Re: Submission service capabilities listing
On 13/11/2020 00:48, Dan wrote:
Hello all,
I'm attempting to implement a submission server with questions in
regards to how Dovecot handles the backend hosts capabilities. To my
understanding, Dovecot will connect to the host specified in either
submission_host or submission_relay_host, and gather a list of
capabilities. Once gathered, after the client sends the EHLO greeting
Dovecot will respond back with capabilities that the backend host is
capable of.
The submission_host setting is not relevant to this topic. It is only
used for sending messages produced by Dovecot itself, e.g. from Sieve.
My question is, When does this occur?
The automated part only works after AUTH. The initial EHLO is not
necessarily accurate.
You can configure |submission_backend_capabilities to set the backend
(=relay in this case) capabilities directly. In that case the backend
EHLO reply is not used.|
Running a tcpdump with the filter set to the relay host IP, I don't
see any traffic until after I send the EHLO command. Dovecot states
that CHUNKING is available, but the backend host does not have that
capability.
CHUNKING does not need backend support. The mail can be accepted using
BDAT command at the frontend and relayed to the backend using classic
DATA command.
Is there a way to disable CHUNKING explicitly?
You cannot currently disable CHUNKING support at the frontend. Why would
you want to?
Regards,
Stephan.
Thanks.
submission_relay_host = x.x.x.x
submission_host = x.x.x.x
submission_relay_ssl = no
submission_relay_ssl_verify = no
protocol submission {
passdb {
driver = static
args = host=x.x.x.x proxy=y nopassword=y port=587
}
}
Submission service capabilities listing
Hello all,
I'm attempting to implement a submission server with questions in
regards to how Dovecot handles the backend hosts capabilities. To my
understanding, Dovecot will connect to the host specified in either
submission_host or submission_relay_host, and gather a list of
capabilities. Once gathered, after the client sends the EHLO greeting
Dovecot will respond back with capabilities that the backend host is
capable of.
My question is, When does this occur? Running a tcpdump with the filter
set to the relay host IP, I don't see any traffic until after I send the
EHLO command. Dovecot states that CHUNKING is available, but the backend
host does not have that capability.
Is there a way to disable CHUNKING explicitly?
Thanks.
submission_relay_host = x.x.x.x
submission_host = x.x.x.x
submission_relay_ssl = no
submission_relay_ssl_verify = no
protocol submission {
passdb {
driver = static
args = host=x.x.x.x proxy=y nopassword=y port=587
}
}
Re: How do Cerbot files map to Dovecot?
https://github.com/acmesh-official/acme.sh I used the Neilpang bash script on Centos 7. No drama. It just works. The only thing is because it works so well I am pretty much useless to provide help with it because it has been so flawless. The only way I know it is running is I have to accept new certs on my mail clients. There is a mod to the script I added to restart dovecot to enable the new cert to be used. It may be stock now. Original Message From: m...@tdiehl.org Sent: November 12, 2020 12:28 PM To: raym...@forcewise.com Reply-to: m...@tdiehl.org Cc: dovecot@dovecot.org Subject: Re: How do Cerbot files map to Dovecot? On Thu, 12 Nov 2020, Raymond Herrera wrote: > I am postponing the Apache plugin issue (CentOS is not Certbot friendly) and For the record, certbot works just fine on CentOS. It just requires that you understand how things work. :-) The plugin which you seek is called python2-certbot-apache.noarch. You can see all of the available plugins on CentOS 7 by running the following: yum list \*certbot\* In addition there are MANY other packages available for generating LE certs. Most are not included in CentOS or EPEL. Some are easier to configure some not so much. It really depends on your requirements and skill level. > requesting a standalone, generic certificate. After the command "1: Spin up a > temporary webserver" I have the following 2 files in the folder > /etc/letsencrypt: > > -rw-r--r-- 1 root root 924 Nov 12 11:14 csr/_csr-certbot.pem > -rw--- 1 root root 1708 Nov 12 11:14 keys/_key-certbot.pem > > The "key" is probably a direct replacement for the file in the distribution. > What about the "csr" file? It seems to be a request, not the certificate > itself. You have something mis-configured or something is running on port 80 when Certbot is trying to install a tmp web server on port 80. What is mis-configured or what is running on port 80, I cannot tell with the information you have provided. I can tell you I have been running Certbot for the last 3 or 4 years without issue on various CentOS systems I maintain. In addition, I suspect this whole thread is off topic for the Dovecot list. If you want further help, I suggest asking on the CentOS list. Regards, -- Tom m...@tdiehl.org
Re: How do Cerbot files map to Dovecot?
On Thu, 12 Nov 2020, Raymond Herrera wrote: I am postponing the Apache plugin issue (CentOS is not Certbot friendly) and For the record, certbot works just fine on CentOS. It just requires that you understand how things work. :-) The plugin which you seek is called python2-certbot-apache.noarch. You can see all of the available plugins on CentOS 7 by running the following: yum list \*certbot\* In addition there are MANY other packages available for generating LE certs. Most are not included in CentOS or EPEL. Some are easier to configure some not so much. It really depends on your requirements and skill level. requesting a standalone, generic certificate. After the command "1: Spin up a temporary webserver" I have the following 2 files in the folder /etc/letsencrypt: -rw-r--r-- 1 root root 924 Nov 12 11:14 csr/_csr-certbot.pem -rw--- 1 root root 1708 Nov 12 11:14 keys/_key-certbot.pem The "key" is probably a direct replacement for the file in the distribution. What about the "csr" file? It seems to be a request, not the certificate itself. You have something mis-configured or something is running on port 80 when Certbot is trying to install a tmp web server on port 80. What is mis-configured or what is running on port 80, I cannot tell with the information you have provided. I can tell you I have been running Certbot for the last 3 or 4 years without issue on various CentOS systems I maintain. In addition, I suspect this whole thread is off topic for the Dovecot list. If you want further help, I suggest asking on the CentOS list. Regards, -- Tom m...@tdiehl.org
Re: Fwd: Trying to install certbot on CentOS
Raymond, > # certbot certonly --apache > Saving debug log to /var/log/letsencrypt/letsencrypt.log > Could not choose appropriate plugin: The requested apache plugin does not > appear to be installed > The requested apache plugin does not appear to be installed > I am trying to find which is the "requested apache plugin". The log mentions > "authenticator". just wondering: Do you have an apache webserver running on this machine? If not, run # certbot certonly --standalone or read https://certbot.eff.org/docs/using.html and don't forget to open port 80 in your firewall. letsencrypt wants to access that port. > I am hoping that an Apache Certificate will be useful for Dovecot. you can bet :-) Michael
How do Cerbot files map to Dovecot?
