"Connection reset by peer" means client breaks connection, not server.
Client expects non-SSL connection? Client somehow fails over to non-SSL?
STARTTLS where TLS expected? Client fails to verify server certificate?
Or you use misconfigured imap-proxy?
Have a look at *client* logs. You may try "
Thanks! I will have a look.
-Original Message-
From: @lbutlr via dovecot
Reply-to: "@lbutlr"
To: Davide Marchi via dovecot
Subject: Re: dovecot ssl error message from my own connections
Date: Sat, 30 Mar 2019 06:28:06 -0600
On 30 Mar 2019, at 06:20, Esteban L via dove
Opps, forgot that important requirment! sorry
Dovecot 2.2.27
-Original Message-
From: Aki Tuomi
Reply-to: Aki Tuomi
To: este...@little-beak.com, Esteban L via dovecot
Subject: Re: dovecot ssl error message from my own connections
Date: Sat, 30 Mar 2019 14:25:41 +0200 (EET)
> On
On 30 Mar 2019, at 06:20, Esteban L via dovecot wrote:
> date time myserver dovecot: imap-login: Debug: SSL error: SSL_read()
> syscall failed: Connection reset by peer
I don't get that particular message, but in general Debug messages are
informational, not errors or warnings. Seems like the li
On 30 March 2019 14:20 Esteban L via dovecot <
dovecot@dovecot.org> wrote:
Hello all,
Just a minor thing. Not a big deal, because everything works fine, and
I feel secure with my setup.
Hello all,
Just a minor thing. Not a big deal, because everything works fine, and
I feel secure with my setup.
But, I get this error message pretty much throughout the day/night,
which appears to come from my own mail clients (desktop or mobile).
I would like to resolve it, because it must me som
On 15.1.2014, at 0.54, Andreas Schulze wrote:
> Am 14.01.2014 20:38 schrieb Adrian Zaugg:
>> This is not the test morrison has suggested. Doing his test with telnet
>> and thus not complete the SSL handshake, the connection stays open much
>> longer than 3 Minutes. I closed the connection now man
Am 14.01.2014 20:38 schrieb Adrian Zaugg:
> This is not the test morrison has suggested. Doing his test with telnet
> and thus not complete the SSL handshake, the connection stays open much
> longer than 3 Minutes. I closed the connection now manually after a
> little more than 2 hours. This is on
Hi Pascal
Am 14.01.14 20:26 schrieb Pascal Volk:
> On 01/14/2014 04:42 PM morrison wrote:
> Please define 'forever'
>
> I just did `time openssl s_client -connect mail.example.com:143
> -starttls imap` (and nothing else):
This is not the test morrison has suggested. Doing his test with telnet
an
Am 14.01.2014 20:26, schrieb Pascal Volk:
> Please define 'forever'
>
> I just did `time openssl s_client -connect mail.example.com:143
> -starttls imap` (and nothing else):
>
> CONNECTED(0003)
> depth=0 CN = mail.…
> …
> . OK Pre-login capabilities listed, post-login capabilities have more
On 01/14/2014 04:42 PM morrison wrote:
> Hi,
>
> I am a system admin and I am evaluating using dovecot as our email server. In
> my test, I found that if I telneted to 993 port and did not do anything or I
> telneted to 143 port, sent starttls command and then did not do anything, the
> connect
Hi,
I am a system admin and I am evaluating using dovecot as our email server. In
my test, I found that if I telneted to 993 port and did not do anything or I
telneted to 143 port, sent starttls command and then did not do anything, the
connection stayed forever without timeout. This will make
Am 05.11.2013 20:01, schrieb Frank Elsner:
> after switching from version 2.2.6 to 2.2.7 I miss the loglines which say:
>
> ssl-params: Generating SSL parameters
> ssl-params: SSL parameters regeneration completed
>
> What's going on? No more logging or no regeneration?
it is intentional i guess
On Tue, 5 Nov 2013 20:01:54 +0100 Frank Elsner wrote:
> Hello,
>
> after switching from version 2.2.7 to 2.2.7 I miss the loglines which say:
Sorry, typo. Should read
"after switching from version 2.2.6 to 2.2.7"
^
--Frank
Hello,
after switching from version 2.2.7 to 2.2.7 I miss the loglines which say:
ssl-params: Generating SSL parameters
ssl-params: SSL parameters regeneration completed
The configuration has not been changed and reads:
| # 2.2.7: /usr/local/dovecot/etc/dovecot/dovecot.conf
| # OS: Linux 2.6.
