Notification "API" for external replication

t regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID:

dovecot replication crashing

Hi, I'm a but clueless, having issues with replication. `doveadm dsync -u hans` works. But using the following replication setup, I see coredumps. Where to go next? Interestingly not for all users. (For testing purposes I've only 2 users. One having about 20 messages: here even the replication

Re: The end of Dovecot Director?

esden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signature

master - master syncronization: *-temp-1-temp-1-temp-2-* recursion

Hi, I'm using dovecot 2.3.4.1 (f79e8e7e4) (Debian Build) and doing master/master replication. Recently we added a huuge .Archive* folder structure to the items being replicated. And now, suddenly we see new folders with a naming like *-temp-1-temp-1-temp-2-* appearing. This finally lead to infin

Re: Separating Dovecot and Postfix

t regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --

Re: [EXTERNAL] Re: Installation Question: Is a web server required ?

tial part, if they mention it at all. (I'm talking about the "core" documentation, not about Wikis, HowTows, Blogs, …) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix su

Re: Installation Question: Is a web server required ?

White, Daniel E. (GSFC-770.0)[NICS] (Mi 28 Apr 2021 19:28:41 CEST): > Can Dovecot be installed with Postfix and without being behind a web server ? Yes. > I want a mail service that can only be accessed by POP3(s)/IMAP(s) and not by > a web UI. Dovecot is a pure POP3/IMAP server. No Web-UI is r

Re: error 42 ssl certificate expired

ing, because your address doesn't match the OP's address and somehow the information you're presenting doesn't fit the OP's information (Self signed certs vs LE certs) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMAN

Re: error 42 ssl certificate expired

Hi, > In our case this is an internally used Dovecot Mail server that's used for … > certificates worth the expense? Just curious on what everyone's opinion is > of Digital Certs signed by certificate authorities that are only used inside > the LAN. Thoughts? Aki is right. On the long run it's ea

Re: doveadm user '*' vs sssd: enumeration works only once

Heiko Schlittermann (Do 25 Feb 2021 12:17:55 CET): > > I'm not sure about the semantics of setpwent()/endpwent(), mayb the nss > plugin (here sssd) should gracefully handle a missing endwent() if it > sees a new setpwent(). But I think, it can't harm to call endpwent()

Re: doveadm user '*' vs sssd: enumeration works only once

Aki Tuomi (Do 25 Feb 2021 12:21:43 CET): > > > > --- a/src/auth/userdb-passwd.c > > > > +++ b/src/auth/userdb-passwd.c > > > > @@ -208,6 +208,7 @@ static int passwd_iterate_deinit(struct > > > > userdb_iterate_context *_ctx) > > > > cur_userdb_iter_to = timeout_add(0, > > > > pas

Re: doveadm user '*' vs sssd: enumeration works only once

y handle a missing endwent() if it sees a new setpwent(). But I think, it can't harm to call endpwent() on the dovecot side. I deployed a debian package with the above patch added onto my system, and it seems to work. So, should I file a bug report against dovecot? Best regards from Dresden/G

Re: doveadm user '*' vs sssd: enumeration works only once

Heiko Schlittermann (Do 25 Feb 2021 10:36:21 CET): > > within a small timeframe returns a subset of the local users only (the > say count(); I suppose the following would fix the issue: (not tested yet) diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c index

Re: doveadm user '*' vs sssd: enumeration works only once

Heiko Schlittermann (Do 25 Feb 2021 10:08:05 CET): > > doveadm user * > > returns the full user list only once. A 2nd invocation of the same command > within a small timeframe returns a subset of the local users only (the The following Perl script can reproduc

doveadm user '*' vs sssd: enumeration works only once

viour of sssd (more specifically its nss module) - [ ] misbehaviour of dovecot/auth processes? Dovecot: 2.3.4.1 (f79e8e7e4) Operating System: Debian GNU/Linux 10 (buster) Sssd: 1.16.30 Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCH

Re: auth-client via SSL?

Hi Aki, thank you for answering. Aki Tuomi (Mi 05 Feb 2020 07:59:55 CET): > > does dovecot support tls-on-connect for AF INET based auth-client > > sockets? > > inet_listener auth-client { > > name = exim > > port = 4711 > > ssl = yes > > } > >

Re: auth-client via SSL?

