Is it possible to, and (if yes) has anyone had experience with setting up an
extra listener that requires client certs.
The problem I've got is I still need to support Outlook clients. Fortunately
these are located in fixed locations on desktop computers.
Meanwhile, I would like to harden the
are not needed to buy pro
licenses.
Aki
> On 27/06/2024 11:03 EEST Laura Smith via dovecot wrote:
>
>
> Perhaps try reading my last post Scott.
>
> Perhaps especially the bit where I said OX were offered money but they were
> not interested without megabucks being spent.
&g
Perhaps try reading my last post Scott.
Perhaps especially the bit where I said OX were offered money but they were not
interested without megabucks being spent.
As others have said, take your cheap, unsubstatiated, attacks elsewhere chum.
On Wednesday, 26 June 2024 at 21:24, Scott Q. via d
> Why do you care about the repo then ? Use the patch locally,
> publish it, etc. You care about OpenSSL 3.0 compatibility right ? What
> do you care if it's in the public tree or not.
Because Aki has been shouting from the rooftops here that "beware, its not that
easy, Dovecot crashes with Open
I do maintain a few open source projects
> and am accustomed to people's expectations to get commercial grade
> software...for free.
>
> Cheers
>
> On Wednesday, 26/06/2024 at 08:34 Laura Smith via dovecot wrote:
>
> > You are conflating OS with packages. I don'
ithout premium access. Since that's
> what the OS has committed to, unless they pull a redhat and deprecate an OS
> before initial EOL date.
>
> Sent from Outlook for iOS
>
> From: Laura Smith
> Sent: Wednesday, June 26, 2024 2:06:44 PM
> To: Lucas Rolff
> Cc: Aki Tu
ke other operating
> systems, should probably be brought up with the Debian release and security
> teams.
>
> Sent from Outlook for iOShttps://aka.ms/o0ukef
>
> ____
> From: Laura Smith via dovecot dovecot@dovecot.org
>
> Sent: Wednesday, Ju
ught up with the Debian release and security
> teams.
>
> Sent from Outlook for iOS
>
> From: Laura Smith via dovecot
> Sent: Wednesday, June 26, 2024 1:31:48 PM
> To: Aki Tuomi
> Cc: Laura Smith via dovecot ; Michael
> Subject: Re: Debian Bookworm packages, please !
>
The fundamental problem here is that this turns into a security problem, which
in 2024 is not a nice thing to have.
Yes, theoretically I could run the previous Debian release, 11 Bullseye which
is now EOL but in LTS until 2026.
However, the OpenSSL delivered with Bullseye is 1.1.1. Any LTS pat
> > could you please elaborate on this? are there any security issues with
> > using the debian version? what are the problems you are implicating with
> > your above statement, that it's 'not fully working either'?
> >
> > greetings...
>
>
> It can sometimes crash.
>
> Aki
Does Dovecot eve
>
> We can already see that the Debian/RedHat patched 2.3 which is offered is
> broken because there is more than just "making it compile" with things like
> OpenSSL3, and yes, I can appreciate that it's not fully broken, but it's not
> fully working either.
Yeah, that's sort of what's hold
On Tuesday, 25 June 2024 at 15:06, Aki Tuomi via dovecot
wrote:
> > On 25/06/2024 16:58 EEST Laura Smith via dovecot dovecot@dovecot.org wrote:
> >
> > Debian Bookworm (12) was released June 2023.
> >
> > It is therefore somewhat disappointing to see no B
Debian Bookworm (12) was released June 2023.
It is therefore somewhat disappointing to see no Bookworm packages in
https://repo.dovecot.org/ce-2.3-latest/debian/
___
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le.
> Are you completely removing support for 'replication-with-dsync' starting
> from version 2.4?
> Are there any plans for built-in tools to implement an active/active or
> active/passive cluster in the community edition?
kv
See the long discussion "the future of SIS"
(https://dovecot.org/m
--- Original Message ---
On Tuesday, October 17th, 2023 at 15:27, Filip Hanes via dovecot
wrote:
> Other S3 implementation is Minio on top of any posix filesystem - you can
> choose which fills your needs.
Minio is great in general, the only thing I would say it its a little bit wei
--- Original Message ---
On Tuesday, October 17th, 2023 at 06:46, Jean-Daniel Dupas
wrote:
>
> If you are using Ubuntu, OpenZFS is readily available, and support
> deduplication natively.
