Re: Authentication Problem

On Fri, 21 Dec 2018 at 01:06, Joseph Tam wrote: > On Thu, 20 Dec 2018, Joseph Tam wrote: > > >> At the expense of sounding stupid, could you please expound on the > >> sequence? :) > > If you want the nitty details > > (Starting at bottom of page 18) >

Re: Password expiration: how to trigger it?

On 2018-12-21 05:56, Cédric Jeanneret wrote: Dear Dovecot Team, I'm in the (long) process of migrating my whole email infrastructure. Of course, dovecot is in the place, and is working just fine. Still, I have an issue: password expiration. I'm now using FreeIPA backend for the user

Re: Authentication Problem

On Fri, 21 Dec 2018, Odhiambo Washington wrote: Nice to get to hear this. However, the password is not stored in clear text here. How then does it work? By using a password derivative (see 3.9 on the document I just referred to). Sorry, my memory this scheme is antiquated. However, as the

Re: Authentication Problem

On Thu, 20 Dec 2018, Joseph Tam wrote: At the expense of sounding stupid, could you please expound on the sequence? :) If you want the nitty details (Starting at bottom of page 18) https://tools.ietf.org/html/rfc2831 Joseph Tam

Re: Authentication Problem

On Thu, 20 Dec 2018, Odhiambo Washington wrote: At the expense of sounding stupid, could you please expound on the sequence? :) In a nutshell, during protocol handshake, the server gives the client a random string (nonce). Both the server and client performs a cryptographic hash of

Password expiration: how to trigger it?

Dear Dovecot Team, I'm in the (long) process of migrating my whole email infrastructure. Of course, dovecot is in the place, and is working just fine. Still, I have an issue: password expiration. I'm now using FreeIPA backend for the user authentication, and it includes the capacity to expire

email not visible in users mail client

I have an odd issue. One user has an email in her Maildir/cur folder named: 1545229920.27374_0.mail:2,. She cannot see this message in her mail client (Thunderbird). All other emails have 'S' and 'W' components to the name, e.g. 1488471573.M167365P19808.mail,S=41356,W=42118:2,RS, but this one

Authentication/Penalty disabled (socket mode=0) introduces constant 5 sec delays (2.27 on debian 9)

Hi, I hit a bizare problem with dovecot 2.2.7 on debian 9 with LMTP enabled and auth/penalty disabled as documented here : https://wiki.dovecot.org/Authentication/Penalty Use case : I run a swaks command to send an email to an exim4 that tries to make a callout to dovecot-lmtp. At RCPT TO:

SIS feature request

I tried SIS a couple years ago - I was very excited with the resulting decrease in storage requirements but the undiagnosed intermittent issues became too significant to ignore so I switched away.  Recently I was thinking about it again. The primary issue with SIS seemed to be links would be

Re: Authentication Problem

On Thu, 20 Dec 2018 at 15:54, Aki Tuomi wrote: > > On 20 December 2018 at 14:33 Odhiambo Washington < odhia...@gmail.com> > wrote: > > > On Thu, 20 Dec 2018 at 15:23, Aki Tuomi < aki.tu...@open-xchange.com> > wrote: > > > > > On 20 December 2018 at 14:10 Odhiambo Washington < odhia...@gmail.com>

Re: Authentication Problem

On 20 December 2018 at 14:33 Odhiambo Washington < odhia...@gmail.com> wrote: On Thu, 20 Dec 2018 at 15:23, Aki Tuomi < aki.tu...@open-xchange.com> wrote: > On 20 December 2018 at

Re: Authentication Problem

On Thu, 20 Dec 2018 at 15:23, Aki Tuomi wrote: > > On 20 December 2018 at 14:10 Odhiambo Washington < odhia...@gmail.com> > wrote: > > > You've made this more difficult to understand, even :-) > > So the answer is: > Set the following in 10-auth.conf > > 1. disable_plaintext_auth = no > 2.

Re: Authentication Problem

On 20 December 2018 at 14:10 Odhiambo Washington < odhia...@gmail.com> wrote: You've made this more difficult to understand, even :-) So the answer is: Set the following in 10-auth.conf

Re: Authentication Problem

You've made this more difficult to understand, even :-) So the answer is: Set the following in 10-auth.conf 1. disable_plaintext_auth = no 2. auth_mechanisms = plain And yes, the encrypted passwords are stored in MySQL. On Thu, 20 Dec 2018 at 13:36, Nikolai Lusan wrote: > -BEGIN PGP

Re: Intentionally use weak server key

The problem is on creation of the key... Look at this topic https://stackoverflow.com/a/15092703/8647326 On 12/20/2018 01:02 PM, Aki Tuomi wrote: On 20 December 2018 at 12:50 Stavros Tsolakos < stsola...@gmail.com > wrote: On 20/12/2018 12:37, Marc Roos wrote:

Re: Intentionally use weak server key

On 20 December 2018 at 12:50 Stavros Tsolakos < stsola...@gmail.com> wrote: On 20/12/2018 12:37, Marc Roos wrote: You have to create your own ca, and then create the certificate. I doubt

Re: Intentionally use weak server key

On 20/12/2018 12:37, Marc Roos wrote: > > You have to create your own ca, and then create the certificate. I doubt > if you will be able to find companies like DigiCert or Comodo to do > this. > > If you want, I can try sign it with our own 'internal' CA. The only > thing you have to do is

RE: Intentionally use weak server key

On 2nd thought, better is just to fix your problem, going in this direction does not make sense. -Original Message- From: Marc Roos Sent: 20 December 2018 11:38 To: dovecot; stsolakos Subject: RE: Intentionally use weak server key You have to create your own ca, and then create

RE: Intentionally use weak server key

You have to create your own ca, and then create the certificate. I doubt if you will be able to find companies like DigiCert or Comodo to do this. If you want, I can try sign it with our own 'internal' CA. The only thing you have to do is of course adding our CA to your ca bundle but that

Re: Authentication Problem

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Greetings On Thu, 2018-12-20 at 12:20 +0300, Odhiambo Washington wrote: > I am using SHA512-CRYPT scheme for passwords. Yeah, there is a reason MD5 has been preferred to crypt for a very long time now, and the SHA512 isn't really any better. > In

Re: Intentionally use weak server key

> > If you can convince openssl to use it. Does anybody have any hints on how it may be done, if possible at all? Stavros

Re: Intentionally use weak server key

On 20 December 2018 at 12:25 Stavros Tsolakos < stsola...@gmail.com> wrote: Hi list! For some reason I need to use a really weak server key (256 bit) with dovecot for imaps access. Is this

Re: Authentication Problem

On 20 December 2018 at 11:20 Odhiambo Washington < odhia...@gmail.com> wrote: I am using SHA512-CRYPT scheme for passwords. In my dovecot-sql.conf.ext, I have: default_pass_scheme = CRYPT

Intentionally use weak server key

Hi list! For some reason I need to use a really weak server key (256 bit) with dovecot for imaps access. Is this possible? I tried but getting this error: dovecot: imap-login: Error: SSL: Stacked error: error:04075070:rsa routines:RSA_sign:digest too big for rsa key This is on an Ubuntu 14.04

Authentication Problem

I am using SHA512-CRYPT scheme for passwords. In my dovecot-sql.conf.ext, I have: default_pass_scheme = CRYPT In 10-auth.conf, I have: auth_mechanisms = plain login digest-md5 M$ Outlook is refusing to authenticate, with error: Requested DIGEST-MD5 scheme, but we have only CRYPT What an I