On Oct 10, 2013, at 2:26 PM, Dan Langille wrote:
> On Oct 9, 2013, at 11:43 PM, Noel Butler wrote:
>
>> On 10/10/2013 13:36, Noel Butler wrote:
>>> I can't recall if we previously discussed it, but, why the fascination
>>> with imaps, why not use TLS on 143, or wont that connect either? tried
>>>
On Oct 9, 2013, at 11:43 PM, Noel Butler wrote:
> On 10/10/2013 13:36, Noel Butler wrote:
>> I can't recall if we previously discussed it, but, why the fascination
>> with imaps, why not use TLS on 143, or wont that connect either? tried
>> pop3 TLS ? pop3s?
>> and when you test, use -CAfile /path
On Oct 9, 2013, at 11:36 PM, Noel Butler wrote:
> I can't recall if we previously discussed it, but, why the fascination with
> imaps, why not use TLS on 143, or wont that connect either?
Yes, neither TLS nor IMAPS will connect.
> tried pop3 TLS ? pop3s?
I have not.
My next step will be sett
On 10/10/2013 13:36, Noel Butler wrote:
I can't recall if we previously discussed it, but, why the fascination
with imaps, why not use TLS on 143, or wont that connect either? tried
pop3 TLS ? pop3s?
and when you test, use -CAfile /path/to/(startssl's)CA.pem
I see no auth mech statement, so usi
I can't recall if we previously discussed it, but, why the fascination
with imaps, why not use TLS on 143, or wont that connect either? tried
pop3 TLS ? pop3s?
and when you test, use -CAfile /path/to/(startssl's)CA.pem
I see no auth mech statement, so using hte default is limited, IIRC,
login
On Oct 9, 2013, at 6:33 PM, Noel Butler wrote:
> On 10/10/2013 06:09, Eliezer Croitoru wrote:
>
>> I would imaging that 4k bits certificate handshake and validation can
>> take more then 1 sec..
>> Am I right about it?
>
> hardly
>
> and the size is not his problem.
>
> he was given a test acc
On 10/10/2013 06:09, Eliezer Croitoru wrote:
I would imaging that 4k bits certificate handshake and validation can
take more then 1 sec..
Am I right about it?
hardly
and the size is not his problem.
he was given a test account on my network when I last saw this thread
(few weeks back?), th
Am 09.10.2013 23:09, schrieb Eliezer Croitoru:
> On 10/09/2013 11:15 PM, Reindl Harald wrote:
>> why in the world should it take more than 1 second?
>> and even if - how does this matter?
> The dovecot daemon waited only 1 second for responnse..
says who?
the *client* closed the connection with
On 10/09/2013 11:15 PM, Reindl Harald wrote:
why in the world should it take more than 1 second?
and even if - how does this matter?
The dovecot daemon waited only 1 second for responnse..
