Dovecot SASL
Howdy, I know i've asked this before, but i think i got really no answer. I'd like to have dovecot SASL, to check AUTH against an SQL table, instead of dovecot SASL use the AUTH MECH for imap/pop3. I want this, to have the same behavior as I have now, where i use postfix with cyrus SASL on a different table (with the same login details), and when i have an user that his accounts was hacked for sending spam, i just block the send and allow the user to keep receiving emails, for example to warn him. Would this be possible? Dovecot SASL against a SQL table? Havent found much info about it, Thanks in advanced,
ACL's with SQL/from mysql table
Howdy, Would someone point me to a good howto on how to implement ACL from an sql table? Thanks in advanced,
Re: SASL AUTH with postfix
On 2019-11-14 15:41, Benny Pedersen via dovecot wrote:
Jorge Bastos via dovecot skrev den 2019-11-14 16:25:
I've tried to search for the realm part in dovecot but didn't found it,
Could you guide me to it?
doveconf -d | grep realm
doveconf -n if more help is needed
Thanks Benny,
It was in my front and didn't saw it.
Now i need to go further, have the SASL auth being read from a diferrent
table than the password_query for *sql.
In the below conf, would it be possible and how, to check an specific
sql table for auth?
service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
# Assuming the default Postfix user and group
user = postfix
group = postfix
}
}
RE: SASL AUTH with postfix
Hi Benny, I've tried to search for the realm part in dovecot but didn't found it, Could you guide me to it? -Original Message- From: dovecot On Behalf Of Benny Pedersen via dovecot Sent: 13 de novembro de 2019 23:33 To: dovecot@dovecot.org Subject: Re: SASL AUTH with postfix Jorge Bastos via dovecot skrev den 2019-11-13 23:53: > Jorge Bastos via dovecot skrev den 2019-11-13 22:00: > plus: > smtpd_sasl_local_domain = fastmail > > but the user that i have in the table, that worked with Cyrus, in the > format: "username@fastmail", it's not working with dovecot if that fails dovecot have no password for that non fqdn mail solution dont add this to postfix in dovecot is realm setup ?
RE: SASL AUTH with postfix
Jorge Bastos via dovecot skrev den 2019-11-13 22:00: > How can i have the same with dovecot SASL? > Thanks in advanced, https://wiki2.dovecot.org/HowTo/PostfixAndDovecotSASL Hi benny, Thanks, That's exactly what i have in postfix: smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes plus: smtpd_sasl_local_domain = fastmail but the user that i have in the table, that worked with Cyrus, in the format: "username@fastmail", it's not working with dovecot meanwhile i was thinking, the auth is beeing made into the main table... i just figured it out now! How could i have the auth for dovecot SASL in a different table? I'd like to keep having one sql table for imap/pop3 auth, and another for smtp, This gives me the advantage of blocking only the outgoing emails for the users, in case if a password is caught, which is very handy at least for me as sysadm
SASL AUTH with postfix
Hi, I just moved from Cyrus SASL to Dovecot SASL, with postfix. Works great, and no issue with non-ascii chars, has i had with Cyrus. With Cyrus i was getting the username/passwd via SQL, with this: sql_select: select password from smtp_auth_users where username='%u@%r' and status='true' worked ok for users with email addresses, and i had some special users that were just a name, like "user-1", and i was able to AUTH it. Postfix had: smtpd_sasl_local_domain = fastmail and in the database i had the username in the format: user-1@fastmail and worked ok. How can i have the same with dovecot SASL? Thanks in advanced,
Tool to give information about IP's that logged into the accounts
Howdy, I'm looking for a tool that can give me the information about the IP's that have logged in the accounts, for history purpose. Is there something that can grab the logs and create a database and give me this information in some nice web interface or so? Thanks in advanced, Jorge,
RE: Help with IMAP IDLE
