understand ECC certificates? You > can use ssl_alt_cert to provide RSA cert too. > > Aki >

Am 17.08.20 um 12:16 schrieb Aki Tuomi: > You need to set > > ssl_min_protocol = TLSv1.2 # or TLSv1 Thanks, tried both, but unsuccessfully. Again, is there any debug setting that allows me to see what SSL version was requested? Without this, this is fumbling in the dark. Cheers, Johannes -------------- next part -------------- A non-text attachment was scrubbed... Name:

Hello, Does dovecot 2.3.x have any issues recognizing or using certificates that are ECC and wildcard? I'm trying to switch my letsencrypt implementation from acme-client which does not support either of those capabilities to acme.sh which does. Since then external clients checking their email has not worked. A manual telnet to mail.example.com 993 gives a connected message but then nothing

Hi, Thanks, good news is that worked. Bad news is it all looks good which means I do not know hwhy my remote clients can't get their email, looked like from the logs it was that. Would 143 be better or 993 for the external clients? Thanks. Dave. On 7/30/18, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > >> On 30 July 2018 at 19:16 David Mehler <dave.mehler at gmail.com>

Hi everyone, I'm new to this ML. I have some issue with GMail import settings... I run a dovecot server (2.3.4.1) on Debian10 and I try to connect to my accounts from GMail. It's work fine from thunderbird in pop3,pop3s, imap, imaps... Submission work too... But it won't work on GMail except if I set ssl=yes and disable_plaintext_auth = no... Then GMail connect without SSL or

On Fri, 2 Nov 2018 08:33:56 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > I think he also forgot to mention this part of kodi and smbclient. > > ( the default of kodi its smbclient ) > .smb/smb.conf > [global] > lock directory = /home/username/.kodi/.smb/ > name resolve order = bcast host >