Re: Thousands of SSL certificates stalls new logins during reload - problem with Dovecot config process

For hosting environments--where TLS certs can change hundreds of times in a matter of minutes--it would be a boon for Dovecot to load those certificates dynamically rather than all at once. Pure-FTPd implements a nice solution to this: a standalone service that fetches TLS certificates & keys.

--with-textcat: configure error?

cat-2.0.so.0.0.0 Is there some way of knowing what command it’s actually running that makes it say “libtextcat or libexttextcat not found”? Thank you! cheers, -Felipe Gasper

Re: SNI via lookup?

> On Oct 7, 2021, at 7:47 PM, Benny Pedersen wrote: > > On 2021-10-08 00:37, Felipe Gasper wrote: >>>> Dovecot call out to some external service to fetch a given domain’s >>>> certificate. >>> sni is something no one needs, your server name is no

Re: SNI via lookup?

> On Oct 7, 2021, at 15:11, Benny Pedersen wrote: > > On 2021-10-07 14:49, Felipe Gasper wrote: > >> Dovecot call out to some external service to fetch a given domain’s >> certificate. > > sni is something no one needs, your server name is not changing if yo

SNI via lookup?

simpler if there were a way to make Dovecot call out to some external service to fetch a given domain’s certificate. Thank you in advance! cheers, -Felipe Gasper

Re: Duplicate plugins - FTS Xapian

> On Sep 1, 2021, at 2:21 PM, Joan Moreau wrote: > > > > Just for clarity, Open-Xchange has not written any xapian plugin > > whatsoever. > > > Yes but the doc says that Open Xchaneg "supports" one over the other. > > Honestly, I am doing this over my free time, begin very reactive to

doveadm, userdb, and ssl=any-cert

is the requesting service, but was this apparent change in 2.3.11 intended? Thank you! cheers, -Felipe Gasper

custom userdb server, Exim, and proxying

we’d like to avoid that. Any insight from this group would be much appreciated. Thank you! cheers, -Felipe Gasper

doveadm protocol bug

confirmation so we can note it in our client implementation. (Switching our client to the HTTP API would be out-of-scope for our current project.) Thank you again! cheers, -Felipe Gasper

Re: doveadm: extra lines?

le enough to fix, but would that break anything? -FG > On May 26, 2020, at 8:07 PM, Felipe Gasper wrote: > > I did a bit more digging, and the issue appears to manifest only when doveadm > sends back an error code. > > Here is a “user” and a “kick”, both of which fail with er

Re: doveadm: extra lines?

tements and see what I can suss out. -FG > On May 26, 2020, at 7:07 PM, Felipe Gasper wrote: > > Hello, > > I’m sending doveadm “kick” commands to doveadm-server via the doveadm > protocol. When “kick” sends back a NOTFOUND error, though, it’s sending back

doveadm: extra lines?

ntation? Thank you! cheers, -Felipe Gasper

Re: How to make IMAPS SSL Cert for Dovecot that works with Thunderbird

From what I can tell, “SSL alert number 42” means that you’ve configured Dovecot to require client authentication. Otherwise, your Let’s Encrypt certificate (with its authority chain) should suffice. -FG > On May 24, 2020, at 5:45 PM, hanas...@gmail.com wrote: > > Hello all, > > What are

Re: missing man page for “doveadm dsync-server”?

> On May 24, 2020, at 2:58 PM, Aki Tuomi wrote: > > >> On 24/05/2020 21:56 Felipe Gasper wrote: >> >> >> Hello, >> >> Is there a man page for this command? I don’t see one in the >> repository. Given its utility in, e.g., syncing

missing man page for “doveadm dsync-server”?

Hello, Is there a man page for this command? I don’t see one in the repository. Given its utility in, e.g., syncing mailboxes via SSH, it seems like documentation for this command would be useful? Thank you! -Felipe Gasper

Re: dsync “destination” argument

> On May 20, 2020, at 10:46 AM, Sami Ketola wrote: > >> On 16. May 2020, at 3.46, Felipe Gasper wrote: >> >> Hello, >> >> Some code that I didn’t write but am maintaining passes a local >> script’s path as dsync’s “destination” argument, lik

dsync multiple mailboxes per connection?

, -Felipe Gasper

dsync “destination” argument

u! cheers, -Felipe Gasper

Pure-FTPd’s SNI daemon

thousands of domains. Thank you! -Felipe Gasper Mississauga, ON

dsync to backup to directory?

” two different mail directories (either maildir or mdbox) via doveadm? “doveadm backup” looks like the closest match, but it doesn’t appear to accept an arbitrary directory as its synchronization source. Thank you! -Felipe Gasper Mississauga, Ontario

Re: “doveadm mailbox” command fails with UTF-8 mailboxes

> On Mar 12, 2019, at 5:23 PM, Timo Sirainen via dovecot > wrote: > > On 12 Mar 2019, at 21.20, Felipe Gasper via dovecot > wrote: >> >> Hello, >> >> I’ve got a strange misconfiguration where the following command: >> >> doveadm

Re: “doveadm mailbox” command fails with UTF-8 mailboxes

> On Mar 12, 2019, at 3:28 PM, Aki Tuomi wrote: > > >> On 12 March 2019 21:20 Felipe Gasper via dovecot wrote: >> >> >> Hello, >> >> I’ve got a strange misconfiguration where the following command: >> >> doveadm -f pag

“doveadm mailbox” command fails with UTF-8 mailboxes

? Thank you! -Felipe Gasper Mississauga, ON

doveadm neglecting to exit in failure?

, shouldn’t the “doveadm” command have exited nonzero to indicate a failure to connect? Thanks! -Felipe Gasper Mississauga, Ontario

Re: dovecot: imap Error: read : Broken pipe

> On Nov 5, 2018, at 6:19 PM, Carl St-Laurent wrote: > > Hi everyone, > > I'm trying to find a solution for this bug who appears 2 months ago : > > dovecot: imap(%USER%): Error: read() > failed: Broken pipe (FETCH BINARY[2] for mailbox INBOX UID (%d) That looks a bit goofy … read() should

Perl Net::Doveadm

hope it’s useful. -Felipe Gasper Mississauga, ON

HTTP API vs. doveadm

To follow up on an earlier thread: is there any functional advantage of the new HTTP API over the doveadm API? How does the HTTP API deal with a query like “mailbox list”, which (as best I can tell) could return non-UTF8 text? -FG

Re: Is the Doveadm HTTP API considered stable for production use?

> On Aug 23, 2018, at 8:44 AM, Reio Remma wrote: > > On 23.08.18 15:35, Felipe Gasper wrote: >> >>> On Aug 23, 2018, at 8:14 AM, James Beck wrote: >>> >>>> On Wed, Aug 22, 2018 at 09:54:44AM -0400, Felipe Gasper wrote: >>>> If you do

Re: Is the Doveadm HTTP API considered stable for production use?

> On Aug 23, 2018, at 8:14 AM, James Beck wrote: > >> On Wed, Aug 22, 2018 at 09:54:44AM -0400, Felipe Gasper wrote: >> If you don’t want to use the HTTP API, you can use the raw doveadm protocol. >> >> https://wiki.dovecot.org/Design/DoveadmProtocol >>

Re: Is the Doveadm HTTP API considered stable for production use?

If you don’t want to use the HTTP API, you can use the raw doveadm protocol. https://wiki.dovecot.org/Design/DoveadmProtocol -FG > On Aug 22, 2018, at 5:55 AM, James Beck wrote: > > Hi, > > I'm running 2.2.34 in production (installed from Debian stretch > backports) and want to rework some

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

Revocation doesn’t remove the certificates; it just marks them as invalid when a TLS client bothers to check. -FG > On Jul 30, 2018, at 6:45 PM, David Mehler wrote: > > Hello, > > I have discovered what I believe is the issue after hearing back from > Aquamail. And that is that android 7

Re: dovecot 2.3.x, ECC and wildcard certificates, any issues

FWIW, it’s relatively straightforward to do this with my Perl ACME implementation, Net::ACME2. You’ll get your first certificate order using one key, then request another certificate with the other key. -FG > On Jul 30, 2018, at 1:49 PM, Aki Tuomi wrote: > > I don't know how to get both RSA

OCSP Stapling and Certificate Transparency

certificate? I’m wondering if any MUAs will follow Google’s lead and insist on CT. Thank you! -Felipe Gasper Mississauga, Ontario

mail delivery interrupts force-resync

connection. Later, when our folks realized the issue and blocked access to the mailbox, the index rebuild finished in about 90 seconds. Is it possible for the fsck to “lock” the mailbox or otherwise protect against this? Thank you! -Felipe Gasper

Re: lazy-load SNI?

> On Nov 11, 2016, at 9:06 AM, Aki Tuomi wrote: > > If you are interested in testing, please find patch attached that allows you > to specify > > local_name *.foo.bar { > } > > or > > local_name *.*.foo.bar { > } > Dear Aki et al., How straightforward would

Re: lazy-load SNI?

> On Nov 11, 2016, at 1:29 PM, KSB wrote: > Great! Seems to be working fine for my usage and makes my configs 50% smaller (which is gigantic improvement). Will do more testing though. Thanks! > > A little bit offtopic, but what is the point

Re: lazy-load SNI?

> On Nov 11, 2016, at 5:36 AM, Aki Tuomi wrote: > > Hi! > > We are going to do some changes at some point how the certs are loaded and > handled to alleviate this. The idea is not yet ripe, so I won't go into too > much detail, but idea is to move the cert storage from

lazy-load SNI?

Hello, We’re rolling out large SNI deployments for our mail servers. Each domain gets an entry like this in the config: local_name mail.foo.com { ssl_cert =

quota_full_tempfail

don’t see much on this option in the docs. Thank you! -Felipe Gasper Houston, TX

Re: Pluggable SNI?

> > On 21 Jun 2016, at 5:04 PM, Timo Sirainen <t...@iki.fi> wrote: > > On 21 Jun 2016, at 22:58, Felipe Gasper <fel...@felipegasper.com> wrote: >> >> Hello, >> >> How feasible would it be to have a “pluggable” Dovecot setup that would

Pluggable SNI?

Hello, How feasible would it be to have a “pluggable” Dovecot setup that would permit arbitrary logic for fetching TLS/SNI certificates and key, rather than having to hard-code each domain’s resources in a configuration file? A couple scenarios that I envision such a framework

[Dovecot] manually updating dovecot 1 config to dovecot 2

Is there documentation somewhere on how to update a dovecot 1 configuration file to dovecot 2’s preferred formats? We’re looking to provide Dovecot 2 with cPanel; having that documentation would help us update the config file templates that we ship. Thank you! -- Felipe Gasper cPanel, Inc.

Re: [Dovecot] manually updating dovecot 1 config to dovecot 2

I mean without using doveconf. Manually going in, with a text editor, and changing the settings to the new formats. Is there anything that describes how to do this? -FG On 4/4/13 6:28 PM, Daniel Parthey wrote: Hi Felipe, Felipe Gasper (cPanel) wrote: Is there documentation somewhere