sions
of Dovecot, what sequences of (terminology?) API calls are legitimate?
--
Cheers,
Jeremy
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
On 26/11/23 08:02, Steve Litt wrote:
Is the remote vendor going to take the same care in preserving your
data as you would? You could buy two 2TB spinning rust external hard
drives for seventy bucks each, so if one gets borked you have the
other. If you desire offsite, keep one in a bank safe
On 6/11/23 04:36, jeremy ardley via dovecot wrote:
You should be able to use ssh with port forwarding to establish a TLS
connection between devices. Postfix would see a remote SASL service as
a local service.
An alternative and possibly more reliable and easily configured
mechanism would
On 6/11/23 03:25, Nick Lockheart wrote:
I can't use the real Dovecot IMAP server for auth, because it runs on
a separate server, and Postfix does not support TLS connections for SASL.
--
You should be able to use ssh with port forwarding to establish a TLS
connection between devices. Postfix
On 8/9/23 16:24, Marc wrote:
Since when does a hacked website gain root?
A web search on 'linux web server exploits that gain root' will give
many examples.
Security design by first principle assumes that an attacker will gain
root access.
Best practise is to limit the damage that can c
On 8/9/23 07:38, dovecot--- via dovecot wrote:
Roundcube does not have direct file access to the emails even on the
same server. Roundcube opens a connection to dovecot, supplies the
user/pass/login credentials to dovecot, and dovecot fetches the email
stores and serves it to roundcube. There
On 8/9/23 05:00, joe a wrote:
Any known issues with installing/running roundcube and dovecot on the
same server?
There is a generic issue with doing this. That is if you have roundcube
(or any other web mail interface) on the same server as dovecot, a
breach of the web interface could be q
On 5/9/23 14:31, Michel Verdier wrote:
dovecot with PAM needs plaintext method. So if postfix disable it they
can't share a method.
You have to be careful to require any plaintext client password to
travel over a TLS secured connection
smtpd_tls_auth_only = yes
More generally, it's good p
On 4/9/23 14:03, Willy Manga wrote:
"fatal: no SASL authentication mechanisms"
--
try setting in dovecot
auth_debug = yes
auth_verbose = yes
and then restart both services and check logs when the problem occurs.
Also, be aware that dovecot usually 'subcontracts' the auth process to
pam,
On 6/7/23 20:49, joe a wrote:
On 7/6/2023 8:12 AM, jeremy ardley via dovecot wrote:
On 6/7/23 19:15, joe a wrote:
If your example was meant to show the correct way, I cannot see any
difference between that and what my posted config shows other than
the sequential (contiguous?) in your
auithentication method only.
Jeremy
--
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
On 6/7/23 10:17, joe a wrote:
Greetings from a new dovecot user.
Have setup dovecot on openSuse 15.4 with postfix as the MTA. Both are
the latest version in that distribution.
Simple virtual user setup using /etc/dovecot/passwd
Dovecot seems to be working and all the defined users are
auth
and with that
done, am now going to open the ports and renew my vigil for relays!
Fingers crossed!
Thanks, Jeremy - even if it doesn't work, it's a good clean shot at a
fix! And, if that was it, it's easy to see how that could be
overlooked. . .
Richard
smtpd_rel
On 9/6/23 07:25, Richard Troy wrote:
The relaying only started and stopped when Dovecot was turned on or off.
Isn't it true that Dovecot performs an authentication function for
inbound connect requests, the successful of which then may use the
submission mechanism from what Postfix takes to
On 14/5/23 23:29, Daniel Miller via dovecot wrote:
I only allow explicit service traffic through. IMAPS, SMTPS, etc. If
doveadm is communicating via the IMAP(S) ports then all I can do via
firewall is block countries. Which of course I can but I'm asking
about any additional hardening for Dove
e you
control. For any other source, simply drop the connection.
