Notification "API" for external replication

from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE

dovecot replication crashing

Hi, I'm a but clueless, having issues with replication. `doveadm dsync -u hans` works. But using the following replication setup, I see coredumps. Where to go next? Interestingly not for all users. (For testing purposes I've only 2 users. One having about 20 messages: here even the replication

Re: The end of Dovecot Director?

esden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - signature.asc Description: PGP signature

master - master syncronization: *-temp-1-temp-1-temp-2-* recursion

Hi, I'm using dovecot 2.3.4.1 (f79e8e7e4) (Debian Build) and doing master/master replication. Recently we added a huuge .Archive* folder structure to the items being replicated. And now, suddenly we see new folders with a naming like *-temp-1-temp-1-temp-2-* appearing. This finally lead to

Re: Separating Dovecot and Postfix

ards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key

Re: [EXTERNAL] Re: Installation Question: Is a web server required ?

tial part, if they mention it at all. (I'm talking about the "core" documentation, not about Wikis, HowTows, Blogs, …) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support

Re: Installation Question: Is a web server required ?

White, Daniel E. (GSFC-770.0)[NICS] (Mi 28 Apr 2021 19:28:41 CEST): > Can Dovecot be installed with Postfix and without being behind a web server ? Yes. > I want a mail service that can only be accessed by POP3(s)/IMAP(s) and not by > a web UI. Dovecot is a pure POP3/IMAP server. No Web-UI is

Re: error 42 ssl certificate expired

because your address doesn't match the OP's address and somehow the information you're presenting doesn't fit the OP's information (Self signed certs vs LE certs) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -

Re: error 42 ssl certificate expired

Hi, > In our case this is an internally used Dovecot Mail server that's used for … > certificates worth the expense? Just curious on what everyone's opinion is > of Digital Certs signed by certificate authorities that are only used inside > the LAN. Thoughts? Aki is right. On the long run it's

Re: doveadm user '*' vs sssd: enumeration works only once

Heiko Schlittermann (Do 25 Feb 2021 12:17:55 CET): > > I'm not sure about the semantics of setpwent()/endpwent(), mayb the nss > plugin (here sssd) should gracefully handle a missing endwent() if it > sees a new setpwent(). But I think, it can't harm to call endpwent() on > t

Re: doveadm user '*' vs sssd: enumeration works only once

Aki Tuomi (Do 25 Feb 2021 12:21:43 CET): > > > > --- a/src/auth/userdb-passwd.c > > > > +++ b/src/auth/userdb-passwd.c > > > > @@ -208,6 +208,7 @@ static int passwd_iterate_deinit(struct > > > > userdb_iterate_context *_ctx) > > > > cur_userdb_iter_to = timeout_add(0, > > > >

Re: doveadm user '*' vs sssd: enumeration works only once

missing endwent() if it sees a new setpwent(). But I think, it can't harm to call endpwent() on the dovecot side. I deployed a debian package with the above patch added onto my system, and it seems to work. So, should I file a bug report against dovecot? Best regards from Dresden/Germany Viel

Re: doveadm user '*' vs sssd: enumeration works only once

Heiko Schlittermann (Do 25 Feb 2021 10:36:21 CET): > > within a small timeframe returns a subset of the local users only (the > say count(); I suppose the following would fix the issue: (not tested yet) diff --git a/src/auth/userdb-passwd.c b/src/auth/userdb-passwd.c index

Re: doveadm user '*' vs sssd: enumeration works only once

Heiko Schlittermann (Do 25 Feb 2021 10:08:05 CET): > > doveadm user * > > returns the full user list only once. A 2nd invocation of the same command > within a small timeframe returns a subset of the local users only (the The following Perl script can reproduc

doveadm user '*' vs sssd: enumeration works only once

ssd (more specifically its nss module) - [ ] misbehaviour of dovecot/auth processes? Dovecot: 2.3.4.1 (f79e8e7e4) Operating System: Debian GNU/Linux 10 (buster) Sssd: 1.16.30 Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN

Re: auth-client via SSL?

Hi Aki, thank you for answering. Aki Tuomi (Mi 05 Feb 2020 07:59:55 CET): > > does dovecot support tls-on-connect for AF INET based auth-client > > sockets? > > inet_listener auth-client { > > name = exim > > port = 4711 > > ssl = yes > > } >

Re: auth-client via SSL?

