Re: [Dovecot] Enabling security on POP3 and IMAP

Charles Marcus wrote: On 9/28/2009, Richard Hobbs (richard.ho...@crl.toshiba.co.uk) wrote: One question though... before I accept the certificate, i get warnings. One says the cert is not trusted (which is fine - it's self-signed). The other warning, however, mentions a hostname mismatch. Is

Re: [Dovecot] Enabling security on POP3 and IMAP

On 9/28/2009, Richard Hobbs (richard.ho...@crl.toshiba.co.uk) wrote: > One question though... before I accept the certificate, i get warnings. > One says the cert is not trusted (which is fine - it's self-signed). The > other warning, however, mentions a hostname mismatch. Is there any way > to put

Re: [Dovecot] Enabling security on POP3 and IMAP

Hello, Sorry people - i'm an idiot! ;-) I was testing against our new hostnames that we setup for the new mail server. Trouble was - these hostnames were setup initially to point at the old mail server and are still doing so. Having tested against the new mail server's IP address, everything wor

Re: [Dovecot] Enabling security on POP3 and IMAP

Hello, Sorry people - my problem is actually the opposite of what I wrote below... POP3 gives no encryption options whatsoever, and IMAP defaults correctly, but still gives the option for no encryption. Also, the SSL section of dovecot.conf is here: http://pastebin.ca/1582348 Thanks again! Rich

Re: [Dovecot] Enabling security on POP3 and IMAP

Hello, >> Is it possible to offer encrypted and non-encrypted services >> simultaneously, so people have a choice of whether they want >> security or not? I know that's a bit weird, but for testing >> it would be useful. > > No problem. Basically you just need to specify the certificate > (ssl_cer

Re: [Dovecot] Enabling security on POP3 and IMAP

Richard Hobbs wrote: > I'm running Debian Lenny 5.0 btw - does anyone know if these keys were > simply part of the dovecot package, or whether they have been generated > during the installation process and are therefore unique? In Debian Lenny (and Etch) those keys are generated during the instal

Re: [Dovecot] Enabling security on POP3 and IMAP

Hello Richard, Maybe the included .pem files are bad (expire, pointing to wrong server name or whatnot) I'd generate new .pem files. dovecot documentation points to mkcert.sh script. With this script you can generate your own certificate, after filling in the OpenSSL config file used by mkcer

Re: [Dovecot] Enabling security on POP3 and IMAP

Hello, Thanks again for your response... However, upon closer inspection, it seems that both "/etc/ssl/certs/dovecot.pem" and "/etc/ssl/private/dovecot.pem" already exist! I'm running Debian Lenny 5.0 btw - does anyone know if these keys were simply part of the dovecot package, or whether they h

Re: [Dovecot] Enabling security on POP3 and IMAP

Hello Richard, Richard Hobbs, 10.09.2009 (d.m.y): > Thanks for the advice - how do i generate ssl cert files and ssl key > files? Just use OpenSSL. There's a short description of what to do on - or in any other OpenSSL Howto... Gruss/Regards, Christian Schmidt --

Re: [Dovecot] Enabling security on POP3 and IMAP

Hello, Replies inline... Patrick Nagel wrote: > Hi Richard, > > On 2009-09-03 16:38, Richard Hobbs wrote: >> Currently, on our new test server, I am offering IMAP on 143 and POP3 on >> 110. > >> We would like to enable security on both of these protocols to attempt >> to eliminate the risk from

Re: [Dovecot] Enabling security on POP3 and IMAP

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Richard, On 2009-09-03 16:38, Richard Hobbs wrote: > Currently, on our new test server, I am offering IMAP on 143 and POP3 on > 110. > > We would like to enable security on both of these protocols to attempt > to eliminate the risk from an interna

[Dovecot] Enabling security on POP3 and IMAP

Hello, Currently, on our new test server, I am offering IMAP on 143 and POP3 on 110. We would like to enable security on both of these protocols to attempt to eliminate the risk from an internal password-grabbing/content-grabbing attack. I presume this would mean enabling SSL, and a more securur