I thought nobody sane actually used ZFS dedup because it eats RAM for
breakfast, lunch and d
> Is s3 not to slow for this?
>
I think the clue is in the name "s3-compatible".
Clearly calling out to "real" (AWS) S3 would be a non-starter.
But a local installation of something like CEPH, MinIO or whatever on the same
LAN ? I'd think that should be workable, no ?
___
>
> Interesting, nice they use this rust, I am curious how they define this
> scaling. What I don't get is why are they messing with smtp. I always get a
> bad feeling when a company is trying to do everything.
Good they are using rust and even better they've had an independent security
audi
> > Well, so Laura is absolutely right ...
>
>
> "Things like dsync will be GONE in the community version."
>
> That's not right, dsync is still there. Replicator is not, so dsync can't be
> triggered automatically by dovecot after changes to the mailbox
Well, to be fair :
1. I said what I
>
> If that is the case, well then I have to find another way to keep mails in
> sync between 2 mailservers. Hope the community will find a new solution!
>
I have been keeping one eye on Stalwart (https://stalw.art/) for a while now.
I haven't tested it as yet, but I'm very much tempted to g
spread FUD that you made up.
>
> Dsync is not going anywhere, and we are not close-sourcing Dovecot Core.
> There is not a trove of code going into Dovecot 3.0 that "never sees the
> daylight".
>
> Thank you,
> Aki
>
> > On 13/10/2023 21:10 EEST Laura Sm
TL;DR If you are a Dovecot Community user, don't waste your time reading the
Dovecot Pro release notes.
To expand:
I think you have to understand that lots of things that are going into Dovecot
3 (Pro) will never see the light of day in the community edition.
In addition, Dovecot have publicly
Hi
I've tried searching the internet, but the only thing I can find is a post on a
MIcrosoft forum where a Microsoft reps claims flags are not supported on IMAP
(I thought it was an RFC3501 feature ?).
Anyway, I have a user who has Outlook/Windows on desktop and iOS (iPhone/iPad)
for remote.
Is there some secret config sauce I'm unaware of to get IMAP push notifications
working with Outlook ?
My present situation is that non-Outlook users (e.g. Apple iOS, Apple Mail
etc.) work perfectly with the config below. New emails get pushed, deletes get
reflected, all is happy in the world.
--- Original Message ---
On Monday, January 31st, 2022 at 06:24, Aki Tuomi
wrote:
> Markus
Hi Laura, did you try this? Did it work?
Aki
Hi Aki
Sorry, your mail got caught in spam.
Tried it, it didn't work. So I just ended up using "-o imapc_ssl_verify=no".
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Thursday, January 27th, 2022 at 16:12, Sami Ketola wrote:
> > On 27. Jan 2022, at 16.27, Laura Smith n5d9xq3ti233xiyif...@protonmail.ch
> > wrote:
> >
> > Hi,
> >
> > As per the
Hi,
As per the docs (https://wiki.dovecot.org/Tools/Doveadm/Sync) I'm presently
running doveadm backup multiple times with a view to eventual server migration.
I am seeing messages such as this:
Warning: Deleting mailbox 'Junk': UID=1826 GUID= is missing locally
Is it anything to worry about ?
‐‐‐ Original Message ‐‐‐
>
> I thought that
>
> ssl_ca =
> is worth a try.
Does ssl_ca even apply to dsync/imapc ?
Looking at the docs its all about client certificate authentication ? Something
which does not apply to my environment, and even if it did, it would not apply
to dsync/
For the benefit of list, I've decided to work-around the problem using:
imapc_ssl_verify = no
Obviously I still welcome suggestions as to how I can get dsync working with
Let's Encrypt certificates and when OpenSSL validates "ok" but Dovecot does not
(despite Dovecot supposedly falling-back to
> just an idea, but maybe that's the problem?:
>
> https://doc.dovecot.org/configuration_manual/authentication/proxies/
>
> "Note
>
> ssl_client_ca_dir or ssl_client_ca_file aren’t currently used for verifying
> the
>
> remote certificate, although ideally they will be in a future Dovecot
> ver
= /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
> ssl_verify_client_cert = yes
>
> On how to update, it depends on your OS, and the following works with me
>
> yum install ca-certificatesupdate-ca-trust
>
> Refer to
> https://doc.dovecot.org/configuration_
I'm having a frustrating problem trying to use "doveadm sync" to pull mails off
a server for migration purposes.
