similar to: v2.3.16 released

We are pleased to release v2.3.13. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to

We are pleased to release v2.3.13. Please find it from locations below: https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Aki Tuomi Open-Xchange oy --- * CVE-2020-24386: Specially crafted command can cause IMAP hibernate to

I changed some of the tls options following the document, now config is following: tokeninfo_url = https://keycloak.com/auth/realms/mail/protocol/openid-connect/token introspection_url = https://dovecot:7598e21b-ec34-481f-80d0-059bddae0923 at keycloak.com/auth/realms/demo/protocol/openid-connect/token/introspect introspection_mode = post debug = yes rawlog_dir = /tmp/oauth2 #force_introspection

On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > Hi! > > It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Tracking as DOP-1590. Regards, Stephan. >> On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: >> >> >> Hi, >> >> For troubleshooting purposes, I

Hi all, We'd like to enable OAuth with Keycloak in Dovecot, after enabling 'OAUTHBEARER XOAUTH2' in Dovecot based on online document, I can confirm Dovecot is ready for OAuth using openssl command, however when the auth request comes in, it failed in establishing a SSL connection with Keycloak server on port 443, shown as following in debug logs. I can confirming using commands

Practically speaking, most popular IAM and SSO solutions offer OIDC SAML tokens but do not offer Kerberos tickets.? OpenID Connect is a standard which itself is based on RFC6749 (OAuth2). This provides a compelling reason to support it in addition to Kerberos.? I'll also note that OIDC tokens are easy to validate without a bidirectional trust relationship between the IdP and RP. SSH

Hello, Still trying to make roundcube / Dovecot works with Keycloak. Dovecot can't seem to validate the access_token that Roundcube gave. ----- Jul 08 20:48:05 auth: Debug: http-client[1]: request [Req1: GET

Hi all! We are pleased to release v2.3.19 of Dovecot. The docker images have been upgraded to use bullseye as base image. https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Regards, Aki Tuomi Open-Xchange oy -- + Added

Hi all! We are pleased to release v2.3.19 of Dovecot. The docker images have been upgraded to use bullseye as base image. https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.19.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Regards, Aki Tuomi Open-Xchange oy -- + Added

We are pleased to release v2.3.20 of Dovecot. https://dovecot.org/releases/2.3/dovecot-2.3.20.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.20.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Regards, Aki Tuomi Open-Xchange oy -- + Add dsync_features=no-header-hashes. When this setting is enabled and one dsync side

We are pleased to release v2.3.20 of Dovecot. https://dovecot.org/releases/2.3/dovecot-2.3.20.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.20.tar.gz.sig Binary packages in https://repo.dovecot.org/ Docker images in https://hub.docker.com/r/dovecot/dovecot Regards, Aki Tuomi Open-Xchange oy -- + Add dsync_features=no-header-hashes. When this setting is enabled and one dsync side

On Thu, Feb 8, 2024 at 1:18?PM Chris Rapier <rapier at psc.edu> wrote: > > I know that there are some methods to use federated identities (e.g. > OAuth2) with SSH authentication but, from what I've seen, they largely > seem clunky and require users to interact with web browsers to get one > time tokens. Which is sort of acceptable for occasional logins but > doesn't

I'm trying to implement the password grant flow, as specified at https://wiki2.dovecot.org/PasswordDatabase/oauth2, but am getting an error message. Can you please help? auth: Fatal: oauth2 /etc/dovecot/dovecot-oauth2.token.conf.ext: Error in configuration file /etc/dovecot/dovecot-oauth2.token.conf.ext line 1: Unknown setting: grant_url $ dovecot -n # 2.3.5.2 (38c8f1daf):

Hi, I have a problem with configuring dovecot passdb for Oauth2 with keyclock. A user can access more mailbox, mailboxes are associated with the user. When a user login with this method: OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot ready. a login mailbox*user password Dovecot when requiring the grant_url send to Keyclock, for example, this post

I am trying to use a newly added Local Validation functionality in dovecot version 2.3.11. I am running dovecot inside a Docker container With base image " debian:buster-slim". When I try to login through below command , a crash is seen. Algorithm Used is RS256 and certificate is self-signed. ''' a1 login admin

All, We currently use a proxy configuration with an sql query to authenticate and discover which backend server an address belongs to and proxy the connection to that host to authenticate and retrieve mail. We are looking to move to OAUTH2 for authentication and am just trying to figure how how to get that extra host information as part of the passdb query when using this mechanism. Looking at

Before declaring it not ready for prime time, did you try setting tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt In the oauth2 configuration file as documented in https://doc.dovecot.org/configuration_manual/authentication/oauth2 ? Aki > On 05/12/2019 21:58 mizuki via dovecot <dovecot at dovecot.org> wrote: > > > Hi all, > > We'd like to enable OAuth with

Hi! It seems there is a bug in the oauth2 driver, it loads the cert files wrong way. I'll make an internal bug report of this. Aki > On 06/12/2019 16:42 mizuki <mizuki0621 at gmail.com> wrote: > > > Hi, > > For troubleshooting purposes, I change the read/write permissions on the certs and confirmed 'dovecot' can read them w/o problem, but still seeing the

Hello, I am currently trying to connect my Dovecot mail server to Microsoft's Azure-AD and use it as password and user database. I am using version 2.3.7.1. Using the Azure-AD as passdb already works. In this context I noticed that the scope implementation is not yet merged. Since I haven't found any hints for an OAuth2 userdb implementation yet, I wanted to ask if there are any plans

Thank you Stephan, I'm wondering if I can read the track of the status of bug reports? Could you please advice? Thanks. Mizuki On Sun, Dec 8, 2019 at 6:40 AM Stephan Bosch <stephan at rename-it.nl> wrote: > > > On 06/12/2019 20:54, Aki Tuomi via dovecot wrote: > > Hi! > > > > It seems there is a bug in the oauth2 driver, it loads the cert files > wrong