Guys, I just discovered the reason! When i migrated the account from the old imap server to the new (dovecot), i didn't removed and created the account in msoutlook, as i didn't saw any reason to do it. Creating the account again, IDLE works ok! Stupid outlook! Sorry for the noise, and thank you for the help, -Original Message- From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Tuesday, July 23, 2019 23:32 To: 'Dovecot Mailing List' Subject: RE: Help with IMAP IDLE Well, I've been doing some research, and it seems that msoutlook 2016 and 2019 doesn't quite have imap idle support. The odd part, is that when i had DBMail, it was IDLE'ing (i swear), Would dbmail send something different that make it work? It was an old version of dbmail, 2.3.7 i believe, from about 2012 or so. And no, it wasn't the outlook options "send/receive", i had and have that disabled, Don't have explanation, thunderbird IDLE's perfectly -Original Message- From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Tuesday, July 23, 2019 22:47 To: 'Dovecot Mailing List' Subject: RE: Help with IMAP IDLE Yes, Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] > Yes, it works with other IMAP servers, why should not work with dovecot? > It was working with DBMail, and it's working with an account from my > Telco that used cirus-imap. Have you verified (with rawlogs or tcpdump) that outlook even attempts IDLE? Is your dovecot advertising IDLE support in CAPABILITY? Sami
RE: Help with IMAP IDLE
Well, I've been doing some research, and it seems that msoutlook 2016 and 2019 doesn't quite have imap idle support. The odd part, is that when i had DBMail, it was IDLE'ing (i swear), Would dbmail send something different that make it work? It was an old version of dbmail, 2.3.7 i believe, from about 2012 or so. And no, it wasn't the outlook options "send/receive", i had and have that disabled, Don't have explanation, thunderbird IDLE's perfectly -Original Message- From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Tuesday, July 23, 2019 22:47 To: 'Dovecot Mailing List' Subject: RE: Help with IMAP IDLE Yes, Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] > Yes, it works with other IMAP servers, why should not work with dovecot? > It was working with DBMail, and it's working with an account from my Telco that used cirus-imap. Have you verified (with rawlogs or tcpdump) that outlook even attempts IDLE? Is your dovecot advertising IDLE support in CAPABILITY? Sami
RE: Help with IMAP IDLE
Yes, Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] > Yes, it works with other IMAP servers, why should not work with dovecot? > It was working with DBMail, and it's working with an account from my Telco > that used cirus-imap. Have you verified (with rawlogs or tcpdump) that outlook even attempts IDLE? Is your dovecot advertising IDLE support in CAPABILITY? Sami
RE: Help with IMAP IDLE
On Jul 21, 2019, at 11:50, Jorge Bastos via dovecot wrote: > SSL/TLS is done via Stunnel > Dirst, others have asked but I haven’t seen an answer, do you have any reason > to think Outlook supports IMAP idle at all? I mean, I know outlook.com > > doesn’t support it, so maybe it just doesn’t work? > Secondly, assuming Outlook does support IMAP idle, if you setup Dovecot to > use SSL and not stunnel do things work? Yes, it works with other IMAP servers, why should not work with dovecot? It was working with DBMail, and it's working with an account from my Telco that used cirus-imap.
RE: Help with IMAP IDLE
> I configured hibernation as suggested by Aki, and still nothing. > What may i be missing? > > I just read again the mails you sent and realized it had nothing to do with > hibernation. Sorry about that.. > > imapc_max_idle_time = 1 days > > this is related to imap client, not imap connections. it won't really matter > for your issue. > > also I note that you have disabled SSL and enabled plaintext authentication > over insecure channels, is this intentional? For debug purposes you can use > rawlogs feature, which is better for this. SSL/TLS is done via Stunnel > > https://doc.dovecot.org/admin_manual/debugging/debugging_rawlog/ > > In fact, you could use this feature to find out whether outlook even tries to > use IMAP IDLE in the first place. Let me check, it must be a reason to not be working with dovecot, when it was with DBMail, Will check and reply soon, > > Aki