You can get really fancy and use port forwarding using ssh to connect
from remote but appear as localhost to the server. This access can be
configured in dovecot as well as firewall
J
On 16/3/23 14:53, Aki Tuomi wrote:
On 16/03/2023 03:58 EET jeremy ardley wrote:
A good practice would be to use postfix --> dovecot/sasl --> pam -->
backend server and do the uid vetting in the dovecot pam configuration
Dovecot itself can reject uid < 500. Just set fir
se the
# traditional Unix authentication mechanisms.
A good practice would be to use postfix --> dovecot/sasl --> pam -->
backend server and do the uid vetting in the dovecot pam configuration
--
Jeremy
users
If dovecot won't allow root users to access dovecot services directly
then that is a dovecot configuration separate from pam or any other
authentication method.
https://doc.dovecot.org/configuration_manual/authentication/pam/
Jeremy
gt;
> Aki
>
>> On 05/03/2023 18:43 EET Jeremy
>> wrote:
>>
>> Hi,
>>
>> Thanks for the notice! But yes, I was aware of this. For future reference
>> though, would you mind telling me how I would go about doing this? I take it
>> I'd
gt; password is changed, it will require corresponding update for user's master
> key.
>
> Aki
>
>> On 04/03/2023 17:07 EET Jeremy
>> wrote:
>>
>> Hi,
>>
>> Yeah, I just realized myself that what I did there was probably not the
>> smar
n text string. Depending on your threat model it might or not be an
> issue that admins have access to the password used to encrypt mails.
>
> Aki
>
>> On 04/03/2023 16:12 EET Jeremy
>> wrote:
>>
>> Hi again,
>>
>> I was able to solve both quest
estion.
--- Original Message ---
On Thursday, February 23rd, 2023 at 08:53, Jeremy
wrote:
> Hi again,
>
> I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for
> managing virtual accounts.
>
> After an initial topic from me about encrypting alr
Hi again,
I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for
managing virtual accounts.
After an initial topic from me about encrypting already existent mail, I could
now use some pointers on how to set up the mail-crypt plugin for pure virtual
accounts (i.e. that have
st thread so it might provide some context if
> needed:
>
> https://dovecot.org/pipermail/dovecot/2021-July/122469.html
>
>
> On 2/21/23 16:29, Jeremy wrote:
>
> > On Tuesday, February 21st, 2023 at 09:54, Aki Tuomi
> > aki.tu...@open-xchange.com wrote:
>
On Tuesday, February 21st, 2023 at 09:54, Aki Tuomi
wrote:
> > On 16/02/2023 07:18 EET mailinglist-subscriptions
> > mailinglist-subscripti...@protonmail.com wrote:
> >
> > Hi,
> >
> > I am using dovecot 2.3.16, along with postfix and a PostgreSQL database for
> > managing virtual accounts.
On 8/2/23 05:08, Dr. Rolf Jansen wrote:
Am 07.02.2023 um 17:54 schrieb jeremy ardley:
On 7/2/23 22:01, Dr. Rolf Jansen wrote:
To begin with, usage of Amazons Simple Email Service (SES) is mandatory for
outgoing mails from AWS-EC2 instances.
I run AWS-EC2 instances using postfix to send a
forward
mail to another host under my control that is not on AWS to use as the
outgoing server.
Jeremy
effect does not having a .svbin version have on
typical small installation?
--
Jeremy
n about what is going on in one of
the pids? It would seem like one of the clients is opening up a
connection and for some reason its not dropping and it keeps just
opening up new ones, but there are no errors in the log files. Once I
turn off the client the connections are not clearing.
-
close and
the count go down, correct?
I turned off both tablets and the connection count for my username still
is at 60, since I am writing this email with my computer client I will
send it and close my client and see what happens. Thanks! - Jeremy
On 6/9/2022 11:29, Richard wrote:
Date: Thu
Thank you! That worked, I piped the output to a file, grep the username
and sure enough there are 60 lines. So I guess going over 50 was a
possibility.
Learn something new every day. I set the maximum to 100 so I should not
have any errors on that anymore.
Thanks! - Jeremy
On 6/9/2022 10
there a option to get it to give
me that information?
Thanks! - Jeremy
On 6/9/2022 6:37, Paul Kudla (SCOM.CA Internet Services Inc.) wrote:
ok the idle connection per folder is a factor
however in thunderbird i believe it defaults to 2 simultanious
connections
mine is set to 5
in thund
Ahhh, Ok, I did not know that and now that makes sense. I did not
realize it held a open connection for each folder. I increased that and
I will see what happens. I wonder if that will also effect the outlook
issues. Thanks! - Jeremy
On 6/8/2022 14:28, Frank-Ulrich Sommer wrote:
I think if
I need to look for. It's been going
on since I put this server in use over a year ago. I also have issues
with Outlook clients disconnecting, just outlook, is there any
recommended settings to make Outlook work smoother?