Hi, I'm resending this message, still hoping for an answer. Hello, does dovecot support tls-on-connect for AF INET based auth-client sockets? Rationale behind my question: Exim can use the Dovecot auth-client socket to delegate the SMTP-AUTH authentication to Dovecot. Currently Exim supports t

auth-client via SSL?

Hello, does dovecot support tls-on-connect for AF INET based auth-client sockets? Rationale behind my question: Exim can use the Dovecot auth-client socket to delegate the SMTP-AUTH authentication to Dovecot. Currently Exim supports the AF UNIX only for this socket. Jeremy makes progress in ex

Re: Multiple certificate option SNI

Maciej Milaszewski IQ PL via dovecot (Fr 13 Sep 2019 12:10:39 CEST): > openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1 Use -servername for testing. -- Heiko signature.asc Description: PGP signature

Re: dovecot Buch 2014 vs 2016

Hi Stephan, Stephan Bosch via dovecot (Fr 22 Feb 2019 13:39:27 CET): > > Gibt es - außer der Sprache und dem Preis - einen Unterschied zwischen > > der ersten (und einzigen?) deutschen Auflage von 2014 und der englischen > > Auflage von 2016? > > Hier wird leider nur Englisch gesprochen. Sie könn

dovecot Buch 2014 vs 2016

Moin, Es geht um das Dovecot-Buch. Ich nehme an, daß hier mindestens einer, der sich auskennt, mitliest: Gibt es - außer der Sprache und dem Preis - einen Unterschied zwischen der ersten (und einzigen?) deutschen Auflage von 2014 und der englischen Auflage von 2016? -- Heiko signature.asc Desc

Re: authenticate as userA, but get authorization to user userB's account

elds per LDAP object. If we are able to track the password hashes (which hash for which user), we can have each user using his very own password to login as another user (provided that other user has an additional userPassword field) Best regards from Dresden/Germany Viele Grüße aus Dresde

Re: authenticate as userA, but get authorization to user userB's account

Kadlecsik József (Mi 25 Okt 2017 14:42:11 CEST): … > The master users are allowed to impersonate anyone and at the same time > cannot login as themselves. Those were the issues why we couldn't choose > to use master users. True. -- Heiko signature.asc Description: PGP signature

Re: authenticate as userA, but get authorization to user userB's account

dum: for dovecot, add "*" to the allowed username chars to > auth_username_chars in /etc/dovecot/conf.d/10-auth.conf. I think, it's there already for the master user mechanism. I'll send a follow-up on how I solved it, if I do not get any further input. Best

Re: authenticate as userA, but get authorization to user userB's account

Thomas Leuxner (Mi 25 Okt 2017 13:11:52 CEST): … > * Heiko Schlittermann 2017.10.25 12:58: > wouldn't this be a use case for acl_groups, where a user would belong to > group "Sales" and this "role" would gain specific access? Not sure. Because userA w

authenticate as userA, but get authorization to user userB's account

to set up this in a generic MUA, as some webmail client? Thanks in advance, best regards from Dresden/Germany Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gn

Re: STARTTLS issue with sieve

certificates, but let the intermediate cert in the certificate chain sent by the server. (That's what the intermediate certs are good for, isn't it?) Heiko -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax

Re: STARTTLS issue with sieve

iko -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since

Re: STARTTLS issue with sieve

root CA it received. The client should trust only its copy of the root CA. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}:

Re: STARTTLS issue with sieve

hardcoded in /usr/lib/x86_64-linux-gnu/libgnutls.so.30 (Debian9, amd64) $ strings /usr/lib/x86_64-linux-gnu/libgnutls.so.30 | grep '/etc/ssl' /etc/ssl/certs/ca-certificates.crt So, on my system gnutls-cli seems to use the same CA store (/etc/ssl/certs) as openssl. Best

Re: Exim still accepting emails to nonexistent users

ain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)(mail=$local_part@ > $domain))}{$value}fail} > > Thanks again for all the support. You pointed me in the right direction. :) You're welcome. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann

Re: Exim still accepting emails to nonexistent users

Hi, Heiko Schlittermann (Mo 21 Nov 2016 11:50:13 CET): > a) Routing stage > You need to interact with the user database dovecot uses. > Either you access the user database directory (flat file, LDAP, > whatever) or you use the ${readsocket…} feature of Exim to talk to > dovecot.