I am postponing the Apache plugin issue (CentOS is not Certbot friendly) and requesting a standalone, generic certificate. After the command "1: Spin up a temporary webserver" I have the following 2 files in the folder /etc/letsencrypt: -rw-r--r-- 1 root root 924 Nov 12 11:14 csr/_csr-certbot.pem -rw--- 1 root root 1708 Nov 12 11:14 keys/_key-certbot.pem The "key" is probably a direct replacement for the file in the distribution. What about the "csr" file? It seems to be a request, not the certificate itself. TIA
Re: Guide on Renewing SSL Certificate for Apache, Postfix and Dovecot on CentOS 6.8 Linux
Am 12.11.2020 um 12:25 schrieb Turritopsis Dohrnii Teo En Ming: Good day from Singapore, Please check out the following link for my guide. Please, not here on this list too! Setup your own website or blog to spread your doubtful manuals. Alexander P.S. CentOS 6.8 is outdated as hell (current would be 6.10) and major release 6 will become EOL by end of this month.
Fwd: Trying to install certbot on CentOS
On 11/12/2020 10:44 AM, Raymond Herrera wrote: Following the advice obtained here, I am trying to get a LetsEncrypt certificate. These are the instructions: Step 1: https://snapcraft.io/docs/installing-snapd Step 2: https://certbot.eff.org/lets-encrypt/centosrhel7-apache My problem is this error message: # snap install --classic certbot error: system does not fully support snapd: cannot mount squashfs image using "squashfs": mount: /tmp/sanity-squashfs-881328484: failed to setup loop device: No such file or directory Apparently, RedHat/CentOS are not supporters of snap. TIA OS: CentOS 7 Thanks to Leonardo and Michael, I have made some progress. The snaps application is not supported by RedHat/CentOS. The solution is simple, just use: # yum install certbot The new error message is this: # certbot certonly --apache Saving debug log to /var/log/letsencrypt/letsencrypt.log Could not choose appropriate plugin: The requested apache plugin does not appear to be installed The requested apache plugin does not appear to be installed I am trying to find which is the "requested apache plugin". The log mentions "authenticator". I am hoping that an Apache Certificate will be useful for Dovecot.
Re: Trying to install certbot on CentOS
Raymond, > https://snapcraft.io/docs/installing-snapd > https://certbot.eff.org/lets-encrypt/centosrhel7-apache > # snap install --classic certbot > error: system does not fully support snapd: cannot mount squashfs image using > "squashfs": mount: > /tmp/sanity-squashfs-881328484: failed to setup loop device: No such > file or directory > Apparently, RedHat/CentOS are not supporters of snap. What's the problem? Certbot is in epel. install the epel-repository and run a simple yum install certbot. :-) Apparently, the epel-version is 1.9.0, which seems to be the most recent version anyway. Michael
Re: Trying to install certbot on CentOS
Em 12/11/2020 13:44, Raymond Herrera escreveu: Apparently, RedHat/CentOS are not supporters of snap. You can always install the certbot RPM package for the CentOS 7, it's on the epel repository. [root@firewall ~]# cat /etc/redhat-release CentOS Linux release 7.8.2003 (Core) [root@firewall ~]# yum info certbot [ ]Available Packages Name : certbot Arch : noarch Version : 1.9.0 Release : 1.el7 Size : 46 k Repo : epel/x86_64 Summary : A free, automated certificate authority client URL : https://pypi.python.org/pypi/certbot License : ASL 2.0 Description : certbot is a free, automated certificate authority that aims : to lower the barriers to entry for encrypting all HTTP traffic on the internet. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Trying to install certbot on CentOS
Following the advice obtained here, I am trying to get a LetsEncrypt certificate. These are the instructions: Step 1: https://snapcraft.io/docs/installing-snapd Step 2: https://certbot.eff.org/lets-encrypt/centosrhel7-apache My problem is this error message: # snap install --classic certbot error: system does not fully support snapd: cannot mount squashfs image using "squashfs": mount: /tmp/sanity-squashfs-881328484: failed to setup loop device: No such file or directory Apparently, RedHat/CentOS are not supporters of snap. TIA OS: CentOS 7
Guide on Renewing SSL Certificate for Apache, Postfix and Dovecot on CentOS 6.8 Linux
Good day from Singapore, Please check out the following link for my guide. https://marc.info/?l=postfix-users&m=160517863730596&w=2 Thank you very much. -BEGIN EMAIL SIGNATURE- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -END EMAIL SIGNATURE-
Testing
Testing -BEGIN EMAIL SIGNATURE- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -END EMAIL SIGNATURE-