Hi, I'm resending this message, still hoping for an answer. Hello, does dovecot support tls-on-connect for AF INET based auth-client sockets? Rationale behind my question: Exim can use the Dovecot auth-client socket to delegate the SMTP-AUTH authentication to Dovecot. Currently Exim supports

auth-client via SSL?

Hello, does dovecot support tls-on-connect for AF INET based auth-client sockets? Rationale behind my question: Exim can use the Dovecot auth-client socket to delegate the SMTP-AUTH authentication to Dovecot. Currently Exim supports the AF UNIX only for this socket. Jeremy makes progress in

Re: Multiple certificate option SNI

Maciej Milaszewski IQ PL via dovecot (Fr 13 Sep 2019 12:10:39 CEST): > openssl s_client -connect imap.mail.test.domain.com:993 -tls1_1 Use -servername for testing. -- Heiko signature.asc Description: PGP signature

Re: dovecot Buch 2014 vs 2016

Hi Stephan, Stephan Bosch via dovecot (Fr 22 Feb 2019 13:39:27 CET): > > Gibt es - außer der Sprache und dem Preis - einen Unterschied zwischen > > der ersten (und einzigen?) deutschen Auflage von 2014 und der englischen > > Auflage von 2016? > > Hier wird leider nur Englisch gesprochen. Sie

dovecot Buch 2014 vs 2016

Moin, Es geht um das Dovecot-Buch. Ich nehme an, daß hier mindestens einer, der sich auskennt, mitliest: Gibt es - außer der Sprache und dem Preis - einen Unterschied zwischen der ersten (und einzigen?) deutschen Auflage von 2014 und der englischen Auflage von 2016? -- Heiko signature.asc

Re: authenticate as userA, but get authorization to user userB's account

many?) userPassword fields per LDAP object. If we are able to track the password hashes (which hash for which user), we can have each user using his very own password to login as another user (provided that other user has an additional userPassword field) Best regards from D

Re: authenticate as userA, but get authorization to user userB's account

Kadlecsik József (Mi 25 Okt 2017 14:42:11 CEST): … > The master users are allowed to impersonate anyone and at the same time > cannot login as themselves. Those were the issues why we couldn't choose > to use master users. True. -- Heiko signature.asc

Re: authenticate as userA, but get authorization to user userB's account

rds from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F6

Re: authenticate as userA, but get authorization to user userB's account

Thomas Leuxner <t...@leuxner.net> (Mi 25 Okt 2017 13:11:52 CEST): … > * Heiko Schlittermann <h...@schlittermann.de> 2017.10.25 12:58: > wouldn't this be a use case for acl_groups, where a user would belong to > group "Sales" and this "role" would gain

authenticate as userA, but get authorization to user userB's account

t up this in a generic MUA, as some webmail client? Thanks in advance, best regards from Dresden/Germany Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg e

Re: STARTTLS issue with sieve

he root CA to your ca-certificates, but let the intermediate cert in the certificate chain sent by the server. (That's what the intermediate certs are good for, isn't it?) Heiko -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl

Re: STARTTLS issue with sieve

the root of the chain. Heiko -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked

Re: STARTTLS issue with sieve

client wont trust the root CA it received. The client should trust only its copy of the root CA. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-

Re: STARTTLS issue with sieve

seems to be hardcoded in /usr/lib/x86_64-linux-gnu/libgnutls.so.30 (Debian9, amd64) $ strings /usr/lib/x86_64-linux-gnu/libgnutls.so.30 | grep '/etc/ssl' /etc/ssl/certs/ca-certificates.crt So, on my system gnutls-cli seems to use the same CA store (/etc/ssl/certs) as openssl. B

Re: Exim still accepting emails to nonexistent users

mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)(mail=$local_part@ > $domain))}{$value}fail} > > Thanks again for all the support. You pointed me in the right direction. :) You're welcome. Best regards from Dresden/Germany Viele Grüße aus Dresden Heik