Re: Exim still accepting emails to nonexistent users

ot do callout: neither router nor transport provided a host list This can be 'fixed' if you use (not tested) dovecot_lmtp: driver = smtp protocol = lmtp host = localhost port = 2525 and have the dovecot LMTP run on a local TCP port Best regards from Dresden/Germany Viel

Re: Exim still accepting emails to nonexistent users

elivery to dovecot? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are wel

<-FIN <-RST ->FIN,ACK <-RST on SSL connection shutdown

on plaintext IMAP. There I see the expected shudown handshake FIN - FIN,ACK - ACK. Dovecot version is 2.2.24 (a82c823) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Sch

Re: dsync unstable? (other strange detail)

cting to should be on the same machine for the time the syncronisation runs. But I'll check this. Thank you for responding… It give me the hope that it *should* work. (Meanwhile I'm writing 'yet-another-imap2imap' sync tool, but using dsync would be the better choice

Re: dsync unstable? (other strange detail)

Timo Sirainen (Mi 29 Jun 2016 00:00:11 CEST): … > >> b) UID=16 suddenly appeared on Cyrus side even though it wasn't there > >> earlier. This isn't allowed by IMAP standard. > It's still strange if Cyrus is doing that. It's generally a pretty well > behaving IMAP server. What version is it? * O

Re: dsync unstable? (other strange detail)

Hi, Timo Sirainen (Di 28 Jun 2016 23:30:38 CEST): > > > > On successive runs of the above command I get: > > > >dsync(heiko): Warning: Deleting mailbox 'Serververwaltung.Mailinglisten > > Anforderung': UID=16 GUID= is missing locally > > This means that on Dovecot side there are messages a

dsync unstable? (other strange detail)

t least it didn't stop at every subfolder.) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnup

dsync is unstable?

ut cca 4500 mailboxes. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are wel

Re: doveadm-server protocol change?

27;m using the ppa http://ppa.launchpad.net/patrickdk/production/ubuntu and until now it works fine. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-In

Re: Ubuntu package - Was: Re: doveadm-server protocol change?

for your response, we're using your packages now in a production ready environment I'll contact you in case of any issues. (The environment uses a directors/backends setup.) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann --

Re: Ubuntu package - Was: Re: doveadm-server protocol change?

emd/system/dovecot.service > While xi packages places its own init script there. The xi packages I didn't check yet. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko

Re: doveadm-server protocol change?

Heiko Schlittermann (Mo 30 Mai 2016 21:18:09 CEST): > Hi Aki, > > aki.tu...@dovecot.fi (Mo 30 Mai 2016 20:57:58 CEST): > … > > You can get packages from http://xi.dovecot.fi/debian/, if it helps. The > > HTTP API should not suffer from the username problem. >

Re: doveadm-server protocol change?

aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F ar

Re: doveadm-server protocol change?

Hi Aki, thank your for responding that fast. aki.tu...@dovecot.fi (Mo 30 Mai 2016 17:49:53 CEST): … > Hi! This has been fixed in 2.2.24. There was a bug in user passing. Ok, thus at least your answer saves me hours of debugging. We upgraded old Ubuntu Boxes (14.04/LTS) to 16.04 to get around s

doveadm-server protocol change?

Hi, I'm doing quota checks from a remote machine (the real setup is a bit more complex, if necessary I can explain it in more detail, but I just extracted the bits that are easily reproduceable) # nc backend1 24245 VERSION doveadm-server 1 0 PLAIN agrVMDvHgz0ya2HHzax5svwB2ZHS

Re: Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

Hi, Stephan Bosch (Mi 27 Apr 2016 11:32:23 CEST): … > Op 4/27/2016 om 11:11 AM schreef Heiko Schlittermann: > > src/imap/cmd-notify.c: "MessageNew", "MessageExpunge", "FlagChange", > > "AnnotationChange", > > src/imap/cmd-notify.c

