Re: changing cipher for imap clients
On 28 Oct 2019, at 08:45, Fourhundred Thecat <400the...@gmx.ch> wrote: > setting ssl_prefer_server_ciphers=yes did the trick. Now my imap client > uses ECDHE-RSA-AES256-SHA Now go turn off TLSv1 -- At night when the bars close down Brandy walks through a silent town And loves a man who's not around
Re: changing cipher for imap clients
The funny thing is AES128 may be harder to break than AES256. https://www.schneier.com/blog/archives/2009/07/another_new_aes.html It had been a decade, so it would be interesting if Bruce Schneier has the same opinion. I just use the defaults. Original Message From: dovecot@dovecot.org Sent: October 28, 2019 7:13 AM To: dovecot@dovecot.org Reply-to: 400the...@gmx.ch Subject: changing cipher for imap clients When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current values (defaults) # doveconf ssl_cipher_list ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH # dovecot --version 2.3.4.1 thanks,
Re: changing cipher for imap clients
> On 2019-10-28 15:36, Aki Tuomi wrote: > Also, you could try the *default* cipher list (unset ssl_cipher_list), which > is reasonable. Also make sure you have 'ssl_prefer_server_ciphers=yes', so > that the server-side priority list is used. setting ssl_prefer_server_ciphers=yes did the trick. Now my imap client uses ECDHE-RSA-AES256-SHA many thanks,
Re: changing cipher for imap clients
> On 28/10/2019 16:12 Fourhundred Thecat via dovecot > wrote: > > > When my client connects, I see this in my log: > > dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 > bits) > > Whereas, when client connects to my postfix server, I see: > > Anonymous TLS connection established from * TLSv1 with cipher > ECDHE-RSA-AES256-SHA (256/256 bits) > > how can I tell dovecot to use AES256, instead of AES128 ? > > is this set by ssl_cipher_list ? Here are my current values (defaults) > > # doveconf ssl_cipher_list > ssl_cipher_list = > ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH > > # dovecot --version > 2.3.4.1 > > thanks, Perhaps your client does not support it? Also, you could try the *default* cipher list (unset ssl_cipher_list), which is reasonable. Also make sure you have 'ssl_prefer_server_ciphers=yes', so that the server-side priority list is used. aki
changing cipher for imap clients
When my client connects, I see this in my log: dovecot: imap-login: TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits) Whereas, when client connects to my postfix server, I see: Anonymous TLS connection established from * TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits) how can I tell dovecot to use AES256, instead of AES128 ? is this set by ssl_cipher_list ? Here are my current values (defaults) # doveconf ssl_cipher_list ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH # dovecot --version 2.3.4.1 thanks,
Re: Dovecot and MySQL aborted connections.
On 28/10/2019 11:28, Gerald Galster via dovecot wrote: Hi, Is anyone else using Dovecot (2.3.8) with MySQL (5.7) seeing a lot of these in MySQL logs? 2019-10-28T11:08:20.384428+02:00 58378 [Note] Aborted connection 58378 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) 2019-10-28T11:10:09.821171+02:00 58420 [Note] Aborted connection 58420 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) 2019-10-28T11:11:26.170015+02:00 58441 [Note] Aborted connection 58441 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) 2019-10-28T11:13:14.091426+02:00 58459 [Note] Aborted connection 58459 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) They've plagued my logs for as long as I can remember. Is Dovecot not closing connections to the database properly or something similar? is it possible MySQL closed inactive connections? SHOW VARIABLES LIKE '%timeout%'; mysqlx_wait_timeout = 3600 wait_timeout = 3600 mysqlx_interactive_timeout = 3600 interactive_timeout = 3600 Gerald Variable_name Value connect_timeout 10 interactive_timeout 28800 lock_wait_timeout 31536000 net_read_timeout 30 net_write_timeout 60 wait_timeout 28800 That sounds plausible. I wonder how to solve it though. :) I don't get any such notices from OpenSMPTD using the same database.
Re: Dovecot and MySQL aborted connections.
On October 28, 2019 10:15:34 AM GMT+01:00, Reio Remma via dovecot wrote: >Is anyone else using Dovecot (2.3.8) with MySQL (5.7) seeing a lot of >these in MySQL logs? > >2019-10-28T11:08:20.384428+02:00 58378 [Note] Aborted connection 58378 >to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading >communication packets) >2019-10-28T11:10:09.821171+02:00 58420 [Note] Aborted connection 58420 >to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading >communication packets) >2019-10-28T11:11:26.170015+02:00 58441 [Note] Aborted connection 58441 >to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading >communication packets) >2019-10-28T11:13:14.091426+02:00 58459 [Note] Aborted connection 58459 >to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading >communication packets) > >They've plagued my logs for as long as I can remember. Is Dovecot not >closing connections to the database properly or something similar? I'm seeing these messages too with mariadb on Debian 10. >Reio -- Christian Kivalo
Re: Dovecot and MySQL aborted connections.
Hi, > Is anyone else using Dovecot (2.3.8) with MySQL (5.7) seeing a lot of these > in MySQL logs? > > 2019-10-28T11:08:20.384428+02:00 58378 [Note] Aborted connection 58378 to db: > 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication > packets) > 2019-10-28T11:10:09.821171+02:00 58420 [Note] Aborted connection 58420 to db: > 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication > packets) > 2019-10-28T11:11:26.170015+02:00 58441 [Note] Aborted connection 58441 to db: > 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication > packets) > 2019-10-28T11:13:14.091426+02:00 58459 [Note] Aborted connection 58459 to db: > 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication > packets) > > They've plagued my logs for as long as I can remember. Is Dovecot not closing > connections to the database properly or something similar? is it possible MySQL closed inactive connections? SHOW VARIABLES LIKE '%timeout%'; mysqlx_wait_timeout = 3600 wait_timeout = 3600 mysqlx_interactive_timeout = 3600 interactive_timeout = 3600 Gerald
Dovecot list breaks DKIM.
Hello again, I noticed mails from the Dovecot list break DKIM signatures. Perhaps it's something to look at? Most lists I'm on manage to pass messages with DKIM intact. Authentication-Results: abc.abc.abc; dkim=fail (rsa verify failed) header.d=mrstuudio.ee header.s=mr header.b=M03Fp5lE; dmarc=pass (policy=none) header.from=dovecot.org; spf=pass Thanks, Reio
Dovecot and MySQL aborted connections.
Is anyone else using Dovecot (2.3.8) with MySQL (5.7) seeing a lot of these in MySQL logs? 2019-10-28T11:08:20.384428+02:00 58378 [Note] Aborted connection 58378 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) 2019-10-28T11:10:09.821171+02:00 58420 [Note] Aborted connection 58420 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) 2019-10-28T11:11:26.170015+02:00 58441 [Note] Aborted connection 58441 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) 2019-10-28T11:13:14.091426+02:00 58459 [Note] Aborted connection 58459 to db: 'vmail' user: 'vmail' host: 'localhost' (Got an error reading communication packets) They've plagued my logs for as long as I can remember. Is Dovecot not closing connections to the database properly or something similar? Reio
Re: SQL iterate_query
On 25/10/2019 00:00, Daniel Miller via dovecot wrote: So, given that the complete address is used as the username I now use: iterate_query = SELECT username FROM mailbox https://doc.dovecot.org/configuration_manual/authentication/sql/#user-iteration ...says that iterate_query has two variants. You have complete addresses in a database column "username" so you need the first. The addresses must be return in a column named "user", hence add "AS user" to label your column. Try: iterate_query = SELECT username AS user FROM mailbox