similar to: Authentication using only TLS client certificates

Hello- Sorry if this is a noob question, but I cant seem to get my password_query to work with dovecot + mysql. Im using 'Password verification by SQL server' at: http://wiki2.dovecot.org/AuthDatabase/SQL trying to modify it to work with my encrypted passwords in the DB. Im using the following which isnt working: password_query = SELECT NULL AS password, \ 'Y' as

Hi, I have an issue with the authentication cache. When a user changes his password, the cache doesn't seem to get flushed. Meaning the user is unable to log in to his IMAP account after changing his password. Flow: - Log into IMAP account using pass1 - Approved - Stored in auth cache - Change password to pass2 in MySQL - Log into IMAP account using pass2 - Access is denied -

Hi everyone. Please note, I've asked a very similar question before and I apologize for sounding like a broken record. Well here it goes. What I want to do is authenticate my users using a certificate. Thereby authenticating both the user and server with strong tokens that are centrally managed. In the worst case scenario the user should only need to enter a password for the certificate

Hi everyone, first post to the list, be gentle with me! Perhaps I'm missing something here, but it appears to me that many password database extra fields currently aren't much use inside SQL queries? All boolean fields like nologin/nodelay/nopassword are set if the column is present in the returned query, regardless of value (including NULL) For example, say you have a query like:

An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20230318/8ce3c29a/attachment-0001.htm>

Hi. I'm using dovecot 1.1.14 with pgsql. I tried to configure dovecot to get the domain part in user_query by specifying different variants of auth_username_format variable such as %Lu, %Lu@%Ld, %Lu-at-%Ld and so on... So dovecot gets domain part in password_query, but not in user_query. I noticed the username is changed like this: kostas at mgupb.net->kostas in log. For some reason it

Hi, I'm setting up the directors for proxying pop3/imap/lmtp/sieve. pop3/imap/lmtp proxying work fine, but sieve not working. The error messages in maillog look not using proxying but local passdb. Error message: Apr 03 12:09:25 managesieve-login: Info: Aborted login (no auth attempts in 0 secs): user=<>, rip=10.1.1.4, lip=10.1.1.201, session=<+SIcx4wvRQAKAQEE> sql in

As a way to try and avoid using "prefix = INBOX." ad infinitum for the inbox namespace, I'm looking for ways to move on to "prefix =" for new mail accounts, and grandfather the existing ones. Previously running Courier-IMAP, now Dovecot, I looked at https://wiki.dovecot.org/Namespaces#Backwards_Compatibility:_Courier_IMAP and decided it's too risky to go down that

I tried to use MySQL stored procedures from dovecot: password_query = CALL user_pass_check('%n', '%d', '%w') user_query = CALL user_info('%n', '%d') This failed with the message: User query failed: PROCEDURE imap.user_info can't return a result set in the given context The root of this problem is that mysql_real_connect() needs to be called with

> On July 11, 2017 at 11:50 AM azurit at pobox.sk wrote: > > > > Cit?t azurit at pobox.sk: > > > Cit?t Aki Tuomi <aki.tuomi at dovecot.fi>: > > > >>> On July 10, 2017 at 1:45 PM azurit at pobox.sk wrote: > >>> > >>> > >>> > >>> Cit?t Aki Tuomi <aki.tuomi at dovecot.fi>: > >>> >

Stephan, Imap/pop shows proxying in mail log, but managesieve differs. Apr 03 03:21:04 pop3-login: Info: proxy(hawk_chen at itsnow.com): started proxying to 10.1.4.6:110: user=<hawk_chen at itsnow.com>, method=PLAIN, rip=218.82.239.224, lip=183.131.52.136, TLS, session=<uJeOZYUvrgDaUu/g> Apr 03 03:21:04 pop3-login: Info: proxy(hawk_chen at itsnow.com): disconnecting 218.82.239.224

I use TLS and SRTP on my Asterisk servers. The server certificates are signed by my internal CA, and the Root CA cert is distributed to the phones and soft phones so they will trust the server without warning. It is not clear to me if Asterisk can be configured to actually reject client connections/registrations from peers which do not possess a client certificate which has been signed by a

Dear List, I self-host my e-mail and run Dovecot since ever I do that. Dovecot version is 2.3.4.1 (f79e8e7e4), running on Debian testing. Now I am trying to configure Dovecot for client TLS certificates. I have a self-signed certificate whose private key resides on a smartcard (Yubikey, to be exact). I wanted Dovecot to accept that TLS client certificate instead of a password. So I searched and

Situation: one front-facing server running Dovecot as IMAP/POP3/ ManageSieve proxy, a mixture of IMAP servers (Dovecot, Exchange, ...) in the back-end. Dovecot's passdb does lookups against MySQL which contains a simple user/host mapping, the actual authentication happens on the back-end IMAP servers. The configuration is more or less as described here:

Hi, Trying to keep abusive/buggy IMAP clients at bay on a number of Dovecot proxy servers, I've reconfigured them to use "mail_max_userip_connections = 50" in the "protocol imap" section, followed by restarting Dovecot. Yet, I'm still seeing 160+ established connections from a single IP address for the same email account. Am I missing anything? # 2.2.27

I'm using roundcube webmail managesieve plugin. Webmail can login managesieve to a specific mailstore successfully without proxying. Because I have mutiple mailstores, I have to use proxying to redirect the correct mailstores just as imap/pop3. ???? Stephan Bosch ????? 2016-04-03 22:50 ???? Hawk Chen; dovecot ??? Re: ??: Re: managesieve proxying not working Op 3-4-2016 om 16:32 schreef

Hi, We are trying to implement a highly secure mail server with user authentication restricted to SSL certificates only (not using passwords at all). Still, user information is stored in a LDAP directory. In this configuration LDAP is used to check whether the user is registered (and probably supply quota and other info), and actual authentication is done by SSL layer. According to wiki, a

Hi, mail_max_userip_connections is only enforced at the backend level. The setting has no effect on proxy. If you want to force the limit then you can only do it in the backend. Sami > On 9 Mar 2017, at 12.05, Adi Pircalabu <adi at ddns.com.au> wrote: > > Quick follow-up: updated the proxies to 2.2.28, but I still couldn't find a way to limit the inbound IMAP connections per

Hi List, I have a dovecot which proxies to different backends depending on an entry in a mysql-database. The mysql-query sets ?ssl? to ?any-cert? and this works fine. But this causes me a problem: sieve-backends only support STARTTLS and if I set ?ssl? to ?any-cert? (or yes), it will attempt a TLS-connection to the sieve-backends, which fails. My attempt was to alter the query to include

Hi everyone! I have dovecot (1.2.11) on one our external mail servers acting as a proxy. The client (ifor now, my iphone) connects fine via ssl to the external mailserver but I can't seem to get a secure connection now to the internal destination imap server (between external mail server and internal imap server, it's going through port 143). Running tcpdump, I can clearly see my