On 26/11/23 08:02, Steve Litt wrote:
Is the remote vendor going to take the same care in preserving your
data as you would? You could buy two 2TB spinning rust external hard
drives for seventy bucks each, so if one gets borked you have the
other. If you desire offsite, keep one in a bank safe
On 6/11/23 04:36, jeremy ardley via dovecot wrote:
You should be able to use ssh with port forwarding to establish a TLS
connection between devices. Postfix would see a remote SASL service as
a local service.
An alternative and possibly more reliable and easily configured
mechanism would
On 6/11/23 03:25, Nick Lockheart wrote:
I can't use the real Dovecot IMAP server for auth, because it runs on
a separate server, and Postfix does not support TLS connections for SASL.
--
You should be able to use ssh with port forwarding to establish a TLS
connection between devices. Postfix
On 8/9/23 16:24, Marc wrote:
Since when does a hacked website gain root?
A web search on 'linux web server exploits that gain root' will give
many examples.
Security design by first principle assumes that an attacker will gain
root access.
Best practise is to limit the damage that can c
On 8/9/23 07:38, dovecot--- via dovecot wrote:
Roundcube does not have direct file access to the emails even on the
same server. Roundcube opens a connection to dovecot, supplies the
user/pass/login credentials to dovecot, and dovecot fetches the email
stores and serves it to roundcube. There
On 8/9/23 05:00, joe a wrote:
Any known issues with installing/running roundcube and dovecot on the
same server?
There is a generic issue with doing this. That is if you have roundcube
(or any other web mail interface) on the same server as dovecot, a
breach of the web interface could be q
On 5/9/23 14:31, Michel Verdier wrote:
dovecot with PAM needs plaintext method. So if postfix disable it they
can't share a method.
You have to be careful to require any plaintext client password to
travel over a TLS secured connection
smtpd_tls_auth_only = yes
More generally, it's good p
On 4/9/23 14:03, Willy Manga wrote:
"fatal: no SASL authentication mechanisms"
--
try setting in dovecot
auth_debug = yes
auth_verbose = yes
and then restart both services and check logs when the problem occurs.
Also, be aware that dovecot usually 'subcontracts' the auth process to
pam,
On 6/7/23 20:49, joe a wrote:
On 7/6/2023 8:12 AM, jeremy ardley via dovecot wrote:
On 6/7/23 19:15, joe a wrote:
If your example was meant to show the correct way, I cannot see any
difference between that and what my posted config shows other than
the sequential (contiguous?) in your
On 6/7/23 19:15, joe a wrote:
If your example was meant to show the correct way, I cannot see any
difference between that and what my posted config shows other than the
sequential (contiguous?) in your example.
Perhaps try the different configuration out? Or even better, stick to
one aui
On 6/7/23 10:17, joe a wrote:
Greetings from a new dovecot user.
Have setup dovecot on openSuse 15.4 with postfix as the MTA. Both are
the latest version in that distribution.
Simple virtual user setup using /etc/dovecot/passwd
Dovecot seems to be working and all the defined users are
auth
On 9/6/23 09:17, Richard Troy wrote:
However if your dovecot SASL is broken, say always permitting access
with or without correct password, then there will be a problem
I DID find a discrepancy: smtpd_helo_restrictions did NOT have
permit_sasl_authenticated. I made the change, of course an
On 9/6/23 07:25, Richard Troy wrote:
The relaying only started and stopped when Dovecot was turned on or off.
Isn't it true that Dovecot performs an authentication function for
inbound connect requests, the successful of which then may use the
submission mechanism from what Postfix takes to
On 14/5/23 23:29, Daniel Miller via dovecot wrote:
I only allow explicit service traffic through. IMAPS, SMTPS, etc. If
doveadm is communicating via the IMAP(S) ports then all I can do via
firewall is block countries. Which of course I can but I'm asking
about any additional hardening for Dove
On 14/5/23 09:14, Daniel L. Miller via dovecot wrote:
May 12 15:45:58 cloud1 dovecot: doveadm(194.165.16.78): Error: doveadm
client not compatible with this server (mixed old and new binaries?)
May 13 03:44:31 cloud1 dovecot: doveadm(45.227.254.48): Error: doveadm
client not compatible with
On 16/3/23 14:53, Aki Tuomi wrote:
On 16/03/2023 03:58 EET jeremy ardley wrote:
A good practice would be to use postfix --> dovecot/sasl --> pam -->
backend server and do the uid vetting in the dovecot pam configuration
Dovecot itself can reject uid < 500. Just set fir
On 16/3/23 06:31, Aymeric Agon-Rambosson wrote:
I have a solution to my problem.