[SOLVED] Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

t find any traces that indicate support for ANNOATION. But again, I may be wrong, as I do often. changeset: 237:219c13a7696d bookmark:hs12 tag: tip user: Heiko Schlittermann date:Wed Apr 27 11:27:14 2016 +0200 summary: Check the Value before using strlen() diff -r 79

Re: Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome ---

Re: Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

sitory http://hg.dovecot.org/dovecot-metadata-plugin was 2013 . Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}:

Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

("value.shared" "27") S: 2 OK Completed. Is this a known bug that is fixed in later releases? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schl

doveadm backup 2.2.23 ignores -u, but reads USER environment?

anwhile by using -o mail_plugins= as the quota plugin seems to crash 'doveadm backup' Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann,

Re: Deliver same E-Mail in same Mailbox only once ?

eceive it via the mailing list AND directly. Depending on the ML configuration the messages are NOT identical. (ML signature, replaced Reply-To, added header lines, …) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---

Re: LMTP proxy does not pass RCPT TO: ... 5xx response back

ir directly. Doesn't help. Since I have a director/backend setup. Can't quota-status use the same interface doveadm quota uses? Unfortunenatly I didn't find further documentation, except the source itself. Best regards from Dresden/Germany Viele Grüße aus Dresden H

doveadm sync/backup doesn't sync the metadata?

metadata? Did I miss something here? Shouldn't the metadata be part of the backup? (I'm using the latest 2.2.22 for sync purposes, as the stock dovecot just crashed when used as 'doveadm backup …') Best regards from Dresden/Germany Viele Grüße aus Dresden H

Re: LMTP proxy does not pass RCPT TO: ... 5xx response back

means would be good. And using the RCPT TO response would not need any magic mechanisms on the MTA side. We could use recipient verification via callouts (as we do to check the existence of the recipient, w/o the need to do some LDAP lookups). Best regards from Dresden/Germany Vie

Re: ANNOTATE plugin? Squirrel uses it for EXPIRATION information

Hallo Andreas, A. Schulze (So 14 Feb 2016 12:47:19 CET): > > Am 13.02.2016 um 23:24 schrieb Heiko Schlittermann: > >it seems that Squirrel mail uses Mailbox annotations for storing Expire > >times on the Server. It's an Cyrus server currently. (I've no clue how >

ANNOTATE plugin? Squirrel uses it for EXPIRATION information

anything about how it's supposed to work on Cyrus and how it can be emulated/simulated with dovecot? Thanks in advance, Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix suppor

Re: Segmentation fault on doveadm search -A with a huge user base

Andrey Fesenko (Sa 13 Feb 2016 00:01:01 CET): … Thank you for your fast response… doveadm user \* works on the director, gives us 4711 users. The LDAP limits are 'unlimited'. > For dovecot with LDAP we make this > After fix dovecot-ldap.conf > > user_filter = > (&(objectClass=posixAccoun

Segmentation fault on doveadm search -A with a huge user base

child 11235 killed with signal 11 (core dumped) Is this a known behaviour and fixed already, or do I need to do more investigation? (PS: Running the same command on one of the backends works w/o failure) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -

Re: Multiple quota rules from LDAP userdb?

Steffen Kaiser (Fr 12 Feb 2016 09:59:40 CET): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Fri, 12 Feb 2016, Heiko Schlittermann wrote: > > >But, if I'd like to have another quota rule for a submailbox of that > >user? > > > >Inven

LMTP proxy does not pass RCPT TO: ... 5xx response back

ector/proxy about the full mailbox (552 5.2.2 Quota exceeded (mailbox for user is full)) already before the DATA phase starts, right as the response to the RCPT TO. But the proxy seems to ignore it… Any suggestion? Best regards from Dresden/Germany Viele Gr

Multiple quota rules from LDAP userdb?

e/4b/heiko quota_rule *:storage=1000:messages=50 Inventing additional LDAP attributs fooQuotaRule2, ... doesn't scale well. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & un

Re: Config file syntax in gory detail

Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked

[SOLVED] simple bind + X.509 client certificate?