Thanks! - Jeremy
Config -
# 2.2.36 (1f10bfa63): /etc/dovecot/d
Figured out my issues. Stupid error on my part. I had
$config['managesieve_conn_options'] in there twice defeating my SSL
preferences. All is well now.
Thanks
-jeremy
On 2022-06-07 00:37, Jeremy Hansen wrote:
$config['managesieve_port'] = 4190;
$config['manage
;managesieve_usetls'] = false;
$config['managesieve_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
),
);
Same error in the logs. I’m actually not seeing a separate log for sieve. Maybe
I have to define a
licate mime foreverypart
extracttext"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready.”
90-sieve.conf:
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
recipient_delimiter = +
}
20-managesieve
Any pointers to get dovecot configured with sieve for Roundcube filters? Things
I’ve found through search seem a bit all over the place. I’m using CentOS
8/Rocky Linux hosts.
Thanks
signature.asc
Description: PGP signature
On 24/4/22 9:22 am, Jeremy Ardley wrote:
For a start:
https://www.digitalocean.com/community/tutorials/how-to-create-let-s-encrypt-wildcard-certificates-with-certbot
This may be more helpful
https://medium.com/@saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot
used for any.sample.com too?
There is a procedure for wildcards but it's a little complex. It helps
to have your own bind server.
For a start:
https://www.digitalocean.com/community/tutorials/how-to-create-let-s-encrypt-wildcard-certificates-with-certbot
--
Jeremy
OpenPGP_signature
D
On 22/4/22 8:24 am, Jeremy Ardley wrote:
local mail.example.com {
protocol imap {
ssl_cert =
My error. The correct example domain override stanza is
#specific domain override
local special.example.com {
protocol imap {
ssl_cert =
OpenPGP_signature
Description: OpenPGP
On 22/4/22 7:50 am, Jeremy Ardley wrote:
On 22/4/22 7:44 am, al...@coakmail.com wrote:
On 22/4/22 7:25 am,al...@coakmail.com wrote:
Thanks. I will give a try.
after enabling SSL, can I disable port 143 entirely?
Probably a bad idea. Many clients use STARTTTLS on port 143 rather
than TLS
On 22/4/22 7:44 am, al...@coakmail.com wrote:
On 22/4/22 7:25 am, al...@coakmail.com wrote:
Thanks. I will give a try.
after enabling SSL, can I disable port 143 entirely?
Probably a bad idea. Many clients use STARTTTLS on port 143 rather than
TLS on port 993
--
Jeremy
On 22/4/22 7:25 am, al...@coakmail.com wrote:
hello
I have setup website using letsencrypt for certification.
how can I setup IMAP to use this certs as well?
Thank you.
Make entries in /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = You can override the global ssl certificates fo
>
> The fix you made might seemingly work, but it's going to break something
> in future. The \0 are not introduced by dovecot.
>
> Aki
>
> > On 12/10/2021 21:45 Jeremy Hanmer wrote:
> >
> >
> > I looked into LMTP, but reconfiguring our 1.5 million ma
someone more familiar with the codebase.
On Tue, Oct 12, 2021 at 8:39 AM Alessio Cecchi wrote:
> Hi Jeremy,
>
> I had the same problem as you.
>
> We run an email hosting service with Maildir on NetApp NFS, Dovecot
> Director and Backend servers for POP/IMAP and messagges deli
I know this has been reported in the past, but I think I have some useful
new information on the problem. After an OS upgrade from Ubuntu Xenial
(4.4.0 kernel) to Ubuntu Focal (5.4.0 kernel) and corresponding upgrade
from Dovecot 2.2.27 to 2.3.7.2, we've started seeing broken uidlist files
to an ex
.
--
Jeremy
OpenPGP_signature
Description: OpenPGP digital signature
On 10/11/20 1:52 pm, Nikolai Lusan wrote:
Greetings,
On Mon, 2020-11-09 at 23:42 -0600, Raymond Herrera wrote:
> For several years I have been running the following in a Linux
> server.