and if there is a 900 Mhz client like many devices that uses android how
long it would take to encypt end
Am 09.10.2013 22:09, schrieb Eliezer Croitoru:
> On 10/09/2013 10:55 PM, Reindl Harald wrote:
>>
>>
>> Am 09.10.2013 21:45, schrieb Eliezer Croitoru:
>>> On 10/09/2013 10:31 PM, Reindl Harald wrote:
Am 09.10.2013 21:27, schrieb Eliezer Croitoru:
> On 09/13/2013 02:59 PM, Dan Lang
On 10/09/2013 10:55 PM, Reindl Harald wrote:
Am 09.10.2013 21:45, schrieb Eliezer Croitoru:
On 10/09/2013 10:31 PM, Reindl Harald wrote:
Am 09.10.2013 21:27, schrieb Eliezer Croitoru:
On 09/13/2013 02:59 PM, Dan Langille wrote:
*** /var/log/maillog ***
Sep 13 11:50:46 imaps dovecot: imap
Am 09.10.2013 21:45, schrieb Eliezer Croitoru:
> On 10/09/2013 10:31 PM, Reindl Harald wrote:
>>
>>
>> Am 09.10.2013 21:27, schrieb Eliezer Croitoru:
>>> On 09/13/2013 02:59 PM, Dan Langille wrote:
*** /var/log/maillog ***
Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL fai
On 10/09/2013 10:31 PM, Reindl Harald wrote:
Am 09.10.2013 21:27, schrieb Eliezer Croitoru:
On 09/13/2013 02:59 PM, Dan Langille wrote:
*** /var/log/maillog ***
Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed:
where=0x2002: SSLv3 read client certificate A [166.137.84.11]
Sep 1
Am 09.10.2013 21:27, schrieb Eliezer Croitoru:
> On 09/13/2013 02:59 PM, Dan Langille wrote:
>>
>> *** /var/log/maillog ***
>> Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed:
>> where=0x2002: SSLv3 read client certificate A [166.137.84.11]
>> Sep 13 11:50:46 imaps dovecot: imap-lo
On 09/13/2013 02:59 PM, Dan Langille wrote:
*** /var/log/maillog ***
Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed:
where=0x2002: SSLv3 read client certificate A [166.137.84.11]
Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth
attempts in 1 secs): user=<>, rip=16
Am 09.10.2013 21:06, schrieb Dan Langille:
> On Oct 6, 2013, at 5:06 PM, Reindl Harald wrote:
>> and mail.app is working even with *self signed* certificates and dovecot 2.2
>> you only have to accept / import the certificate
>> proven by a testserver all day long
>
> It seems that the test serve
On Oct 6, 2013, at 5:06 PM, Reindl Harald wrote:
>
>
> Am 06.10.2013 22:42, schrieb Dan Langille:
>> I have Thunderbird working just fine on my Macbook.
>>
>> But my goal is mail.app on my iPhone and my Macbook. When they try to
>> connect, the mail server logs are:
>>
>> Oct 6 20:20:25 ima
Hello *,
what is the reason for this strange behaviour?
May I ignore it?
Oct 8 19:32:20 seymour dovecot: ssl-params: Generating SSL parameters
Oct 8 19:32:29 seymour dovecot: ssl-params: SSL parameters regeneration
completed
Oct 9 07:01:05 seymour dovecot: ssl-params: Generating SSL
On Oct 8, 2013, at 8:59 AM, Dan Langille wrote:
> On 2013-10-07 13:57, Bruno Tréguier wrote:
>> Le 06/10/2013 à 22:42, Dan Langille a écrit :
>> After a long delay, I'm ready to tackle this again.
>> [...]
>> Testing via the command line gives:
>> $ openssl s_client -connect imaps.unixathome.org:
On 2013-10-07 13:57, Bruno Tréguier wrote:
Le 06/10/2013 à 22:42, Dan Langille a écrit :
After a long delay, I'm ready to tackle this again.
[...]
Testing via the command line gives:
$ openssl s_client -connect imaps.unixathome.org:993
CONNECTED(0003)
depth=2 C = IL, O = StartCom Ltd., OU =
Le 06/10/2013 à 22:42, Dan Langille a écrit :
> After a long delay, I'm ready to tackle this again.
[...]
> Testing via the command line gives:
>
> $ openssl s_client -connect imaps.unixathome.org:993
> CONNECTED(0003)
> depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Sign
On 2013-10-06 17:06, Reindl Harald wrote:
Am 06.10.2013 22:42, schrieb Dan Langille:
I have Thunderbird working just fine on my Macbook.
But my goal is mail.app on my iPhone and my Macbook. When they try to
connect, the mail server logs are:
Oct 6 20:20:25 imaps dovecot: imap-login: Warning
Am 06.10.2013 22:42, schrieb Dan Langille:
> I have Thunderbird working just fine on my Macbook.
>
> But my goal is mail.app on my iPhone and my Macbook. When they try to
> connect, the mail server logs are:
>
> Oct 6 20:20:25 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002:
>
On Sep 17, 2013, at 10:59 AM, Bruno Tréguier wrote:
> Le 17/09/2013 à 16:32, Dan Langille a écrit :
>> $ openssl s_client -connect imaps.unixathome.org:993 -quiet
>> depth=0
>> /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmas...@unixathome.org
>>
>> verify error:nu
On Tue, 2013-09-17 at 08:39 -0400, Dan Langille wrote:
> > Since we just ruled this one out, might I suggest you grab the source
> > and build it, install it all under /opt/dovecot that way it wont
> > interfere with your ports installation and try that, the one you
> > successfully just tested
On 16 Sep 2013, at 08:10 , Dan Langille wrote:
> For this test, I reconfigured the server to NOT use IMAPS and restarted it.
> Then I went
> to my iPhone and turned off SSL for this mail account.
>
> That configuration works for my iPhone.
This is very odd. For the record, I used an iPhone (i
Am 17.09.2013 16:44, schrieb Dan Langille:
> On 2013-09-17 10:39, Reindl Harald wrote:
>> you are making it hard to impossible to help you if you are mixing servers
>> and
>> their responses and port 993 will *never ever* show STARTTLS because it is
>> IMAPS which enforces a encrypted connection
Le 17/09/2013 à 16:32, Dan Langille a écrit :
> $ openssl s_client -connect imaps.unixathome.org:993 -quiet
> depth=0
> /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmas...@unixathome.org
>
> verify error:num=20:unable to get local issuer certificate
> verify return:1
On 2013-09-17 10:39, Reindl Harald wrote:
Am 17.09.2013 16:32, schrieb Dan Langille:
*what* says "telnet your-server 143"
$ telnet imaps.unixathome.org 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
At present, I am using dove
Am 17.09.2013 16:32, schrieb Dan Langille:
>> *what* says "telnet your-server 143"
>> $ telnet imaps.unixathome.org 143
>> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
>> STARTTLS AUTH=PLAIN] Dovecot ready.
>
> At present, I am using dovecot-1.2.17 on another server
Am 17.09.2013 15:57, schrieb Dan Langille:
> On 2013-09-17 09:26, Reindl Harald wrote:
>> Am 17.09.2013 15:01, schrieb Dan Langille:
>> On 2013-09-17 08:43, Reindl Harald wrote:
>> Am 17.09.2013 14:39, schrieb Dan Langille:
>> On 2013-09-16 20:28, Noel Butler wrote:
>> Since we just ruled this on
On 2013-09-17 10:05, Reindl Harald wrote:
Am 17.09.2013 15:57, schrieb Dan Langille:
On 2013-09-17 09:26, Reindl Harald wrote:
Am 17.09.2013 15:01, schrieb Dan Langille:
On 2013-09-17 08:43, Reindl Harald wrote:
Am 17.09.2013 14:39, schrieb Dan Langille:
On 2013-09-16 20:28, Noel Butler wrote:
Si
On 2013-09-17 09:26, Reindl Harald wrote:
Am 17.09.2013 15:01, schrieb Dan Langille:
On 2013-09-17 08:43, Reindl Harald wrote:
Am 17.09.2013 14:39, schrieb Dan Langille:
On 2013-09-16 20:28, Noel Butler wrote:
Since we just ruled this one out, might I suggest you grab the source
and build it, ins
On 2013-09-17 09:08, Jerry wrote:
On Tue, 17 Sep 2013 09:01:49 -0400
Dan Langille articulated:
On 2013-09-17 08:43, Reindl Harald wrote:
> Am 17.09.2013 14:39, schrieb Dan Langille:
> On 2013-09-16 20:28, Noel Butler wrote:
> Since we just ruled this one out, might I suggest you grab the
> sourc
Am 17.09.2013 15:01, schrieb Dan Langille:
> On 2013-09-17 08:43, Reindl Harald wrote:
>> Am 17.09.2013 14:39, schrieb Dan Langille:
>> On 2013-09-16 20:28, Noel Butler wrote:
>> Since we just ruled this one out, might I suggest you grab the source
>> and build it, install it all under /opt/dovecot
On Tue, 17 Sep 2013 09:01:49 -0400
Dan Langille articulated:
> On 2013-09-17 08:43, Reindl Harald wrote:
> > Am 17.09.2013 14:39, schrieb Dan Langille:
> > On 2013-09-16 20:28, Noel Butler wrote:
> > Since we just ruled this one out, might I suggest you grab the
> > source and build it, install it
On 2013-09-17 08:43, Reindl Harald wrote:
Am 17.09.2013 14:39, schrieb Dan Langille:
On 2013-09-16 20:28, Noel Butler wrote:
Since we just ruled this one out, might I suggest you grab the source
and build it, install it all under /opt/dovecot that way it wont
interfere with your ports installati
Am 17.09.2013 14:39, schrieb Dan Langille:
> On 2013-09-16 20:28, Noel Butler wrote:
>> Since we just ruled this one out, might I suggest you grab the source
>> and build it, install it all under /opt/dovecot that way it wont
>> interfere with your ports installation and try that, the one you
>>
On 2013-09-16 20:28, Noel Butler wrote:
On Mon, 2013-09-16 at 10:10 -0400, Dan Langille wrote:
On Sep 14, 2013, at 10:36 PM, Noel Butler wrote:
> On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote:
>
>
>>>
>>
>> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect.
>>
>
>
On Mon, 2013-09-16 at 10:10 -0400, Dan Langille wrote:
> On Sep 14, 2013, at 10:36 PM, Noel Butler wrote:
>
> > On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote:
> >
> >
> >>>
> >>
> >> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect.
> >>
> >
> >
> > Well, its
On Sep 16, 2013, at 10:56 AM, Reindl Harald wrote:
>
>
> Am 16.09.2013 16:48, schrieb Dan Langille:
>> On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote:
>>
>>> Am 16.09.2013 16:10, schrieb Dan Langille:
> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs
> has re
Am 16.09.2013 16:48, schrieb Dan Langille:
> On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote:
>
>> Am 16.09.2013 16:10, schrieb Dan Langille:
Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs
has really be deprecated everywhere for some time now)
>>>
>>> For thi
On Sep 16, 2013, at 10:21 AM, Reindl Harald wrote:
>
>
> Am 16.09.2013 16:10, schrieb Dan Langille:
>>> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs
>>> has really be deprecated everywhere for some time now)
>>
>> For this test, I reconfigured the server to NOT use I
Am 16.09.2013 16:10, schrieb Dan Langille:
>> Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs
>> has really be deprecated everywhere for some time now)
>
> For this test, I reconfigured the server to NOT use IMAPS and restarted it.
> Then I went
> to my iPhone and turn
On Sep 14, 2013, at 10:36 PM, Noel Butler wrote:
> On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote:
>
>
>>>
>>
>> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect.
>>
>
>
> Well, its likely an Apple fault, after all their implementation of pop3
> has been known
On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote:
> >
>
> Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect.
>
Well, its likely an Apple fault, after all their implementation of pop3
has been known to be broken for many many many years, but still after
all these yea
On Sep 14, 2013, at 3:28 PM, Daniel Reinhardt wrote:
> Are you getting asked to add an exception to the email applications
> certificate dialogue box?
>
> This is an example with Thunderbird.
>
> http://jwrr.com/content/Hostgator-Thunderbird-Email-Configuration/images/thunderbird-mail-account-ad
Are you getting asked to add an exception to the email applications
certificate dialogue box?
This is an example with Thunderbird.
http://jwrr.com/content/Hostgator-Thunderbird-Email-Configuration/images/thunderbird-mail-account-add-security-exception.jpg
Dan
On Sat, Sep 14, 2013 at 7:21 PM, D
On Sep 13, 2013, at 9:55 PM, Noel Butler wrote:
> On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote:
>
>
>> Perhaps I am doing the chain incorrectly. I just tried again. The
>> server is now set up with the following:
>>
>> I have three certs in this chain file:
>>
>> cat imaps.unixath
On Fri, 2013-09-13 at 10:18 -0400, Dan Langille wrote:
> Perhaps I am doing the chain incorrectly. I just tried again. The
> server is now set up with the following:
>
> I have three certs in this chain file:
>
> cat imaps.unixathome.org.pem sub.class1.server.ca.pem ca.pem >
> testing.chain
I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for
personal use (i.e. only me).
I have success with self-signed certificates but not with others (e.g.
my setup is similar (although I'm at dovecot 2.1.17) using certs from
StartSSL with several macs and many iphones, and it works.
On 2013-09-13 10:18, Dan Langille wrote:
On 2013-09-13 09:18, Oscar del Rio wrote:
On 09/13/13 07:59 AM, Dan Langille wrote:
I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for
personal use (i.e. only me).
I have success with self-signed certificates but not with others (e.g.
St
On 2013-09-13 09:18, Oscar del Rio wrote:
On 09/13/13 07:59 AM, Dan Langille wrote:
I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for
personal use (i.e. only me).
I have success with self-signed certificates but not with others (e.g.
StartSSL.com)
/usr/local/etc/ssl/imaps.un
On 09/13/13 07:59 AM, Dan Langille wrote:
I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for
personal use (i.e. only me).
I have success with self-signed certificates but not with others (e.g.
StartSSL.com)
/usr/local/etc/ssl/imaps.unixathome.org.crt contains only the cert
is
I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for
personal use (i.e. only me).
I have success with self-signed certificates but not with others (e.g.
StartSSL.com)
With StartSSL certs:
I've been able to connect and test commands via: openssl s_client
-connect imaps.unixathom
Hi,
I want that dovecot uses PFS with my Apple Devices. I set the Cipher List to:
ssl_cipher_list =
DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!CBC:!PSK:!SRP:!DSS:!SSLv2:!RC4
I got this from here:
http://www.kuketz-blog.de/perfect-forward-secrecy-mit-apple-mail/
B
On 18.7.2013, at 19.33, Anand Kumria wrote:
> I've had the following appear in my logfile, and am just wondering
> what the warning means?
>
> dovecot: managesieve-login: Warning: SSL alert: where=0x4008, ret=256:
> warning close notify [a.b.c.d]
> dovecot: imap-login: Warning: SSL alert: where=
Hi,
I've had the following appear in my logfile, and am just wondering
what the warning means?
dovecot: managesieve-login: Warning: SSL alert: where=0x4008, ret=256:
warning close notify [a.b.c.d]
dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=256:
warning close notify [w.x.y.z]
Shou
At 1PM -0700 on 11/07/13 you (Professa Dementia) wrote:
>
> If you have access to a Unix / Linux system, you can use openssl with
> the s_client command to connect to your mail server, much as you would
> have done with telnet in the old days. openssl shows all of the key
> exchange in detail an
On 7/11/2013 11:47 AM, Peter von Nostrand wrote:
> Hi,
> I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with
> SSL certificate not being accepted by the email client.
> I have my own CA and I have generated certificates for web usage without a
> problem.
>
> For imaps and po
Am 11.07.2013 21:51, schrieb Peter von Nostrand:
> On Thu, Jul 11, 2013 at 4:23 PM, Reindl Harald
> because thunderbird does not trust your own CA by default
> without import it there by hand - you can not expect to
> cat your CA to the cert for the server and that is enough
> to g
Am 11.07.2013 20:47, schrieb Peter von Nostrand:
> I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with
> SSL certificate not being accepted by the email client.
> I have my own CA and I have generated certificates for web usage without a
> problem.
>
> For imaps and pop3s
Hi,
I'm running a new dovecot 2.0.9 under Centos 6.4. I'm having an issue with
SSL certificate not being accepted by the email client.
I have my own CA and I have generated certificates for web usage without a
problem.
For imaps and pop3s what I did was generate a certificate for the hostname
of m
When I upgraded my debian-based imap server from squeeze to wheezy
yesterday, SSL stopped working.
I am using a http://cacert.org signed server sertificate, and I am
reusing the certificates that were used on the 1.x dovecot of debian
squeeze.
My three MUAs that worked against the previous 1.x do
On 2013-02-23 11:32 AM, Reindl Harald wrote:
Am 23.02.2013 17:03, schrieb Charles Marcus:
OpenSSL was 1.0.0j, now updated to 1.0.1c
Dovecot was 2.1.13, now updated to 2.1.15
on which distribtuion can you update openssl with a ABI-bump
without re-compile half of the system?
Gentoo... been u
On 23.2.2013, at 18.03, Charles Marcus wrote:
> Ok, I have a strange problem after updating both dovecot and openssl...
>
> OpenSSL was 1.0.0j, now updated to 1.0.1c
> Dovecot was 2.1.13, now updated to 2.1.15
>
> I'm getting a bunch of lines like the following:
>
> Feb 23 10:48:01 myhost dove
Am 23.02.2013 17:03, schrieb Charles Marcus:
> OpenSSL was 1.0.0j, now updated to 1.0.1c
> Dovecot was 2.1.13, now updated to 2.1.15
on which distribtuion can you update openssl with a ABI-bump
without re-compile half of the system? 1.0.0x is not binary
compatible with 1.0.1x and that is as examp
Hi all,
Ok, I have a strange problem after updating both dovecot and openssl...
OpenSSL was 1.0.0j, now updated to 1.0.1c
Dovecot was 2.1.13, now updated to 2.1.15
I'm getting a bunch of lines like the following:
Feb 23 10:48:01 myhost dovecot: imap-login: Disconnected (no auth
attempts in 29
On Fri, 2012-11-23 at 19:49 -0700, The Doctor wrote:
> Who is the best CA Certificate provider for Dovecot?
>
Anyone but verisign, dont get me started on them :)
Now that Thawte are no longer owned by those criminals, I highly
recommend them for certs for web sites.
But if its just for mail/we
The Doctor wrote:
> Who is the best CA Certificate provider for Dovecot?
What do you mean by "best"?
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
Who is the best CA Certificate provider for Dovecot?
--
Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca
God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
http://www.fullyfollow.me/rootnl2k Merry Christmas 2012 and Happy New Year 2013
Am 19.09.2012 10:00, schrieb cc "maco" young:
> for testing a new ssl cert. it works ok for browsers, but
>
>> openssl s_client -crlf -connect ms1.trailsandtribulations.net:443
>
> => verify error:num=19:self signed certificate in certificate chain
>
> is this ssl cert - as it's constructed -
for testing a new ssl cert. it works ok for browsers, but
> openssl s_client -crlf -connect ms1.trailsandtribulations.net:443
=> verify error:num=19:self signed certificate in certificate chain
is this ssl cert - as it's constructed - is ok for mail clients? (realize
needs to be on mail port
Thank you, Timo.
On 07/28/2012 09:57 AM, Timo Sirainen wrote:
On 24.7.2012, at 21.27, Asai wrote:
Greetings,
In doing some debugging of authentication issues, I'm wondering if these SSL
warnings are anything to be investigating?
Jul 24 11:23:16 triata dovecot: imap-login: Warning: SSL: wher
On 24.7.2012, at 21.27, Asai wrote:
> Greetings,
>
> In doing some debugging of authentication issues, I'm wondering if these SSL
> warnings are anything to be investigating?
>
> Jul 24 11:23:16 triata dovecot: imap-login: Warning: SSL: where=0x10, ret=1:
> before/accept initialization [192.16
Greetings,
In doing some debugging of authentication issues, I'm wondering if these
SSL warnings are anything to be investigating?
Jul 24 11:23:16 triata dovecot: imap-login: Warning: SSL: where=0x10,
ret=1: before/accept initialization [192.168.70.101]
Jul 24 11:23:16 triata dovecot: imap-lo
On Thu, Apr 12, 2012 at 11:35:48AM +0300, Timo Sirainen wrote:
> On 12.4.2012, at 11.33, Thomas Leuxner wrote:
>
> > On Thu, Apr 12, 2012 at 11:17:50AM +0300, Timo Sirainen wrote:
> >> But do you keep your intermediate cert in ssl_ca file or ssl_cert file?
> >
> > Separate. Root and intermediate
On 12.4.2012, at 11.33, Thomas Leuxner wrote:
> On Thu, Apr 12, 2012 at 11:17:50AM +0300, Timo Sirainen wrote:
>> But do you keep your intermediate cert in ssl_ca file or ssl_cert file?
>
> Separate. Root and intermediate are in ssl_ca:
The documentation tells to put the intermediary to ssl_cert
On Thu, Apr 12, 2012 at 11:17:50AM +0300, Timo Sirainen wrote:
> But do you keep your intermediate cert in ssl_ca file or ssl_cert file?
Separate. Root and intermediate are in ssl_ca:
$ cat /etc/ssl/certs/SSL123_CA_Bundle.pem
-BEGIN CERTIFICATE-
MIIEjzCCA3egAwIBAgIQdhASihe2grs6H50amjXAkjA
On 12.4.2012, at 11.16, Thomas Leuxner wrote:
> On Thu, Apr 12, 2012 at 10:43:22AM +0300, Timo Sirainen wrote:
>> What kind of a certificate do you have? You have an intermediary cert that
>> exists only in ssl_ca file? I couldn't reproduce this with a test. But
>> anyway, reverted for now: http
On Thu, Apr 12, 2012 at 10:43:22AM +0300, Timo Sirainen wrote:
> What kind of a certificate do you have? You have an intermediary cert that
> exists only in ssl_ca file? I couldn't reproduce this with a test. But
> anyway, reverted for now: http://hg.dovecot.org/dovecot-2.1/rev/f80f18d0ffa3
>
T
On 12.4.2012, at 10.43, Timo Sirainen wrote:
> On 12.4.2012, at 10.11, Thomas Leuxner wrote:
>
>> Some change between bf5ae73e9475 and 584bd77c38fd seems to have broken
>> something in the SSL Handshake. A previously valid server certificate is
>> deemed invalid by various mail clients.
>>
>> ht
On 12.4.2012, at 10.11, Thomas Leuxner wrote:
> Some change between bf5ae73e9475 and 584bd77c38fd seems to have broken
> something in the SSL Handshake. A previously valid server certificate is
> deemed invalid by various mail clients.
>
> http://hg.dovecot.org/dovecot-2.1/rev/bf5ae73e9475 works
Some change between bf5ae73e9475 and 584bd77c38fd seems to have broken
something in the SSL Handshake. A previously valid server certificate is
deemed invalid by various mail clients.
http://hg.dovecot.org/dovecot-2.1/rev/bf5ae73e9475 works fine while
http://hg.dovecot.org/dovecot-2.1/rev/584bd77c
http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html -> "Things
get worse" shows that it's easier to DoS the server with multiple
connections than with renegotiations, so I don't know if there's much
point in disabling renegotiations. Perhaps Dovecot could allow e.g. one
renegotiation per
1 - 100 of 355 matches
Mail list logo