# 2.3.17.1 (476cd46418): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.17.1 (a1a0b892)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2
I have tried both explicit "ssl_client_ca_di
‐‐‐ Original Message ‐‐‐
On Tuesday, August 24th, 2021 at 11:46 PM, William Edwards
wrote:
> I think the general concensus is that containerisation isn't always
>
> better than 'normal' VMs. 'Easy deployment & scaling' is also perfectly
>
> possible without containers.
>
Amen to that
> It seems to use -L/Library/MWSrvrSrvcs/openssl/lib, does this contain some
> broken libssl?
Additional comment
"/Library/MWSrvrSrvcs" looks like its some sort of third-party installation of
OpenSSL, "/Library/MWSrvrSrvcs" is not present on any of my OS X boxes.
FYI Aki
As of OS X 10.7 Apple anounced they would be phasing out OpenSSL in favour of
Common Crypto (announced at their Developer Conference in 2011).
The "Why?" is because OpenSSL do not offer API compatibility between versions
which impeded upon Apple's ability to provide security updates wit
Also FYI further supporting detail:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861695
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877012
On Thursday, August 5th, 2021 at 4:06 PM, Lucas Castro
wrote:
> On 8/5/21 8:42 AM, Laura Smith wrote:
>
> > Re:
> > https://doc.dovecot.org/installation_guide/dovecot_community_repositories/debian_packages/
> >
> > The instructions need updating for two reason
Re:
https://doc.dovecot.org/installation_guide/dovecot_community_repositories/debian_packages/
The instructions need updating for two reasons:
1) Keep up to date with Debian releases
(https://wiki.debian.org/DebianReleases), i.e. remove reference to 8.0 "Jessie"
and replace with 10.0 "Buster".
> Perhaps there are dovecot (and postfix submission) options to at least
> restrict access by IP?
Restricting by IP is soon going to become very tedious, especially if you are
dealing with more than a small number of users, and especially once post-COVID
travel comes back and people start con
> Client certs appears to be a good solution.
>
> What's the process for managing them with more than a hundred client accounts?
If you've got the budget ... MDM.
If you don't, you can probably hack together some sort of self-service system.
>
> I believe the problem they are trying to solve is
> Are there multi-factor options available?
Mandating good old-fashioned client-certificates is most likely your best bet
in terms of delivering the best user-experience.
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Sunday, 31 May 2020 09:35, @lbutlr wrote:
>
> A couple of notes on this quite useful script:
>
> My mktemp does not support -p (FreeBSD 12.1) is I had to change the script to:
>
In my scripts I tend to create a tempdir
On Wednesday, 27 May 2020 11:31, Aki Tuomi wrote:
> > On 27/05/2020 13:28 Laura Smith n5d9xq3ti233xiyif...@protonmail.ch wrote:
> > Hi,
> > What determines the umask of sieve_pipe_bin_dir scripts ?
> > The results from my script are always being set to 0600.
> >
Hi,
What determines the umask of sieve_pipe_bin_dir scripts ?
The results from my script are always being set to 0600.
My script is simple and shown below, even if I adjust the right line to add "
&& chmod 644", the actual resulting file still remains at 0600 ?!?
#!/bin/bash
# Usage: imapsieve_c
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Tuesday, 26 May 2020 05:31, Germain Le Chapelain
wrote:
> > Le 24 mai 2020 à 14:42, Laura Smith n5d9xq3ti233xiyif...@protonmail.ch a
> > écrit :
> > Hi,
> > What are people doing for backups ?
&
Hi,
What are people doing for backups ?
My current process is LVM snapshot and backup from that to NFS share.
But there seems to be hints around the internet that people use/abuse "doveadm
backup" for backup purposes even though it seems its original intention was for
transferring mailboxes betw
FYI, found the solution.
It seems doveadm can't cope with brackets in mailbox names.
I moved the user's mails into non-braketed, deleted the bracketed and doveadm
backup worked fine after that.
‐‐‐ Original Message ‐‐‐
On Sunday, 24 May 2020 14:32, Laura Smith
wrote:
Hi All,
So close and yet so far. ;-(
Have been migrating users from an old Dovecot server to a new one.
All of the users have doveadm backup'd perfectly, except for one !
What does the below mean ?