> Dovecot Version: 2.0.9
> *IMAP:*
> Connection Security: SSL/TLS
> Port: 993
> Authentication Method: Norm
On 16/10/2020 4:04 am, PGNet Dev wrote:
2020-10-15 12:51:45 submission(m...@example.com)<8OJP+rqxuvho7Z95>: Info:
Successfully relayed message: from=, size=84, id=LMe...Aw,
nrcpt=1, reply=`247 2.0.0 Ok: queued as 4CC0KY1wXNzWf93'
not fatal, but wasted effort, and noise in the logs.
h
On 2/7/20 10:07 am, Benny Pedersen wrote:
> Jeremy Ardley skrev den 2020-07-01 06:50:
>
>> local mail.example.com {
>> protocol imap {
>> ssl_cert = > ssl_key = >
>> service imaps_login {
>> inet_listener imaps {
>>
Further to my report on stanzas being only generated the IPv6 addresses
I have found a work-around until someone in the development team comes
up with something like inet_listener_6 and inet_listener_4
The workaround is simply to get dovecot to listen in IPv4 and IPv6. It
has no effect on clients
I have a mail server with multiple IP addresses and associated DNS names
In the dovecot configuration I have a listen directive:
listen = mail.example.com.com,mail.otherexample.com,localhost
Multiple local stanzas are of the form:
local mail.example.com {
protocol imap {
ssl_cert =
eiled.
Any other options or suggestions are welcome. We are also wondering, if we
have to go with the custom authentication setup, if there are any examples
out there to base our scripts off in setting it up.
Thank you,
Jeremy
Hi,
I'm hoping that someone might be able to help, as I've been going in
circles with trying to get the right configuration done here. I'm also
not sure whether this is more of a Dovecot or DSpam question, so I'm
posting the same to both mailing lists.
My goal is to have a mail setup that is
it doesn't currently have any flags,
though. Would there just be two commas in a row, followed by my
non-standard flag?
If I haven't missed or misconfigured anything and what I said above is
correct, the wiki should be changed so others don't run into the same
problems I have. I'm happy to do so, but I didn't want to make any
changes without making sure I was right about what was going on.
Thanks,
Jeremy
Johannes Berg wrote:
> Hi,
>
>> However, I know from looking at the dspam system.log file, the retraining
>> actually happens - so it
>> -does- appear to be calling dspam. It appears that the 'move' operation
>> fails.
>
>> Plugin debug log when I attempt to move a message:
>> Jun 13 09:29:07 s
Marcin Rzepecki wrote:
> Sat, Jun 13, 2009 at 07:34:49AM -0700, Jeremy Doran wrote:
>> Hi,
>>
>> I had this working until I recently upgraded Dovecot, and now I'm getting a
>> message back from
>> Thunderbird of "Failed to call dspam." when
Harlan Stenn wrote:
> It is probably a good idea to figure out the underlying problem instead
> of ignoring it.
>
> I use the following patch...
Oh, I agree.
The extra logging only produced these extra lines in the logs:
> Jun 13 15:35:18 stelleri imap: antispam: mailbox_is_unsure(SPAM): 0
> Ju
Hi,
I had this working until I recently upgraded Dovecot, and now I'm getting a
message back from
Thunderbird of "Failed to call dspam." when I attempt to move a message into
one of the designated
spam folders.
However, I know from looking at the dspam system.log file, the retraining
actually
nt_restrictions=permit_sasl_authenticated,reject
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=nobody:mail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}
Thanks Everyone!
- Jeremy
/SimpleVirtualInstall
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
I'm reading the ADDRESS_CLASS_README, but it seems like I'll have to mirror
the settings from Dovecot to Postfix. That doesn't seem right:
http://www.postfix.org/ADDRESS_CLASS_README.html
Thanks,
Jeremy
restrictions=permit_sasl_authenticated,reject
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}
THANKS,
Jeremy
rgv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}
THANKS,
Jeremy
ATING
smtp unix - - n - - smtp
# Dovecot LDA
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${recipient}
THANKS,
Jeremy
I have Dovecot setup with Postfix and can't seem to connect to to the SMTP
server (port 25) unless I'm on the server itself (telnet localhost 25). For
example, I cannot use my mail client, Thunderbird, to send mail from my
laptop -- it cannot even connect to the server. I checked the logs and
no
7210033: to=<
[EMAIL PROTECTED]>, relay=dovecot, delay=0.08, delays=0.02/0.03/0/0.03,
dsn=5.1.1, status=bounced (user unknown)
Jun 10 22:48:24 mozmonkey postfix/qmgr[27282]: 041A7210033: removed
- LOG END -
Thanks,
Jeremy
68 matches
Mail list logo