Heiko Schlittermann (Fr 05 Feb 2016 17:13:12 CET): > Hi, > > using dovecot 2.2.9. The LDAP server requests a client certificate from > dovecot. This client certificate will not be used for authentication, > but anyway, the server requests it. No SASL is involved. > ldapsearc

simple bind + X.509 client certificate?

y). Any suggestions? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcom

Re: how do I get the version of the pigeonhole-sieve plugin

Heiko Schlittermann (Fr 22 Jan 2016 12:53:00 CET): > Hello, > > as may parts of the dovecot configuration docs refer to sieve and it's > specific versions, like > > NOTE: Pigeonhole versions before v0.3.1 do not support the lo > > … how do I get the Pigeon

how do I get the version of the pigeonhole-sieve plugin

sieve isn't telling me anything here, because it's bound to the dovecot version number. What do I miss here? Thank you. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & un

Re: How to Restore emails

/ would be fine to, because new/ is the natural place after tmp/. I'm not sure, what this does to the message state the client sees.) Best regards from Dresden/Germany

Re: fail: doveadm backup -s "" with a huuge number of mailboxes

r 128 kB. The complete amount of command line data is near 2 MB. Conclusion: doveadm sync should be able to read a state *file*. IMHO Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix suppo

fail: doveadm backup -s "" with a huuge number of mailboxes

st regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F

Re: TLS communication director -> backend with X.509 cert checks?

Hi Timo Heiko Schlittermann (Mi 14 Okt 2015 01:10:20 CEST): … > Ah, the information comes from the other director running. The other one > is using an unpatched version of dovecot. Your patch for backend-certificate verification works. Thank you for the good and fast work. Is there any

Re: TLS communication director -> backend with X.509 cert checks?

Heiko Schlittermann (Mi 14 Okt 2015 00:46:11 CEST): … > > And if I add -D to the director service, I can see "Debug: request > refreshed timeout to …", > but never I see "Debug: request added". And from what I > understand this would be the place where

Re: TLS communication director -> backend with X.509 cert checks?

Heiko Schlittermann (Mi 14 Okt 2015 00:10:50 CEST): > Timo Sirainen (Di 13 Okt 2015 23:49:20 CEST): > … > > > > Proxying in general does check that hostname matches the SSL certificate, > > because both the hostname and IP address are sent to login process. So it >

Re: TLS communication director -> backend with X.509 cert checks?

Timo Sirainen (Di 13 Okt 2015 23:49:20 CEST): … > > Proxying in general does check that hostname matches the SSL certificate, > because both the hostname and IP address are sent to login process. So it > should work in a way that host= and hostip= is sent. I thought > my patch did that.. Norma

Re: TLS communication director -> backend with X.509 cert checks?

Hi Timo, Heiko Schlittermann (Di 13 Okt 2015 22:33:23 CEST): > > Does the attached patch work? Compiles, but untested. > I'm about to test it. It seems to update the struct mail_host, but it looks as if the data in mail_host do not propagate down to login_proxy_new(). In o

Re: TLS communication director -> backend with X.509 cert checks?

ed to obtain the adress(es)? > > Does the attached patch work? Compiles, but untested. I'm about to test it. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix s

Re: Dualstack IPv4/IPv6 setup with directors

Timo Sirainen (Di 13 Okt 2015 21:42:41 CEST): … > > Oct 13 21:23:29 director1 dovecot: director: Error: > > director(149.x.y.97:9090/out): connect() failed: Connection refused > > Oct 13 21:23:29 director1 dovecot: director: Warning: net_connect_ip(): > > ip->family != my_ip->family > > Oct 13 2

Dualstack IPv4/IPv6 setup with directors

ele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and

Re: TLS communication director -> backend with X.509 cert checks?

he same trusted network with backends.. > Ooo. What if director_mail_servers = backends. and the DNS entry for backends. gets updated? Does the director catch up the change automatically w/o restart? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schl

Re: TLS communication director -> backend with X.509 cert checks?

s soon as we reach out for "official" certs. And because it puts more details about the infrastructure into the configuration than would be necessary. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---

TLS communication director -> backend with X.509 cert checks?

elcome). Or is there any chance that this is fixed already or will be fixed in the near future or even better, that it's my fault? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix s

Re: Dovecot auth-ldap ignores tls_* settings when using ldaps://

thinking about mixed schema in the URIs whould have been my next question :) Ok, I can test what happens if we set tls_options w/o using LDAP+TLS or LDAPS at all. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---

