Re: [Dovecot] postmaster_address setting not given
I see, so that's why I don't see the LDA settings. However it doesn't explain why I keep getting the postmaster_address setting not given when it is clearly configured in the conf file. Or am I missing something? Regards, Steve. Date: Sun, 6 Dec 2009 02:30:42 +0100 From: user+dove...@localhost.localdomain.org To: dovecot@dovecot.org Subject: Re: [Dovecot] postmaster_address setting not given On 12/06/2009 02:17 AM Pascal Volk wrote: … the mercurial changelog contains among others: … Addition for the 1.1 series: date:Sun Jul 26 21:56:17 2009 -0400 summary: dovecot -n/-a now outputs also lda settings. … date:Mon Jul 27 02:09:15 2009 -0400 summary: Released v1.1.18. Regards, Pascal -- The trapper recommends today: defaced.0934...@localdomain.org _ Add your Gmail and Yahoo! Mail email accounts into Hotmail - it's easy http://clk.atdmt.com/UKM/go/186394592/direct/01/
[Dovecot] virtual domains and SSL certificates
Hi, This topic has been discussed before e.g: QUOTE On 2008-08-07, at 1143, Kacper Wysocki wrote: The problem is that the configuration file specifies only one certificate file for dovecot, which means only one Common Name, which means one cannot provide one server cert that will match mail.foo.com AND mail.bar.com, and either ma...@foo.com or bo...@bar.com will get a Security Error: Domain Name Mismatch in their mail client when connecting through IMAPS. /QUOTE I bring it up again because I've just been trying the release candidate for Thunderbird 3. This has a config wizard which derives from ones email address the mail server address etc. It doesn't handle SSL virtual mail servers very well because of this problem. I have encountered a web server called Cherokee (http://www.cherokee-project.com) which has virtual server capability that *demands* a different certificate for each virtual server. How can that be I thought? This is what Cherokee documentation says: QUOTE SSL Virtual Hosts You might have been told elsewhere that named virtual hosts in SSL cannot be supported without SNI (Server Name Indication) because a web server cannot see the hostname header when the SSL request is being processed. Technically this might have been correct in the past. The first thing that the server has to do is to connect with the other end by using SSL/TLS. The user entered host part of the URI must match the Common Name (CN) provided by the certificate. Since virtual hosts are in use, the CN of the first available certificate may or may not match the one specified in the early stages of TLS negotiation. Cherokee supports the clean and standard method of dealing with this issue called Server Name Indication (SNI) that sends the name of the virtual host during the TLS negotiation. If SNI is supported by your SSL/TLS library, the SSL layer does not need to be restarted. Since the host info can be put in the SSL handshake, things will simply work as long as there is a web browser with SNI support at the other side. Currently every modern web browser supports this, and Cherokee has TLS SNI support for the OpenSSL backends. Note that for SNI to work, client support is required. Web browsers known to support it are Mozilla Firefox 2.0+, Opera 8.0+, Internet Explorer 7 (Vista, not XP) or later and Google Chrome. /QUOTE If Cherokee can do it why not dovecot? Is this something that is, or could be, being considered? It does assume that TB3 and other mail clients support SNI but whatever, I suspect that once TB3 is released the subject will pop-up more frequently. I'm curious to know the latest thinking. Dick
Re: [Dovecot] virtual domains and SSL certificates
On Sun, Dec 06, 2009 at 04:23:36PM +, Dick Middleton wrote: I bring it up again because I've just been trying the release candidate for Thunderbird 3. This has a config wizard which derives from ones email address the mail server address etc. It doesn't handle SSL virtual mail servers very well because of this problem. I'd consider that a bug in the wizard, wouldn't you? I have encountered a web server called Cherokee (http://www.cherokee-project.com) which has virtual server capability that *demands* a different certificate for each virtual server. How can that be I thought? This is what Cherokee documentation says: [snip] Cherokee supports the clean and standard method of dealing with this issue called Server Name Indication (SNI) that sends the name of the virtual host during the TLS negotiation. If SNI is supported by your SSL/TLS library, the SSL layer does not need to be restarted. Since the host info can be put in the SSL handshake, things will simply work as long as there is a web browser with SNI support at the other side. Currently every modern web browser supports this, and Cherokee has TLS SNI support for the OpenSSL backends. Note that for SNI to work, client support is required. Web browsers known to support it are Mozilla Firefox 2.0+, Opera 8.0+, Internet Explorer 7 (Vista, not XP) or later and Google Chrome. /QUOTE If Cherokee can do it why not dovecot? Is this something that is, or could be, being considered? It does assume that TB3 and other mail clients support SNI but whatever, I suspect that once TB3 is released the subject will pop-up more frequently. It also assumes that the IMAP protocol has SNI support. IMAP != HTTP. I don't know, but my thought is don't hold your breath. Consider TLS in IMAP and SMTP. The protocols were years ahead of the clients. Even now we see lots of issues with MUAs with inadequate (or NO) TLS support. -- Offlist mail to this address is discarded unless /dev/rob0 or not-spam is in Subject: header
[Dovecot] How do i translate the old default_mail_env setting?
