Re: [Dovecot] client certs with godaddy ssl cert
On 29 Sep 2008 at 8:40, Rainer Frey (Inxmail GmbH) wrote: What is important: you can not self-sign each client certificate, but you need a CA with a self-signed root instead. I think you understand that already, just noting that for completeness. Then you simply configure Dovecot as described in http://wiki.dovecot.org/SSL/DovecotConfiguration To sum it up: ssl_cert_file is responsible for server side TLS/SSL and needs to contain the complete verification path for the server certificate. It has no influence on client certs. ssl_ca_file is used for client cert verification only, and does not need to cover the server certificate. Okay, got this mostly working, currently testing with a Nokia e61i smartphone and having a problem which I'm not quote clear on where it lies, phone issue, postfix issue or dovecot sasl issue Here's the problem, I can successfully authenticate to dovecot via imap using client certs, however when I attempt to send an email, that is giving me errors as follows Oct 11 23:09:40 server postfix/smtpd[25720]: xsasl_dovecot_handle_reply: auth reply: FAIL?1?reason=Client didn't present valid SSL certificate Oct 11 23:09:40 server postfix/smtpd[25720]: warning: unknown[192.xxx.yyy.zzz]: SASL LOGIN authentication failed: Client didn't present valid SSL certificate Oct 11 23:09:40 server postfix/smtpd[25720]: unknown[192.xxx.yyy.zzz]: 535 5.7.0 Error: authentication failed: Client didn't present valid SSL certificate On the phone, there is only the self signed personal cert used to authenticate for imap. Postfix is set to authenticate using the same self signed CA, server cert and server key. Any ideas on what I should look at next? I've already wiped all the certs from both the server and the phone and recreated a new CA, but same problem occurs. Kinda out of ideas, any suggestions? -- Harondel J. Sibble Sibble Computer Consulting Creating Solutions for the small and medium business computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager)
[Dovecot] Different authentication for pop3 and imap
Is it possible to run different authentications for pop3 and imap ? What i need is to give access to some clients to pop3 only and to other to imap only. I'm using postgres as a backend. What i actually need is 2 separate queries for userdb, one to select with WHERE imap_access = 1 and the other one with WHERE pop3_access = 1 ( that's just an example ). I'm using 1.1.2 but i plan on upgrading to either 1.1.4 or 1.2.
Re: [Dovecot] Different authentication for pop3 and imap
On Oct 12, 2008, at 9:44 AM, sh1ny wrote: Is it possible to run different authentications for pop3 and imap ? What i need is to give access to some clients to pop3 only and to other to imap only. I'm using postgres as a backend. What i actually need is 2 separate queries for userdb, one to select with WHERE imap_access = 1 and the other one with WHERE pop3_access = 1 ( that's just an example ). I'm using 1.1.2 but i plan on upgrading to either 1.1.4 or 1.2. You could use something like: password_query = \ select .. where .. and '%s' = 'pop3' and pop3_access = 1 \ union select .. where .. and '%s' = 'imap' and imap_access= 1 PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Multiple ldap_search_base in dovecot-ldap
On Oct 11, 2008, at 8:39 AM, dongthao wrote: Can we use multiple ldap_search_base fields in a dovecot-ldap config file? Not directly, but you can create multiple ldap userdb/passdbs with different config files. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] Different authentication for pop3 and imap
Thanks, ill try that :) Timo Sirainen wrote: On Oct 12, 2008, at 9:44 AM, sh1ny wrote: Is it possible to run different authentications for pop3 and imap ? What i need is to give access to some clients to pop3 only and to other to imap only. I'm using postgres as a backend. What i actually need is 2 separate queries for userdb, one to select with WHERE imap_access = 1 and the other one with WHERE pop3_access = 1 ( that's just an example ). I'm using 1.1.2 but i plan on upgrading to either 1.1.4 or 1.2. You could use something like: password_query = \ select .. where .. and '%s' = 'pop3' and pop3_access = 1 \ union select .. where .. and '%s' = 'imap' and imap_access= 1
Re: [Dovecot] Can I translate the userid to match the UW-POP3 server?
Timo Sirainen wrote: On Oct 12, 2008, at 7:05 AM, Albert E. Whale wrote: Now the Dovecot server is very flexible and currently I have not found how to translate the upper case characters to lowercase. What configuration setting will translate the userids to lowercase? Easiest way is to use auth_username_format = %Lu Perfect. Thank you. -- Albert E. Whale, CHS CISA CISSP Sr. Security, Network, Risk Assessment and Systems Consultant ABS Computer Technology, Inc. http://www.ABS-CompTech.com - Email, Internet and Security Consultants SPAMZapper http://www.Spam-Zapper.com - No-JunkMail.com http://www.No-JunkMail.com - *True Spam Elimination*.
Re: [Dovecot] dovecot 1.2: dict no longer really support DICT_ITERATE_FLAG_RECURSE
I did several fixes to dict iteration. Now it should work as I intended (which is also hopefully how you want to use it): http://hg.dovecot.org/dovecot-1.2/rev/72b7277aefb3 signature.asc Description: This is a digitally signed message part