Re: Exim still accepting emails to nonexistent users

Hi, Heiko Schlittermann <h...@schlittermann.de> (Mo 21 Nov 2016 11:50:13 CET): > a) Routing stage > You need to interact with the user database dovecot uses. > Either you access the user database directory (flat file, LDAP, > whatever) or you use the ${readsocket…} featu

Re: Exim still accepting emails to nonexistent users

do callout: neither router nor transport provided a host list This can be 'fixed' if you use (not tested) dovecot_lmtp: driver = smtp protocol = lmtp host = localhost port = 2525 and have the dovecot LMTP run on a local TCP port Best regards from Dresden/Germany Viele Grüße a

Re: Exim still accepting emails to nonexistent users

ansport, responsible for the delivery to dovecot? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg e

<-FIN <-RST ->FIN,ACK <-RST on SSL connection shutdown

aintext IMAP. There I see the expected shudown handshake FIN - FIN,ACK - ACK. Dovecot version is 2.2.24 (a82c823) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlitte

Re: dsync unstable? (other strange detail)

/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key

Re: dsync unstable? (other strange detail)

Timo Sirainen (Mi 29 Jun 2016 00:00:11 CEST): … > >> b) UID=16 suddenly appeared on Cyrus side even though it wasn't there > >> earlier. This isn't allowed by IMAP standard. > It's still strange if Cyrus is doing that. It's generally a pretty well > behaving IMAP server. What

Re: dsync unstable? (other strange detail)

Hi, Timo Sirainen (Di 28 Jun 2016 23:30:38 CEST): > > > > On successive runs of the above command I get: > > > >dsync(heiko): Warning: Deleting mailbox 'Serververwaltung.Mailinglisten > > Anforderung': UID=16 GUID= is missing locally > > This means that on Dovecot side there

dsync unstable? (other strange detail)

Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7C

dsync is unstable?

gards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376

Re: doveadm-server protocol change?

em before every update. I'm using the ppa http://ppa.launchpad.net/patrickdk/production/ubuntu and until now it works fine. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko

Re: Ubuntu package - Was: Re: doveadm-server protocol change?

duction systems so) Thank you for your response, we're using your packages now in a production ready environment I'll contact you in case of any issues. (The environment uses a directors/backends setup.) Best regards from Dresden/Germany Viele Grüße aus Dresden Heik

Re: Ubuntu package - Was: Re: doveadm-server protocol change?

/dovecot /lib/systemd/system/dovecot.service > While xi packages places its own init script there. The xi packages I didn't check yet. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & un

Re: doveadm-server protocol change?

Heiko Schlittermann <h...@schlittermann.de> (Mo 30 Mai 2016 21:18:09 CEST): > Hi Aki, > > aki.tu...@dovecot.fi <aki.tu...@dovecot.fi> (Mo 30 Mai 2016 20:57:58 CEST): > … > > You can get packages from http://xi.dovecot.fi/debian/, if it helps. The > > HTTP API

Re: doveadm-server protocol change?

sden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF7

Re: doveadm-server protocol change?

Hi Aki, thank your for responding that fast. aki.tu...@dovecot.fi (Mo 30 Mai 2016 17:49:53 CEST): … > Hi! This has been fixed in 2.2.24. There was a bug in user passing. Ok, thus at least your answer saves me hours of debugging. We upgraded old Ubuntu Boxes (14.04/LTS)

doveadm-server protocol change?

Hi, I'm doing quota checks from a remote machine (the real setup is a bit more complex, if necessary I can explain it in more detail, but I just extracted the bits that are easily reproduceable) # nc backend1 24245 VERSION doveadm-server 1 0 PLAIN

Re: Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

Hi, Stephan Bosch <step...@rename-it.nl> (Mi 27 Apr 2016 11:32:23 CEST): … > Op 4/27/2016 om 11:11 AM schreef Heiko Schlittermann: > > src/imap/cmd-notify.c: "MessageNew", "MessageExpunge", "FlagChange", > > "AnnotationChange", >

[SOLVED] Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

traces that indicate support for ANNOATION. But again, I may be wrong, as I do often. changeset: 237:219c13a7696d bookmark:hs12 tag: tip user:Heiko Schlittermann <h...@schlittermann.de> date:Wed Apr 27 11:27:14 2016 +0200 summary: Check the Value before using

Re: Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

en? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome ---

Re: Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

://hg.dovecot.org/dovecot-metadata-plugin was 2013 . Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998

Crash: setannotation Trash "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL)

("value.shared" "27") S: 2 OK Completed. Is this a known bug that is fixed in later releases? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix support - Heiko Schl

doveadm backup 2.2.23 ignores -u, but reads USER environment?

up' Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome -

Re: Deliver same E-Mail in same Mailbox only once ?

message (I put you on BCC), you'll receive it via the mailing list AND directly. Depending on the ML configuration the messages are NOT identical. (ML signature, replaced Reply-To, added header lines, …) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann --

Re: LMTP proxy does not pass RCPT TO: ... 5xx response back

the maildir directly. Doesn't help. Since I have a director/backend setup. Can't quota-status use the same interface doveadm quota uses? Unfortunenatly I didn't find further documentation, except the source itself. Best regards from Dresden/Germany Viele Grüße aus Dresden

doveadm sync/backup doesn't sync the metadata?

something here? Shouldn't the metadata be part of the backup? (I'm using the latest 2.2.22 for sync purposes, as the stock dovecot just crashed when used as 'doveadm backup …') Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de

Re: LMTP proxy does not pass RCPT TO: ... 5xx response back

ld be good. And using the RCPT TO response would not need any magic mechanisms on the MTA side. We could use recipient verification via callouts (as we do to check the existence of the recipient, w/o the need to do some LDAP lookups). Best regards from Dresden/Germany Viele Grüße aus Dresden

Re: ANNOTATE plugin? Squirrel uses it for EXPIRATION information

Hallo Andreas, A. Schulze <s...@andreasschulze.de> (So 14 Feb 2016 12:47:19 CET): > > Am 13.02.2016 um 23:24 schrieb Heiko Schlittermann: > >it seems that Squirrel mail uses Mailbox annotations for storing Expire > >times on the Server. It's an Cyrus server curr

ANNOTATE plugin? Squirrel uses it for EXPIRATION information

how it's supposed to work on Cyrus and how it can be emulated/simulated with dovecot? Thanks in advance, Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlitter

Re: Multiple quota rules from LDAP userdb?

Steffen Kaiser <skdove...@smail.inf.fh-brs.de> (Fr 12 Feb 2016 09:59:40 CET): > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Fri, 12 Feb 2016, Heiko Schlittermann wrote: > > >But, if I'd like to have another quota rule for a submailbox of that > >user?

Segmentation fault on doveadm search -A with a huge user base

behaviour and fixed already, or do I need to do more investigation? (PS: Running the same command on one of the backends works w/o failure) Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet &

Re: Segmentation fault on doveadm search -A with a huge user base

Andrey Fesenko (Sa 13 Feb 2016 00:01:01 CET): … Thank you for your fast response… doveadm user \* works on the director, gives us 4711 users. The LDAP limits are 'unlimited'. > For dovecot with LDAP we make this > After fix dovecot-ldap.conf > > user_filter = >

Re: Config file syntax in gory detail

Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9

Multiple quota rules from LDAP userdb?

quota_rule *:storage=1000:messages=50 Inventing additional LDAP attributs fooQuotaRule2, ... doesn't scale well. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - H

LMTP proxy does not pass RCPT TO: ... 5xx response back

e to the RCPT TO. But the proxy seems to ignore it… Any suggestion? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +

simple bind + X.509 client certificate?

uggestions? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome

[SOLVED] simple bind + X.509 client certificate?

Heiko Schlittermann <h...@schlittermann.de> (Fr 05 Feb 2016 17:13:12 CET): > Hi, > > using dovecot 2.2.9. The LDAP server requests a client certificate from > dovecot. This client certificate will not be used for authentication, > but anyway, the server requests it

Re: how do I get the version of the pigeonhole-sieve plugin

Heiko Schlittermann <h...@schlittermann.de> (Fr 22 Jan 2016 12:53:00 CET): > Hello, > > as may parts of the dovecot configuration docs refer to sieve and it's > specific versions, like > > NOTE: Pigeonhole versions before v0.3.1 do not support the lo > >

how do I get the version of the pigeonhole-sieve plugin

isn't telling me anything here, because it's bound to the dovecot version number. What do I miss here? Thank you. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - H

Re: fail: doveadm backup -s "" with a huuge number of mailboxes

kB. The complete amount of command line data is near 2 MB. Conclusion: doveadm sync should be able to read a state *file*. IMHO Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Hei

Re: How to Restore emails

to cur/ (not sure, if new/ would be fine to, because new/ is the natural place after tmp/. I'm not sure, what this does to the message state the client sees.) Best regards from Dresden/Germany Viele Grüße aus Dresden

fail: doveadm backup -s "" with a huuge number of mailboxes

Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE -

Re: TLS communication director -> backend with X.509 cert checks?

Hi Timo Heiko Schlittermann <h...@schlittermann.de> (Mi 14 Okt 2015 01:10:20 CEST): … > Ah, the information comes from the other director running. The other one > is using an unpatched version of dovecot. Your patch for backend-certificate verification works. Thank you for the good a

Re: TLS communication director -> backend with X.509 cert checks?

; hostname we used to obtain the adress(es)? > > Does the attached patch work? Compiles, but untested. I'm about to test it. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -------- internet & unix

Re: TLS communication director -> backend with X.509 cert checks?

ally in the same trusted network with backends.. > Ooo. What if director_mail_servers = backends. and the DNS entry for backends. gets updated? Does the director catch up the change automatically w/o restart? Best regards from Dresden/Germany Viele Grüße aus Dres

Dualstack IPv4/IPv6 setup with directors

Heiko Schlittermann -- SCHLITTERMANN.de internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked sin

Re: TLS communication director -> backend with X.509 cert checks?

n as we reach out for "official" certs. And because it puts more details about the infrastructure into the configuration than would be necessary. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet & un

Re: Dualstack IPv4/IPv6 setup with directors

Timo Sirainen (Di 13 Okt 2015 21:42:41 CEST): … > > Oct 13 21:23:29 director1 dovecot: director: Error: > > director(149.x.y.97:9090/out): connect() failed: Connection refused > > Oct 13 21:23:29 director1 dovecot: director: Warning: net_connect_ip(): > > ip->family !=

Re: dovecot as proxy and verification of the backends certificate

ode this gets fixed more or less automatically. Note sure if > that'll happen for v2.3 or not. Thank you. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---- internet & unix support - Heiko Schlitte

Re: Dovecot auth-ldap ignores tls_* settings when using ldaps://

s, thinking about mixed schema in the URIs whould have been my next question :) Ok, I can test what happens if we set tls_options w/o using LDAP+TLS or LDAPS at all. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de

TLS communication director -> backend with X.509 cert checks?

syntax for the openssl.conf is welcome). Or is there any chance that this is fixed already or will be fixed in the near future or even better, that it's my fault? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet

Re: TLS communication director -> backend with X.509 cert checks?

Timo Sirainen (Di 13 Okt 2015 23:49:20 CEST): … > > Proxying in general does check that hostname matches the SSL certificate, > because both the hostname and IP address are sent to login process. So it > should work in a way that host= and hostip= is sent. I thought > my patch

Re: TLS communication director -> backend with X.509 cert checks?

Hi Timo, Heiko Schlittermann <h...@schlittermann.de> (Di 13 Okt 2015 22:33:23 CEST): > > Does the attached patch work? Compiles, but untested. > I'm about to test it. It seems to update the struct mail_host, but it looks as if the data in mail_host do not propagate down to

Re: TLS communication director -> backend with X.509 cert checks?

Heiko Schlittermann <h...@schlittermann.de> (Mi 14 Okt 2015 00:10:50 CEST): > Timo Sirainen <t...@iki.fi> (Di 13 Okt 2015 23:49:20 CEST): > … > > > > Proxying in general does check that hostname matches the SSL certificate, > > because both the hostname and

Re: TLS communication director -> backend with X.509 cert checks?

Heiko Schlittermann <h...@schlittermann.de> (Mi 14 Okt 2015 00:46:11 CEST): … > > And if I add -D to the director service, I can see "Debug: request > refreshed timeout to …", > but never I see "Debug: request added". And from what I > understand th

dovecot as proxy and verification of the backends certificate

Hello, I'm using a dovecot as proxy, connecting to one or more backends. The backends use X.509 certificates. The proxy's passdb returns extra fields: user=foo proxy host=backend1. ssl=yes nopassword=y Thus the proxy connects to the backend but can't verify the backends

Dovecot auth-ldap ignores tls_* settings when using ldaps://

et.tls || strncmp(conn->set.uris, "ldaps:", 6) == 0)) return; #ifdef OPENLDAP_TLS_OPTIONS It would be great, if somebody can confirm this and if this or some equivalent patch could make it upstream. Best regards from Dresden/Germany Viele Grüße aus Dresden

Re: [Dovecot] MS Exchange IMAP Proxy

Terry Carmen te...@cnysupport.com (Mi 30 Nov 2011 21:36:46 CET): useful in protecting Exchange (from this, http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I barking up the wrong tree? If Dovecot isn't helpful for this, can anybody point me to a better resource? Some time

Re: [Dovecot] Marathon Day 6 of First Install: MySQL Connection Problem

Jack Fredrikson jackfredrik...@yahoo.com (Mon Oct 24 21:00:54 2011): Hi; This is my 6th day installing my first Postfix/Dovecot installation. The Postfix mailing list indicates I've got the MTA under control so now I'm seeking your help with the MDA. I get these errors with legitimate email

Re: [Dovecot] On-delivery deduplication?

Xin LI delp...@delphij.net (Wed Jun 8 22:04:51 2011): (…) A feature of Cyrus-IMAPd I really missed after migrated to Dovecot is their optional duplicate suppression, which eliminates duplicate message at deliver time, if their envelope sender, recipient and message-id matches. Not sure,

Re: [Dovecot] On-delivery deduplication?

Hello Tom, Tom Hendrikx t...@whyscream.net (Wed Jun 8 23:17:29 2011): (…) OTOH, if you need such feature, it shouln't be too challenging to write a MDA replacement, that decides about duplicity and finally passes the remaining messages to the Dovecot MDA. This happens because the

Re: [Dovecot] Proxy IMAP/POP/ManageSieve/SMTP in a large cluster enviroment

Hello, just my comment on you topic: if I'd design such setup, I'd expect, that sooner or later some additional flexibility is needed, that there will be same tasks you never thought about in advance. I'm not sure, if in such case I'd rely on Postfix. Postfix might be fast, but it is by no means

Re: [Dovecot] Proxy IMAP/POP/ManageSieve/SMTP in a large cluster enviroment

BTW, and I'm not sure, if you still need amavis, as direct scanning (using clamav or some other scanner) will be faster. Same is for Spamassassin, as long as you use it as filter and not just as some evaluator. -- Heiko signature.asc Description: Digital signature

Re: [Dovecot] IMAP super user

. Probably you're looking for things related to auth_master or master. passdb passwd-file { master = yes args = /etc/vmail/master-users } Or search the Wiki for AuthDatabase.PasswdFile Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann

Re: [Dovecot] TLS Issue

a wildcard cert? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID

Re: [Dovecot] listescape und sieve

Timo Sirainen t...@iki.fi (Mi 26 Mai 2010 18:53:56 CEST): On Fri, 2010-04-30 at 23:49 +0200, Heiko Schlittermann wrote: plugin { escape_char = % } should change the escape character to %. But it doesnt. Bug or feature? listescape_char, not escape_char. Hm. Assuming

Re: [Dovecot] looking for IMAP testing tool

Phil Howard ttip...@gmail.com (Di 18 Mai 2010 16:04:14 CEST): I'm looking for an IMAP testing tool, suitable to use with Dovecot IMAP. It needs to support TLS, STARTTLS, and login/authentication. It needs to be able run from command line, shell scripts, and even do so under cron jobs (e.g. a

[Dovecot] listescape und sieve

Heiko Schlittermann -- SCHLITTERMANN.de internet unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B --- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92

Re: [Dovecot] Question about auth multiple configuration

Schlittermann -- SCHLITTERMANN.de internet unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B --- gnupg fingerprint: 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B

[Dovecot] somebody using Net::Sieve (Perl) with dovecot 1.2.11?

? Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de internet unix support - Heiko Schlittermann HS12-RIPE - gnupg encrypted messages are welcome - key ID: 48D0359B

  1   2   >