Re: dovecot as proxy and verification of the backends certificate

his gets fixed more or less automatically. Note sure if > that'll happen for v2.3 or not. Thank you. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schl

dovecot as proxy and verification of the backends certificate

Hello, I'm using a dovecot as proxy, connecting to one or more backends. The backends use X.509 certificates. The proxy's passdb returns extra fields: user=foo proxy host=backend1. ssl=yes nopassword=y Thus the proxy connects to the backend but can't verify the backends

Dovecot auth-ldap ignores tls_* settings when using ldaps://

>set.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS It would be great, if somebody can confirm this and if this or some equivalent patch could make it upstream. Best regards from Dresden/Germany Viele Grüße aus Dresden

Re: [Dovecot] MS Exchange IMAP Proxy

Terry Carmen (Mi 30 Nov 2011 21:36:46 CET): > useful in protecting Exchange (from this, > http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I > barking up the wrong tree? > > If Dovecot isn't helpful for this, can anybody point me to a better resource? Some time ago wie used "perd

Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem

Jack Fredrikson (Mon Oct 24 21:00:54 2011): > Hi; > This is my 6th day installing my first Postfix/Dovecot installation. The > Postfix mailing list indicates I've got the MTA under control so now I'm > seeking your help with the MDA. I get these errors with legitimate email > addresses: > Oct 2

Re: [Dovecot] On-delivery deduplication?

Hello Tom, Tom Hendrikx (Wed Jun 8 23:17:29 2011): (…) > > OTOH, if you need such feature, it shouln't be too challenging to write > > a MDA replacement, that decides about duplicity and finally passes the > > remaining messages to the Dovecot MDA. > > > > This happens because the person reply

Re: [Dovecot] On-delivery deduplication?

Xin LI (Wed Jun 8 22:04:51 2011): (…) > A feature of Cyrus-IMAPd I really missed after migrated to Dovecot is > their optional "duplicate suppression", which eliminates duplicate > message at deliver time, if their envelope sender, recipient and > message-id matches. Not sure, but I *think*, c

Re: [Dovecot] Proxy IMAP/POP/ManageSieve/SMTP in a large cluster enviroment

BTW, and I'm not sure, if you still need amavis, as direct scanning (using clamav or some other scanner) will be faster. Same is for Spamassassin, as long as you use it as filter and not just as some evaluator. -- Heiko signature.asc Description: Digital signature

Re: [Dovecot] Proxy IMAP/POP/ManageSieve/SMTP in a large cluster enviroment

Hello, just my comment on you topic: if I'd design such setup, I'd expect, that sooner or later some additional flexibility is needed, that there will be same tasks you never thought about in advance. I'm not sure, if in such case I'd rely on Postfix. Postfix might be fast, but it is by no means a

Re: [Dovecot] IMAP super user

rs. Probably you're looking for things related to auth_master or master. passdb passwd-file { master = yes args = /etc/vmail/master-users } Or search the Wiki for AuthDatabase.PasswdFile Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Sc

Re: [Dovecot] TLS Issue

ollowing the wildcard (like: *.example.com). Why do you really need a wildcard cert? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann HS12-RIPE --

Re: [Dovecot] listescape und sieve

Timo Sirainen (Mi 26 Mai 2010 18:53:56 CEST): > On Fri, 2010-04-30 at 23:49 +0200, Heiko Schlittermann wrote: > > > plugin { > >escape_char = "%" > > } > > > > should change the escape character to %. But it doesnt. Bug or featu

Re: [Dovecot] looking for IMAP testing tool

Phil Howard (Di 18 Mai 2010 16:04:14 CEST): > I'm looking for an IMAP testing tool, suitable to use with Dovecot IMAP. It > needs to support TLS, STARTTLS, and login/authentication. It needs to be > able run from command line, shell scripts, and even do so under cron jobs > (e.g. a way to supply

[Dovecot] listescape und sieve

Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B -

Re: [Dovecot] Question about auth multiple configuration

available in 1.2.11, I don't know since when). Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann HS12-RIPE - gnupg enc

[Dovecot] somebody using Net::Sieve (Perl) with dovecot 1.2.11?

u use? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID:

  1   2   >