RE: Help with IMAP IDLE
Hi again, I configured hibernation as suggested by Aki, and still nothing. What may i be missing? https://doc.dovecot.org/configuration_manual/hibernation/ -Original Message- From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Sunday, July 21, 2019 14:14 To: 'Dovecot Mailing List' Subject: RE: Help with IMAP IDLE Sorry... I meant to past dovecot and not postfix, doing simultaneously stuff ends up in this! Yes, i migrated from DBMail and it was working OK. Here it is: root@fastmail:/etc/dovecot# doveconf -n|grep -i idle imap_idle_notify_interval = 1 mins imapc_max_idle_time = 1 days root@fastmail:/etc/dovecot# -Original Message- From: dovecot On Behalf Of Alexander Dalloz via dovecot Sent: Sunday, July 21, 2019 13:31 To: dovecot@dovecot.org Subject: Re: Help with IMAP IDLE Am 21.07.19 um 14:24 schrieb Jorge Bastos via dovecot: > Hi, [ ... ] > How can i make IDLE work for real with MSOutlook, so that i can > receive emails when they arrive, instead of changing folder/get out > and in my account? Microsoft's Outlook is primarily meant as the client for Exchange. IMAP is been poorly implemented, across many generations of Outlook. So are you sure your Outlook even supports IMAP IDLE? And if it does, not only on the single folder you have a running connection to but for all folders? > Here's my conf, should it be reflected in postconf -n (is it the > running > conf?): Postfix has nothing to do with that, so "postconf -n" is not required. > == > > > > root@fastmail:/etc/dovecot# grep -ir idle * > > conf.d/20-imap.conf.ucf-dist:# If nothing happens for this long while > client is IDLEing, move the connection > > conf.d/20-imap.conf.ucf-dist:# IDLEing. > > conf.d/20-imap.conf.ucf-dist:#imap_idle_notify_interval = 2 mins > > conf.d/20-imap.conf:imapc_max_idle_time = 1440 mins > > conf.d/20-imap.conf:# IDLEing. > > conf.d/20-imap.conf:#imap_idle_notify_interval = 2 mins > > conf.d/20-imap.conf:imap_idle_notify_interval = 1 min > > conf.d/20-imap.conf:#imap_client_workarounds = outlook-idle > > conf.d/10-mail.conf.ucf-dist:# When IDLE command is running, mailbox > is checked once in a while to see if > > conf.d/10-mail.conf.ucf-dist:#mailbox_idle_check_interval = 30 secs > > conf.d/10-mail.conf:# When IDLE command is running, mailbox is checked > once in a while to see if > > conf.d/10-mail.conf:#mailbox_idle_check_interval = 30 secs > > root@fastmail:/etc/dovecot# postconf -n|grep -i idle "doveconf -n" would tell you which settings are effectively set. > root@fastmail:/etc/dovecot# Alexander
RE: Help with IMAP IDLE
Sorry... I meant to past dovecot and not postfix, doing simultaneously stuff ends up in this! Yes, i migrated from DBMail and it was working OK. Here it is: root@fastmail:/etc/dovecot# doveconf -n|grep -i idle imap_idle_notify_interval = 1 mins imapc_max_idle_time = 1 days root@fastmail:/etc/dovecot# -Original Message- From: dovecot On Behalf Of Alexander Dalloz via dovecot Sent: Sunday, July 21, 2019 13:31 To: dovecot@dovecot.org Subject: Re: Help with IMAP IDLE Am 21.07.19 um 14:24 schrieb Jorge Bastos via dovecot: > Hi, [ ... ] > How can i make IDLE work for real with MSOutlook, so that i can > receive emails when they arrive, instead of changing folder/get out > and in my account? Microsoft's Outlook is primarily meant as the client for Exchange. IMAP is been poorly implemented, across many generations of Outlook. So are you sure your Outlook even supports IMAP IDLE? And if it does, not only on the single folder you have a running connection to but for all folders? > Here's my conf, should it be reflected in postconf -n (is it the > running > conf?): Postfix has nothing to do with that, so "postconf -n" is not required. > == > > > > root@fastmail:/etc/dovecot# grep -ir idle * > > conf.d/20-imap.conf.ucf-dist:# If nothing happens for this long while > client is IDLEing, move the connection > > conf.d/20-imap.conf.ucf-dist:# IDLEing. > > conf.d/20-imap.conf.ucf-dist:#imap_idle_notify_interval = 2 mins > > conf.d/20-imap.conf:imapc_max_idle_time = 1440 mins > > conf.d/20-imap.conf:# IDLEing. > > conf.d/20-imap.conf:#imap_idle_notify_interval = 2 mins > > conf.d/20-imap.conf:imap_idle_notify_interval = 1 min > > conf.d/20-imap.conf:#imap_client_workarounds = outlook-idle > > conf.d/10-mail.conf.ucf-dist:# When IDLE command is running, mailbox > is checked once in a while to see if > > conf.d/10-mail.conf.ucf-dist:#mailbox_idle_check_interval = 30 secs > > conf.d/10-mail.conf:# When IDLE command is running, mailbox is checked > once in a while to see if > > conf.d/10-mail.conf:#mailbox_idle_check_interval = 30 secs > > root@fastmail:/etc/dovecot# postconf -n|grep -i idle "doveconf -n" would tell you which settings are effectively set. > root@fastmail:/etc/dovecot# Alexander
RE: Help with IMAP IDLE
Here's the full dovecot -n for you both: https://pastebin.com/C5JEJr0D From: Aki Tuomi Sent: Sunday, July 21, 2019 13:29 To: Jorge Bastos ; Jorge Bastos via dovecot Subject: Re: Help with IMAP IDLE On 21/07/2019 15:24 Jorge Bastos via dovecot mailto:dovecot@dovecot.org> > wrote: Hi, I'm becaming crazy about this! I've asked before, not no matter what i do or conf, never works. How can i make IDLE work for real with MSOutlook, so that i can receive emails when they arrive, instead of changing folder/get out and in my account? Here's my conf, should it be reflected in postconf -n (is it the running conf?): == root@fastmail:/etc/dovecot# grep -ir idle * conf.d/20-imap.conf.ucf-dist:# If nothing happens for this long while client is IDLEing, move the connection conf.d/20-imap.conf.ucf-dist:# IDLEing. conf.d/20-imap.conf.ucf-dist:#imap_idle_notify_interval = 2 mins conf.d/20-imap.conf:imapc_max_idle_time = 1440 mins conf.d/20-imap.conf:# IDLEing. conf.d/20-imap.conf:#imap_idle_notify_interval = 2 mins conf.d/20-imap.conf:imap_idle_notify_interval = 1 min conf.d/20-imap.conf:#imap_client_workarounds = outlook-idle conf.d/10-mail.conf.ucf-dist:# When IDLE command is running, mailbox is checked once in a while to see if conf.d/10-mail.conf.ucf-dist:#mailbox_idle_check_interval = 30 secs conf.d/10-mail.conf:# When IDLE command is running, mailbox is checked once in a while to see if conf.d/10-mail.conf:#mailbox_idle_check_interval = 30 secs root@fastmail:/etc/dovecot# postconf -n|grep -i idle root@fastmail:/etc/dovecot# Can you provide doveconf -n? Have you followed this https://doc.dovecot.org/configuration_manual/hibernation/ --- Aki Tuomi
Help with IMAP IDLE
Hi, I'm becaming crazy about this! I've asked before, not no matter what i do or conf, never works. How can i make IDLE work for real with MSOutlook, so that i can receive emails when they arrive, instead of changing folder/get out and in my account? Here's my conf, should it be reflected in postconf -n (is it the running conf?): == root@fastmail:/etc/dovecot# grep -ir idle * conf.d/20-imap.conf.ucf-dist:# If nothing happens for this long while client is IDLEing, move the connection conf.d/20-imap.conf.ucf-dist:# IDLEing. conf.d/20-imap.conf.ucf-dist:#imap_idle_notify_interval = 2 mins conf.d/20-imap.conf:imapc_max_idle_time = 1440 mins conf.d/20-imap.conf:# IDLEing. conf.d/20-imap.conf:#imap_idle_notify_interval = 2 mins conf.d/20-imap.conf:imap_idle_notify_interval = 1 min conf.d/20-imap.conf:#imap_client_workarounds = outlook-idle conf.d/10-mail.conf.ucf-dist:# When IDLE command is running, mailbox is checked once in a while to see if conf.d/10-mail.conf.ucf-dist:#mailbox_idle_check_interval = 30 secs conf.d/10-mail.conf:# When IDLE command is running, mailbox is checked once in a while to see if conf.d/10-mail.conf:#mailbox_idle_check_interval = 30 secs root@fastmail:/etc/dovecot# postconf -n|grep -i idle root@fastmail:/etc/dovecot#
RE: LastLogin update
Cool thanks, From: dovecot On Behalf Of Júlio Covolato via dovecot Sent: 25 de junho de 2019 17:06 To: dovecot@dovecot.org Subject: Re: LastLogin update Em 24/06/2019 18:39, Jorge Bastos via dovecot escreveu: Hi Julio, Could you share with us your "acl" config for shared folder? May be interesting for me, Jorge, Hi Jorge. Currently I'm not using the shared folder. Maybe you could be interested in this tutorial from iRedmail: https://docs.iredmail.org/public.folder.html -- _Engº Julio Cesar Covolato 0v0<mailto:ju...@psi.com.br> /(_)\ F: +55 11 99175-9260 ^ ^ PSI INTERNET -- <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> Livre de vírus. <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> www.avast.com.
RE: LastLogin update
Hi Julio,
Could you share with us your "acl" config for shared folder?
May be interesting for me,
Jorge,
-Original Message-
From: dovecot On Behalf Of Júlio Covolato via
dovecot
Sent: Monday, June 24, 2019 16:15
To: dovecot@dovecot.org
Subject: Re: LastLogin update
Em 24/06/2019 11:48, @lbutlr via dovecot escreveu:
> On 24 Jun 2019, at 08:25, Júlio Covolato via dovecot
wrote:
>> #$ cat dovecot-last-login.conf
> [
]
>
>> dovecot.conf:
>>
>> plugin {
>> # Track last login time on imap and pop3
>> last_login_dict = proxy::lastlogin
>> last_login_key = last-login/%u/%d/%r/%s }
> Thank you, that is very clear.
>
> Where is the file dovecot-last-login.conf referenced in the dovecot.conf?
Or it is enabled by virtue of being in conf.d/?
Sory, forgot this:
dovecot.conf:
dict {
#expire = db:/var/lib/dovecot/expire/expire.db
quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
acl = mysql:/etc/dovecot/dovecot-share-folder.conf
}
--
_Engº Julio Cesar Covolato
0v0
/(_)\ F: +55 11 99175-9260
^ ^ PSI INTERNET
--
---
Este email foi escaneado pelo Avast antivírus.
https://www.avast.com/antivirus
RE: LastLogin update
Hum, I can add Protocol = $protocol ? The variables below are the valid ones right? https://wiki.dovecot.org/Variables From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Thursday, June 20, 2019 21:49 To: dovecot@dovecot.org Subject: RE: LastLogin update Hi, Cool howto, and for protocol would this have that option also? From: dovecot mailto:dovecot-boun...@dovecot.org> > On Behalf Of Adrian Minta via dovecot Sent: Thursday, June 20, 2019 18:37 To: dovecot@dovecot.org <mailto:dovecot@dovecot.org> Subject: Re: LastLogin update Hi, this seems to work very well: https://docs.iredmail.org/track.user.last.login.html You could also add "rip = $rip" in "fields" for the ip address. On 6/20/19 3:24 PM, Jorge Bastos via dovecot wrote: Howdy, I'd like an adive on what to use. I have sql users, and i want to have the lastlogin of them, what is the native option for this: * Using last_login plugin which will give me the last login? * Use postlogin for imap and pop3n which will give me besides lastlogin the IP and protocol? Thanks in advanced, -- Best regards, Adrian Minta
RE: LastLogin update
Hi, Cool howto, and for protocol would this have that option also? From: dovecot On Behalf Of Adrian Minta via dovecot Sent: Thursday, June 20, 2019 18:37 To: dovecot@dovecot.org Subject: Re: LastLogin update Hi, this seems to work very well: https://docs.iredmail.org/track.user.last.login.html You could also add "rip = $rip" in "fields" for the ip address. On 6/20/19 3:24 PM, Jorge Bastos via dovecot wrote: Howdy, I'd like an adive on what to use. I have sql users, and i want to have the lastlogin of them, what is the native option for this: * Using last_login plugin which will give me the last login? * Use postlogin for imap and pop3n which will give me besides lastlogin the IP and protocol? Thanks in advanced, -- Best regards, Adrian Minta
LastLogin update
Howdy, I'd like an adive on what to use. I have sql users, and i want to have the lastlogin of them, what is the native option for this: * Using last_login plugin which will give me the last login? * Use postlogin for imap and pop3n which will give me besides lastlogin the IP and protocol? Thanks in advanced,
RE: IMAP IDLE
Sorry, something more on this, I've saw the existence of outlook-idle workarround, but seems to be builtin now, so no needed: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/conf.d/20-imap.conf:54: imap_client_workarounds=outlook-idle is no longer necessary -Original Message- From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Thursday, June 20, 2019 11:32 To: dovecot@dovecot.org Subject: RE: IMAP IDLE Hum guys, For this, i was comparing configuration from my old dbmail imap server, and i had it with time_out 30 seconds, and connection timeout 24 hours. No one will work more than 24 hours in a row.. (except for me, but i'm an idiot!) I'll set the same.. let's see the behavior. -Original Message- From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Thursday, June 20, 2019 11:04 To: dovecot@dovecot.org Subject: RE: IMAP IDLE Hi, 2.2.33.2 Well your confs are almost mine except for director_ping_idle_timeout = 30 secs submission_relay_max_idle_time = 29 mins but i think they're not imap related (i may be wrong) any other hint why is this happening? I was used to the old IMAP server than dovecot, where emails appear in the inbox, no matter if it was selected for 15m or the last 4 hours Any ideia please let me know, -Original Message- From: dovecot On Behalf Of @lbutlr via dovecot Sent: Thursday, June 20, 2019 0:20 To: dovecot@dovecot.org Subject: Re: IMAP IDLE On 19 Jun 2019, at 16:11, Jorge Bastos via dovecot wrote: > root@fastmail:/etc/dovecot# doveconf |grep -i idle default_idle_kill = > 1 mins imap_idle_notify_interval = 2 mins imapc_max_idle_time = 29 > mins mailbox_idle_check_interval = 30 secs I have: default_idle_kill = 1 mins director_ping_idle_timeout = 30 secs imap_idle_notify_interval = 2 mins imapc_max_idle_time = 29 mins mailbox_idle_check_interval = 30 secs [ A lot of idle_kill = ] submission_relay_max_idle_time = 29 mins (none of these are in doveconf -n) What version of dovecot are you running? -- Lead me not into temptation, I can find the way.
RE: Help on CRAM-MD5
Emmanuel & Ibutlr, I meant to say something-MD5, my fault, -Original Message- From: dovecot On Behalf Of FUSTE Emmanuel via dovecot Sent: Thursday, June 20, 2019 11:32 To: dovecot@dovecot.org Subject: Re: Help on CRAM-MD5 Le 20/06/2019 à 12:25, @lbutlr via dovecot a écrit : > On 20 Jun 2019, at 04:14, Jorge Bastos via dovecot > wrote: >> I don't desagree with your vision, but if the use of CRAM- has to >> use plaint text password's on the server there's a dark side, or >> there's a CRAM-XXX that can use encrypted on server side? There's >> always the thing that can clients don't support it. > The “encrypted” password store that CRAM-MD5 supports is MD5 which cannot be > classified as encryption at this point. > > Not sure why you are saying CRAM-XXX as there is only CRAM-MD5. > I think he is referring to my reference to SCRAM-XXX class of mech.
RE: IMAP IDLE
Hum guys, For this, i was comparing configuration from my old dbmail imap server, and i had it with time_out 30 seconds, and connection timeout 24 hours. No one will work more than 24 hours in a row.. (except for me, but i'm an idiot!) I'll set the same.. let's see the behavior. -Original Message- From: dovecot On Behalf Of Jorge Bastos via dovecot Sent: Thursday, June 20, 2019 11:04 To: dovecot@dovecot.org Subject: RE: IMAP IDLE Hi, 2.2.33.2 Well your confs are almost mine except for director_ping_idle_timeout = 30 secs submission_relay_max_idle_time = 29 mins but i think they're not imap related (i may be wrong) any other hint why is this happening? I was used to the old IMAP server than dovecot, where emails appear in the inbox, no matter if it was selected for 15m or the last 4 hours Any ideia please let me know, -Original Message- From: dovecot On Behalf Of @lbutlr via dovecot Sent: Thursday, June 20, 2019 0:20 To: dovecot@dovecot.org Subject: Re: IMAP IDLE On 19 Jun 2019, at 16:11, Jorge Bastos via dovecot wrote: > root@fastmail:/etc/dovecot# doveconf |grep -i idle default_idle_kill = > 1 mins imap_idle_notify_interval = 2 mins imapc_max_idle_time = 29 > mins mailbox_idle_check_interval = 30 secs I have: default_idle_kill = 1 mins director_ping_idle_timeout = 30 secs imap_idle_notify_interval = 2 mins imapc_max_idle_time = 29 mins mailbox_idle_check_interval = 30 secs [ A lot of idle_kill = ] submission_relay_max_idle_time = 29 mins (none of these are in doveconf -n) What version of dovecot are you running? -- Lead me not into temptation, I can find the way.