For reference, I am putting it here :
A simple way to restrict login based on uids is to modify the file as
such :
#%PAM-1.0
auth required pam_succeed_if.so uid > 500 quiet
@include common-auth
@i
On 15/3/23 18:32, Odhiambo Washington wrote:
On Wed, Mar 15, 2023 at 1:46 AM Aymeric Agon-Rambosson
wrote:
Hello everyone,
From what I understand of the documentation, it is impossible to
log in to the dovecot server as root, or as any user not in the
interval between fi
On 8/2/23 05:08, Dr. Rolf Jansen wrote:
Am 07.02.2023 um 17:54 schrieb jeremy ardley:
On 7/2/23 22:01, Dr. Rolf Jansen wrote:
To begin with, usage of Amazons Simple Email Service (SES) is mandatory for
outgoing mails from AWS-EC2 instances.
I run AWS-EC2 instances using postfix to send a
On 7/2/23 22:01, Dr. Rolf Jansen wrote:
To begin with, usage of Amazons Simple Email Service (SES) is mandatory for
outgoing mails from AWS-EC2 instances.
I run AWS-EC2 instances using postfix to send a receive mail. They can
send direct assuming I set up suitable SPF, but they typically forw
Hi,
I have recently started using claws mail to manage my user sieve scripts
using server dovecot-sieve_1%3a2.3.13+dfsg1-2_arm64.deb
I originally edited ~/.dovecot.sieve to hold my script and I recall that
~/.dovecot.svbin was automatically generated on first use. (either that
or I have forg
On 24/4/22 9:22 am, Jeremy Ardley wrote:
For a start:
https://www.digitalocean.com/community/tutorials/how-to-create-let-s-encrypt-wildcard-certificates-with-certbot
This may be more helpful
https://medium.com/@saurabh6790/generate-wildcard-ssl-certificate-using-lets-encrypt-certbot
On 24/4/22 9:14 am, ミユナ (alice) wrote:
Richard Hector wrote:
otherwise you'll have to use DNS challenge method
to support multiple hostnames on the same certificate.
do you know how to implement this?
the original certificates were issued for domain: sample.com.
But this certs can be used
On 22/4/22 8:24 am, Jeremy Ardley wrote:
local mail.example.com {
protocol imap {
ssl_cert =
My error. The correct example domain override stanza is
#specific domain override
local special.example.com {
protocol imap {
ssl_cert =
OpenPGP_signature
Description: OpenPGP
On 22/4/22 7:50 am, Jeremy Ardley wrote:
On 22/4/22 7:44 am, al...@coakmail.com wrote:
On 22/4/22 7:25 am,al...@coakmail.com wrote:
Thanks. I will give a try.
after enabling SSL, can I disable port 143 entirely?
Probably a bad idea. Many clients use STARTTTLS on port 143 rather
than TLS
On 22/4/22 7:44 am, al...@coakmail.com wrote:
On 22/4/22 7:25 am, al...@coakmail.com wrote:
Thanks. I will give a try.
after enabling SSL, can I disable port 143 entirely?
Probably a bad idea. Many clients use STARTTTLS on port 143 rather than
TLS on port 993
--
Jeremy
OpenPGP_signature
On 22/4/22 7:25 am, al...@coakmail.com wrote:
hello
I have setup website using letsencrypt for certification.
how can I setup IMAP to use this certs as well?
Thank you.
Make entries in /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = You can override the global ssl certificates fo
On 16/12/20 6:16 am, Julian Kippels wrote:
Hi all,
what is the best way to temporarily disable access to a mailbox via
imap, but keep it possible to deliver to the mailbox via lmtp?
I want to migrate some mailboxes around and would like to ensure that
the users cannot access their mail while do
On 10/11/20 1:52 pm, Nikolai Lusan wrote:
Greetings,
On Mon, 2020-11-09 at 23:42 -0600, Raymond Herrera wrote:
> For several years I have been running the following in a Linux
> server.
> Dovecot Version: 2.0.9
> *IMAP:*
> Connection Security: SSL/TLS
> Port: 993
> Authentication Method: Norm
On 16/10/2020 4:04 am, PGNet Dev wrote:
2020-10-15 12:51:45 submission(m...@example.com)<8OJP+rqxuvho7Z95>: Info:
Successfully relayed message: from=, size=84, id=LMe...Aw,
nrcpt=1, reply=`247 2.0.0 Ok: queued as 4CC0KY1wXNzWf93'
not fatal, but wasted effort, and noise in the logs.
h
On 2/7/20 10:07 am, Benny Pedersen wrote:
> Jeremy Ardley skrev den 2020-07-01 06:50:
>
>> local mail.example.com {
>> protocol imap {
>> ssl_cert = > ssl_key = >
>> service imaps_login {
>> inet_listener imaps {
>>
Further to my report on stanzas being only generated the IPv6 addresses
I have found a work-around until someone in the development team comes
up with something like inet_listener_6 and inet_listener_4
The workaround is simply to get dovecot to listen in IPv4 and IPv6. It
has no effect on clients
I have a mail server with multiple IP addresses and associated DNS names
In the dovecot configuration I have a listen directive:
listen = mail.example.com.com,mail.otherexample.com,localhost
Multiple local stanzas are of the form:
local mail.example.com {
protocol imap {
ssl_cert =
33 matches
Mail list logo