Hi, First, I am new to dovecot. Before my Jan '08 meltdown, sendmail was sufficient. A friend set up dovecot and since things just-worked, I was happy with that. Now I have a new mailserver and what was installed nearly two years ago fails. My pal installed things in dovecot.conf this way: default_mail_env = maildir:~/Maildir but the new mail environment is too different to be readily understood. --At least for me!-- The %u variable is confusing; so in the %h ($HOME [?]) variable... Would the following edit work on my old conf file: mail_location = maildir:~/Maildir ? tia, gary kline -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php
Re: [Dovecot] postmaster_address setting not given
On 12/06/2009 09:55 AM Stephen Davies wrote: I see, so that's why I don't see the LDA settings. However it doesn't explain why I keep getting the postmaster_address setting not given when it is clearly configured in the conf file. Or am I missing something? Regards, Steve. Please stop top posting. When do you get this error? When executing `dovecot -{a,n}`? Regards, Pascal -- The trapper recommends today: defaced.0934...@localdomain.org
Re: [Dovecot] virtual domains and SSL certificates
Dick Middleton wrote: Hi, This topic has been discussed before e.g: snip / Cherokee supports the clean and standard method of dealing with this issue called Server Name Indication (SNI) that sends the name of the virtual host during the TLS negotiation. snip/ If Cherokee can do it why not dovecot? Is this something that is, or could be, being considered? It does assume that TB3 and other mail clients support SNI but whatever, I suspect that once TB3 is released the subject will pop-up more frequently. I'm curious to know the latest thinking. Dick From the Dovecot SSL Limitations thread last week: Timo Sirainen wrote: On Nov 30, 2009, at 4:32 PM, AllenJB wrote: Possibly off-topic from what the OP wants, but couldn't TLS Server Name Indication (SNI) be used to overcome the single server certificate limitation? With Dovecot v2.0 and living in theoretical land, sure.
Re: [Dovecot] postmaster_address setting not given
Date: Sun, 6 Dec 2009 21:48:52 +0100 From: user+dove...@localhost.localdomain.org To: dovecot@dovecot.org Subject: Re: [Dovecot] postmaster_address setting not given On 12/06/2009 09:55 AM Stephen Davies wrote: I see, so that's why I don't see the LDA settings. However it doesn't explain why I keep getting the postmaster_address setting not given when it is clearly configured in the conf file. Or am I missing something? Regards, Steve. Please stop top posting. When do you get this error? When executing `dovecot -{a,n}`? Regards, Pascal -- The trapper recommends today: defaced.0934...@localdomain.org I see this message : deliver(t...@xxx.com): Dec 06 19:35:58 Fatal: postmaster_address setting not given in /var/log/dovecot.log when postfix is attempting local delivery. Regards, Steve. _ Have more than one Hotmail account? Link them together to easily access both http://clk.atdmt.com/UKM/go/186394591/direct/01/
Re: [Dovecot] virtual domains and SSL certificates
On 12/06/09 18:24, /dev/rob0 wrote: On Sun, Dec 06, 2009 at 04:23:36PM +, Dick Middleton wrote: I bring it up again because I've just been trying the release candidate for Thunderbird 3. This has a config wizard which derives from ones email address the mail server address etc. It doesn't handle SSL virtual mail servers very well because of this problem. I'd consider that a bug in the wizard, wouldn't you? Yes, but hard to resolve as they seem to be getting server from either email address or MX neither of which reliably lead to imap server. Trouble is it works for google and other popular providers. And it is quite an infectious idea. It also assumes that the IMAP protocol has SNI support. IMAP != HTTP. I thought SNI was done in TLS/SSL (before HTTP/IMAP was started). I don't know, but my thought is don't hold your breath. That's OK, tomorrow will do :-) Dick
Re: [Dovecot] postmaster_address setting not given
On Dec 5, 2009, at 7:50 PM, Stephen Davies wrote: Hi, I am trying to get dovecot working with postfix, and am coming up against this error message. I have this setting configured in the 'protocol lda' section. I am running v1.1.11 dovecot -n -c /etc/dovecot/dovecot-postfix.conf Are you also calling deliver with -c /etc/dovecot/dovecot-postfix.conf? I don't know what Ubuntu has done, but that's not the default .conf path.
Re: [Dovecot] How do i translate the old default_mail_env setting?
On Dec 6, 2009, at 3:37 PM, Gary Kline wrote: My pal installed things in dovecot.conf this way: default_mail_env = maildir:~/Maildir but the new mail environment is too different to be readily understood. --At least for me!-- The %u variable is confusing; so in the %h ($HOME [?]) variable... %h is exactly the same as ~. Would the following edit work on my old conf file: mail_location = maildir:~/Maildir ? Yes, that would work.
Re: [Dovecot] How do i translate the old default_mail_env setting?
On Sun, Dec 06, 2009 at 07:52:44PM -0500, Timo Sirainen wrote: On Dec 6, 2009, at 3:37 PM, Gary Kline wrote: My pal installed things in dovecot.conf this way: default_mail_env = maildir:~/Maildir but the new mail environment is too different to be readily understood. --At least for me!-- The %u variable is confusing; so in the %h ($HOME [?]) variable... %h is exactly the same as ~. Would the following edit work on my old conf file: mail_location = maildir:~/Maildir ? Yes, that would work. Appreciate it. Is there an overview of your IMAP/POP3 server? Overview, tuturial, what dovecot does? newest features, etc? The fellow who set up dovecoat origially has [ what I believe to be] an unnecessary SASL service. I would like to avoid all redundancies, save CPU, troubles, and so on. ... thanks much, gary -- Gary Kline kl...@thought.org http://www.thought.org Public Service Unix http://jottings.thought.org http://transfinite.thought.org The 7.31a release of Jottings: http://jottings.thought.org/index.php