similar to: Using NID_x500UniqueIdentifier as ssl_username_from_cert

Dear dovecot experts: We are using client certificates to authenthicate against a Dovecot server. Our certificates contain a x500UniqueIdentifier. I'm absolutely sure that the value of the x500UniqueIdentifier was stored into the AUTH_USER when I tested my setup last year. This has somehow changed and now AUTH_USER always contains the username. This has fatal consequences as now every owner

Q1) I can't get ssl_verify_client_cert=yes working. The ssl key and cert are signed using our CA. Also the ssl_ca_file has a CRL appended (no revokes yet). Expected behavior: Stop the SSL (the client doesn't have a cert installed) Current behavior: Mail clients accepts SSL and login succeeds. (both Evolution and Thunderbird). My bad? Please advise. Q2) The next step, if dovecot blocks

Skipped content of type multipart/alternative-------------- next part -------------- --- ssl-proxy-openssl.c.orig 2006-04-04 10:32:58.000000000 +0200 +++ ssl-proxy-openssl.c 2006-06-01 09:24:57.000000000 +0200 @@ -498,7 +498,7 @@ const char *ssl_proxy_get_peer_name(struct ssl_proxy *proxy) { X509 *x509; - char buf[1024]; + char buf[256]; const char *name; if

http://bugzilla.mindrot.org/show_bug.cgi?id=1322 Summary: pam_end() is not called if authentication fails, which breaks pam-abl Product: Portable OpenSSH Version: 4.6p1 Platform: Other URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405041 OS/Version: Linux Status: NEW Severity:

Dear reader, we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a

Dear readers we are using Dovecot 2.2.7 and all of our users are using Thunderbird as their mail client. Some of them additionally use their iPad/iPhone and a very few an Android Mail-Client. Now one user noticed that two of his mail folders disappeared. He first believed that he accidentally deleted those folders but then he realized that they are still visible from his iPad. I checked this

hello trying to install dovecot 2 on a fresh installed machine I get this error message : doveconf -n > dovecot-new.conf doveconf: Error: ssl enabled, but ssl_cert not set doveconf: Fatal: Error in configuration file /usr/local/etc/dovecot/dovecot.conf: ssl enabled, but ssl_cert not set the ssl config file look like the following : Thanks for any info. ## ## SSL settings ## # SSL/TLS

Today I've been trying to get dovecot (1.0 rc2) to use certificates for client side authentication. If my memory serves right, beta8 had no problems with it (although it was some time ago and on different machine). Similar setup works perfectly well for postfix (for authentication that is, on the same machine). Originally I thought I overdid some certificate settings (keyUsage, nsCertType,

hello, I made a modification to ssl-proxy-openssl.c (patch attached) zo that it a) disconnects when no client certificate is presented b) checks the client certificate against the crl for our root cert. (so you can't use a revoked client cert.) c) returns the CommonName from the client cert. in ssl_proxy_get_peer_name (this way it's easier to use dovecot as imap-proxy with a

Hi List, This is my first post to this list so please be gentle :-). First of all, kudos to the developers of dovecot! Im trying to implement quota, and I followed the instructions in the wiki. My problem is the quota specified per user is not being honored, only the global quota setting. I do have an "quota = maildir:storage=204800" in the plugin area and enabled quota in the

Dear List If ssl_username_from_cert = yes then setting of auth_username_chars is not respected. (It may be that anything goes in that case) Also how can I include space (0x20) in auth_username_chars if I don't use ssl_username_from_cert = yes Thanks mr.wu

Dear List I've successfully installed/configured dovecot 1.2.10 with "require client cert" on centos 5.4 and ubuntu server 9.10 I also need to install on centos 4.8 and after the following the exact same procedure I can only get it working if I commented out ssl_require_client_cert =yes and ssl_username_from_cert = yes from the working config file. This is even after compiling

I'm trying to set up a pop3 server for a project for class, but it keeps giving me the following error: Error: Login user doesn't exist: dovecot Fatal: Invalid configuration in /usr/local/etc/dovecot.conf And I have no clue what's wrong. I've look and modifying the dovecot.conffile for days and I am not having any luck. ## Dovecot configuration file # If you're in a

The actual alpha4 release this time. With a few changes since the pre-release. The important changes again: - Default lock_method changed to flock instead of the old fcntl. Solaris users will need to set it back to fcntl. This makes sure that Dovecot's indexes aren't accidentally used with NFS. - IMAP: We might have sent extra EXPUNGE messages when output buffer got full. This could

Hi, there! Well, I am new to dovecot, so please be patient with me: I have a virtual server and want to setup simple mail delivery. postfix, saslauthd and dovecot basically work fine. The only open issue is, that (I guess) dovecot doesn't remove the mail when it's retrieved via pop3 from the server. It keeps sending me the same emails again and again. (The mail client (Thunderbird) is

Hi! I'd like to configure dovecot to use only TLS client certificates for authentication. After the user presented a client certificate and that certificate was verified, no password-based authentication should be necessary anymore. Is this currently possible? Or would this require support for the SASL EXTERNAL mechanism? Regards, Martin

Dear List, I have a few questions regarding dovecot sasl authentication that are somewhat related to each other. I have a working dovecot config with ---------- ssl_verify_client_cert = yes .. . ssl_require_client_cert = yes ssl_username_from_cert = yes --------------- (With this set up I need not set a correct user name in my mail client so long as I have it correctly in cert.) It turns out

Not the clearest of error messages. A successful cannot load. May 7 21:05:29 10.10.10.213 dovecot: child 21500 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: child 21501 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: child 21502 (login) returned error 89 May 7 21:05:29 10.10.10.213 dovecot: child 21503 (login) returned error 89 May 7 21:05:29 10.10.10.213

Hi all, i am using debian etch with backports for dovecot (1.0.10) with Postfix (Version: 2.3.8-2+b1) At the moment the quota for all maildir mailboxes is 265MB, some should be 512MB an others 10 MB for example. See my Mysql: mysql> show fields from users from mail; +----------+-------------+------+-----+----------+-------+ | Field | Type | Null | Key | Default | Extra |

Hi all, I have a Postfix+Dovecot working in beta/testing; it seems to run very fine, but one beta-tester user says that kmail informs him about frequent desconnections. My dovecot -a shows: # /etc/dovecot.conf base_dir: /var/run/dovecot log_path: info_log_path: log_timestamp: %b %d %H:%M:%S syslog_facility: mail protocols: imaps listen: [::] ssl_listen: ssl_disable: no ssl_ca_file: