For a 200kb task that runs once a day/week? I think you can just run this
certbot stuff under a different user, people are probably just to 'lazy' to
adapt this.
>
> if you put all that into docker you can mitigate the privilege issue -
> you only need to chown the letsencrypt files as needed
if you put all that into docker you can mitigate the privilege issue - you only
need to chown the letsencrypt files as needed while copying them to the
directories for the dovecot certificates.
Am 23. Januar 2025 um 09:34 schrieb "Marc via dovecot" mailto:dovecot@dovecot.org?to=%22Marc%20via%20
as root, you get blocked.
> -Original Message-
> From: Benny Pedersen via dovecot
> Sent: Thursday, 23 January 2025 09:27
> To: dovecot@dovecot.org
> Subject: Re: Fwd: Fwd: [OFFLIST] Re: connection refused, no error
> anywhere
>
> Marc via dovecot sk
they consider it and apply these changes.
> -Original Message-
> From: Marc
> Sent: Thursday, 23 January 2025 09:35
> To: 'Benny Pedersen' ; dovecot@dovecot.org
> Subject: RE: Fwd: Fwd: [OFFLIST] Re: connection refused, no error
> anywhere
>
> I have 0 is
Marc via dovecot skrev den 2025-01-23 09:21:
dovecot starts as root, and drops priveleges later, so group it non
rooted is a security problem on its own :)
certbot creates letencrypt pem files owned by root and grouped root,
only the private key cant be readed by other users then root
wtf le
>
> dovecot starts as root, and drops priveleges later, so group it non
> rooted is a security problem on its own :)
>
> certbot creates letencrypt pem files owned by root and grouped root,
> only the private key cant be readed by other users then root
>
wtf letsencrypt still requires root?? Wh
Robert Nowotny via dovecot skrev den 2025-01-22 20:16:
Hey Marco,
this is what to do:
dovecot starts as root, and drops priveleges later, so group it non
rooted is a security problem on its own :)
certbot creates letencrypt pem files owned by root and grouped root,
only the private key cant
ntrol over private keys prevents silent failures.
*Von:* Marco Fioretti via dovecot
*Gesendet:* Mittwoch, 22. Januar 2025 um 17:37 MEZ
*An:* Dovecot
*Betreff:* RE: Fwd: Fwd: [OFFLIST] Re: connection refused, no error anywhere
Hi Robert, and all.
As I mentioned in a previous replay, everything
On Wed, 22 Jan 2025, Marco Fioretti via dovecot wrote:
sorry, I must be missing something. Why would postfix be talking directly
to dovecot? Or play middleman between some external entity and dovecot? Or
did you mean something else?
Postfix (which is likely to be your SMTP server) uses (very o
On 22/01/2025 17:04, Marco Fioretti via dovecot wrote:
Il giorno mer 22 gen 2025 alle ore 17:51 Marc ha
scritto:
guess this is because the same certificates were used by the website,
which
I also have to rebuild next week. So I will have to add dovecot and the
httpd user to that group, I th
Il giorno mer 22 gen 2025 alle ore 17:51 Marc ha
scritto:
> > guess this is because the same certificates were used by the website,
> > which
> > I also have to rebuild next week. So I will have to add dovecot and the
> > httpd user to that group, I think. No?
> >
>
> No the other way around. Add
sorry, I must be missing something. Why would postfix be talking directly
to dovecot? Or play middleman between some external entity and dovecot? Or
did you mean something else?
Thanks
Il giorno mer 22 gen 2025 alle ore 07:35 Aki Tuomi <
aki.tu...@open-xchange.com> ha scritto:
>
> > On 22/01/202
> guess this is because the same certificates were used by the website,
> which
> I also have to rebuild next week. So I will have to add dovecot and the
> httpd user to that group, I think. No?
>
No the other way around. Add dovecot to the acme group, the certs are the least
important.
Reinstall Dovecot (Last Resort)
> If all else fails:
>
> sudo apt purge dovecot-core dovecot-imapd
> sudo rm -rf /etc/dovecot # Backup first!
> sudo apt install dovecot-core dovecot-imapd
> Then rebuild your config from scratch.
>
> Let me know what you find in the logs or after testi
dovecot-core dovecot-imapd
Then rebuild your config from scratch.
Let me know what you find in the logs or after testing the minimal config.
*Von:* Marco Fioretti via dovecot
*Gesendet:* Mittwoch, 22. Januar 2025 um 00:32 MEZ
*An:* Dovecot
*Betreff:* FW: Fwd: [OFFLIST] Re: connection re
> On 22/01/2025 07:49 EET Marco Fioretti via dovecot
> wrote:
>
>
> Il giorno mer 22 gen 2025 alle ore 06:37 Aki Tuomi <
> aki.tu...@open-xchange.com> ha scritto:
>
> > On 22/01/2025 07:26 EET Marco Fioretti via dovecot
> > wrote:
> >
> >
> > Now the question is, OK, that attempt may be
Il giorno mer 22 gen 2025 alle ore 06:37 Aki Tuomi <
aki.tu...@open-xchange.com> ha scritto:
> On 22/01/2025 07:26 EET Marco Fioretti via dovecot
> wrote:
>
>
> Now the question is, OK, that attempt may be some attacker trying to get
> in, this happens but... HOW is he succeeding to TRY to conn
On 22/01/2025 07:26 EET Marco Fioretti via dovecot
wrote:
Greetings,
I just woke up and went back to try to diagnose the problem I first
reported in my other thread, and noticed something weird. After your
suggestions, the situation is as follow
Greetings,
I just woke up and went back to try to diagnose the problem I first
reported in my other thread, and noticed something weird. After your
suggestions, the situation is as follow:
0) FTR, postfix is working, if I open the local mailboxes with mutt running
on the server I do see email com
restarted dovecot. However, the output
of ss -tuln | grep 993 is still null.
What next? Thanks
-- Forwarded message -
Da: Robert Nowotny
Date: mar 21 gen 2025 alle ore 23:47
Subject: RE: Fwd: [OFFLIST] Re: connection refused, no error anywhere
To: Marco Fioretti
To resolve the
-- Forwarded message -
Da: Marco Fioretti
Date: mar 21 gen 2025 alle ore 19:33
Subject: Re: [OFFLIST] Re: connection refused, no error anywhere
To: Michael Peddemors
Hi Michel,
I cannot say which NGO it is. What I know is that everything with that
configuration was working
Hi Nick,
honestly, I don't know why that port was set to 0, I just inherited the
whole server...
however, even changing that number to 143 and restarting dovecot makes no
difference in the output of netstat I just pasted in another reply
Il giorno mar 21 gen 2025 alle ore 19:00 Nick Howitt
-- Forwarded message -
Da: Marco Fioretti
Date: mar 21 gen 2025 alle ore 19:27
Subject: Re: connection refused, no error anywhere
To: Marc
Hi Marc,
this is the output of netstat -tanp (I only removed the line showing the
details of my ssh connection):
Active Internet
You are sure dovecot is running on the ports (netstat -tanp). You are sure this
firewall is ok? Maybe flush it, just to be sure.
> Greetings,
>
> I was just tasked with rebuilding from scratch the mail server of an
> NGO,
> on a brand new Ubuntu 24.04 LTS VPS.
>
> I have copied the whole doveco
Any reason why the imap-listener port is set to 0 and not 143 or
commented out?
Have you checked if dovecot is listening on 143?
On 21/01/2025 17:50, Marco Fioretti via dovecot wrote:
Greetings,
I was just tasked with rebuilding from scratch the mail server of an NGO,
on a brand new Ubuntu 2
Greetings,
I was just tasked with rebuilding from scratch the mail server of an NGO,
on a brand new Ubuntu 24.04 LTS VPS.
I have copied the whole dovecot configuration to the new server, and now am
stuck because:
- dovecot IS running, dovecot service status shows no errors, but:
- if I try to c
26 matches
Mail list logo