RE: Help on CRAM-MD5
I don't desagree with your vision, but if the use of CRAM- has to use plaint text password's on the server there's a dark side, or there's a CRAM-XXX that can use encrypted on server side? There's always the thing that can clients don't support it. I think i'm not wrong with what i said, On 20 Jun 2019, at 02:53, FUSTE Emmanuel via dovecot wrote: > There is plenty of context where TLS is not possible/desirable. I'd say that is terrible advice. There are no reasonable contexts where is it is acceptable to send mail credentials without encryption. My users have had to use STARTTLS for submission for many many years. Insecure connections from users are not an option. > And without client certificate, mutual strong authentication is not > available, For certain values of strong, sure. But nearly no one needs mutual strong authentication to the level that client certs are necessary, and if someone does need them, then that is not a significant hurdle. And the connections are still encrypted. *ALL* user to server transactions should be encrypted and nothing should be willfully downgrading security in the flawed reasoning of convenience. That is why we have as many security issue as we do right now; we are still living down the legacy of the previous century's lack of security at ever stage in design. -- Yeah, Nick. Nick's the kinda guy you can trust. Nick's your buddy Nick's the kinda guy you drink beers with. The kinda guy that doesn't care if you puke in his car. Nick.
RE: IMAP IDLE
Hi, 2.2.33.2 Well your confs are almost mine except for director_ping_idle_timeout = 30 secs submission_relay_max_idle_time = 29 mins but i think they're not imap related (i may be wrong) any other hint why is this happening? I was used to the old IMAP server than dovecot, where emails appear in the inbox, no matter if it was selected for 15m or the last 4 hours Any ideia please let me know, -Original Message- From: dovecot On Behalf Of @lbutlr via dovecot Sent: Thursday, June 20, 2019 0:20 To: dovecot@dovecot.org Subject: Re: IMAP IDLE On 19 Jun 2019, at 16:11, Jorge Bastos via dovecot wrote: > root@fastmail:/etc/dovecot# doveconf |grep -i idle default_idle_kill = > 1 mins imap_idle_notify_interval = 2 mins imapc_max_idle_time = 29 > mins mailbox_idle_check_interval = 30 secs I have: default_idle_kill = 1 mins director_ping_idle_timeout = 30 secs imap_idle_notify_interval = 2 mins imapc_max_idle_time = 29 mins mailbox_idle_check_interval = 30 secs [ A lot of idle_kill = ] submission_relay_max_idle_time = 29 mins (none of these are in doveconf -n) What version of dovecot are you running? -- Lead me not into temptation, I can find the way.
RE: Help on CRAM-MD5
Hi Emanuel,
I understand what you said.
Users have access to SSL and TLS so it's fine, it's their options to use or not.
Thanks for the help from all,
-Original Message-
From: dovecot On Behalf Of FUSTE Emmanuel via
dovecot
Sent: Thursday, June 20, 2019 9:53
To: dovecot@dovecot.org
Subject: Re: Help on CRAM-MD5
Hello,
The world is not black or white.
Yes CRAM-MD5 is old and his successor SCRAM-XX is not widely
available/implemented which is sad.
For your need, use TLS and forget about it.
Thunderbird is conservative. If you don't configure TLS or TLS is not
available, it try to use something that not expose the password.
There is plenty of context where TLS is not possible/desirable.
And without client certificate, mutual strong authentication is not available,
but could be with TLS+SCRAM.
There is plenty of room for SASL mech other than PLAIN/LOGIN.
It just not fit your actual needs. Just be sure to not allow PLAIN/LOGIN in
clear.
Emmanuel.
Le 19/06/2019 à 18:58, Jorge Bastos via dovecot a écrit :
> Howdy,
>
> Answering all, so cram-md5 is old, don't want then!
> I only noticed thunderbird as default using this, so, won't implement it!
>
> Thanks for the clarify,
>
> -Original Message-
> From: dovecot On Behalf Of Aki Tuomi via
> dovecot
> Sent: 19 de junho de 2019 07:31
> To: Alexander Dalloz ; dovecot@dovecot.org
> Subject: Re: Help on CRAM-MD5
>
>
> On 19.6.2019 7.48, Alexander Dalloz via dovecot wrote:
>> Am 19.06.2019 um 00:04 schrieb Jorge Bastos via dovecot:
>>> Howdy,
>>>
>>> I'm using dovecot and mysql users, and i'm creating the password with:
>>>
>>> ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
>>>
>>> So far so good, everything's fine.
>>> Today saw that i didn't enabled CRAM-MD5, but if I do, and the (at
>>> least)
>>> IMAP client (roundcube/thunderbird/etc) issues CRAM-MD5 it doesn't
>>> authenticate.
>>> What am i doing wrong, or that can be done so that all types work
>>> (SASL PLAIN LOGIN + CRAM-MD5)?
>>>
>>> Thanks in advanced,
>>>
>> For shared secret mechanisms like CRAM-MD5 to work the password must
>> be stored in plaintext AFAIK. That's a good reason not to offer that.
>>
>> Alexander
>>
> CRAM-MD5 can also be stored as stage 1 MD5 hashed blob. Only
> marginally better than plaintext. But as pointed out, CRAM-MD5,
> DIGEST-MD5 cannot work with crypted passwords. If you want to use
> "secure passwords",
> SCRAM-SHA1 is an option, but probably best is to disable other than 'PLAIN'
> and 'LOGIN' mech unless you know what you are doing.
>
>
> Aki
>
>
IMAP IDLE
Hi, With outlook 2016+ i've seen that IDLE may be missing some configuration. Almost all time, when i'm in the inbox, i don't get new emails if no activity for 1 or 2 minutes (i think), i have to get out of the account and select the inbox or click other folder in the account and go to inbox again for them to appear. My idle conf's are the defaults, the one's bellow. Is there anything else that i need to make it work always and the change folders is not needed for outlook clients? root@fastmail:/etc/dovecot# doveconf |grep -i idle default_idle_kill = 1 mins imap_idle_notify_interval = 2 mins imapc_max_idle_time = 29 mins mailbox_idle_check_interval = 30 secs
RE: Help on CRAM-MD5
Howdy,
Answering all, so cram-md5 is old, don't want then!
I only noticed thunderbird as default using this, so, won't implement it!
Thanks for the clarify,
-Original Message-
From: dovecot On Behalf Of Aki Tuomi via dovecot
Sent: 19 de junho de 2019 07:31
To: Alexander Dalloz ; dovecot@dovecot.org
Subject: Re: Help on CRAM-MD5
On 19.6.2019 7.48, Alexander Dalloz via dovecot wrote:
> Am 19.06.2019 um 00:04 schrieb Jorge Bastos via dovecot:
>> Howdy,
>>
>> I'm using dovecot and mysql users, and i'm creating the password with:
>>
>> ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
>>
>> So far so good, everything's fine.
>> Today saw that i didn't enabled CRAM-MD5, but if I do, and the (at
>> least)
>> IMAP client (roundcube/thunderbird/etc) issues CRAM-MD5 it doesn't
>> authenticate.
>> What am i doing wrong, or that can be done so that all types work
>> (SASL PLAIN LOGIN + CRAM-MD5)?
>>
>> Thanks in advanced,
>>
>
> For shared secret mechanisms like CRAM-MD5 to work the password must
> be stored in plaintext AFAIK. That's a good reason not to offer that.
>
> Alexander
>
CRAM-MD5 can also be stored as stage 1 MD5 hashed blob. Only marginally better
than plaintext. But as pointed out, CRAM-MD5, DIGEST-MD5 cannot work with
crypted passwords. If you want to use "secure passwords",
SCRAM-SHA1 is an option, but probably best is to disable other than 'PLAIN' and
'LOGIN' mech unless you know what you are doing.
Aki
Help on CRAM-MD5
Howdy,
I'm using dovecot and mysql users, and i'm creating the password with:
ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
So far so good, everything's fine.
Today saw that i didn't enabled CRAM-MD5, but if I do, and the (at least)
IMAP client (roundcube/thunderbird/etc) issues CRAM-MD5 it doesn't
authenticate.
What am i doing wrong, or that can be done so that all types work (SASL
PLAIN LOGIN + CRAM-MD5)?
Thanks in advanced,
New WebSite
Hi There, The new website is cute, but I miss one thing, and I believe other also. In the releases, the date of the release, for example when 2.3.6 was out :P Maybe under the release version: Jorge,