$ sudo doveadm -v -o imapc_user=j...@example.org.tld -o
imapc_password=secretSquirrel -o imapc_h
Hi,
Long story short I've got a fully functional Dovecot IMAP instance and I am now
looking to upgrade some perimiter authenticated SMTP relays to authenticate
against the Dovecot instance.
Trouble is that I am seeing errors such as "auth: Warning: sql: Ignoring
changed user_query in /etc/dove
Hi,
I'm aware its an async process, but despite sending test messages and then
waiting a few minutes, the stats are still unchanged :
$ sudo doveadm replicator status
On Sunday, 17 May 2020 11:11, James wrote:
> On 17/05/2020 10:43, Laura Smith wrote:
>
> > Because I wanted to avoid storing uid/gid/home in the database ?
>
> I use:
>
> user_query = "SELECT 'vmail' AS uid, 'vmail' AS gid, allow_nets,
>
On Sunday, 17 May 2020 10:38, Aki Tuomi wrote:
> > On 17/05/2020 12:34 Laura Smith wrote:
> >
> > Hi,
> >
> > Going by the "static userdb" example on this page
> > (https://wiki.dovecot.org/VirtualUsers#homedirs), tried to achieve a
> >
Hi,
Going by the "static userdb" example on this page
(https://wiki.dovecot.org/VirtualUsers#homedirs), tried to achieve a similar
setup in conjunction with pgsql for passdb.
However I get an error "auth: Warning: sql: Ignoring changed iterate_query in
/etc/dovecot/local_sql_users.conf, becau
Hi,
I'm trying to get dovecot working with postgres, I'm on Debian 10 and have
installed dovecot-pgsql from the Dovecot repo
(https://repo.dovecot.org/ce-2.3-latest/debian/).
I have the following in my local.conf :
passdb sql {
args = /etc/dovecot/local_sql_users.conf
}
And the following
Hi,
I'm really struggling with the following inbound filtering:
Let's say:• My email address is "my.em...@example.com"
• I've setup a filtered address "filtered.em...@example.com"
• I've setup a sending/reply address "send.em...@example.com"
I am sending a message to a small group of people wher
I am occasionally (maybe every 4 hours or less frequently) seeing the following
two errors appear in my logs.
Are they any cause for concern ?
Error: Timeout during state=sync_mails (send=done recv=mails)
I/O has stalled, no activity for 600 seconds (last sent=mail_request (EOL)
There was a post on this topic to the list Aug 06, 2018 to which Aki replied
"Thank you for reporting this, we'll take a look at this.".
But its not clear what (if anything) has happened since ? The problem still
seems to exist in 2.3.3 (original report by previous poster was for 2.3.2.1)
The s
Setup dovecot sync along the lines of (https://wiki2.dovecot.org/Replication).
I am doing one way replication.
The initial full replication happened without issue, but now I'm seeing these
errors on the slave server:
doveadm: Warning: /data/mail/foo/bar/Maildir/dovecot-uidlist: Duplicate fil
Silly question but regarding https://wiki.dovecot.org/Replication, is the
mail_replica parameter shown in the docs equivalent to replicator_host and
replicator_port in 2.3.3 ?
2.3.3 doesn't seem to like the mail_replica param (and indeed doveconf -a
doesn't show it as an option)
Thanks !
‐‐‐ Original Message ‐‐‐
On Thursday, April 11, 2019 9:01 PM, John Fawcett via dovecot
wrote:
> On 11/04/2019 10:02, Laura Smith via dovecot wrote:
>
> > ‐‐‐ Original Message ‐‐‐
> > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot
> > d
On Thursday, April 11, 2019 5:49 PM, Aki Tuomi
wrote:
> > On 11 April 2019 17:56 Laura Smith via dovecot dovecot@dovecot.org wrote:
> > On Thursday, April 11, 2019 3:07 PM, Aki Tuomi aki.tu...@open-xchange.com
> > wrote:
> >
> > > > On 11 April 2019 16:
On Thursday, April 11, 2019 3:07 PM, Aki Tuomi
wrote:
> > On 11 April 2019 16:45 Laura Smith via dovecot < dovecot@dovecot.org> wrote:
> >
> > On Thursday, April 11, 2019 2:02 PM, Aki Tuomi <
> > aki.tu...@open-xchange.com> wrote:
> >
> >
‐‐‐ Original Message ‐‐‐
On Thursday, April 11, 2019 3:07 PM, Aki Tuomi
wrote:
> > On 11 April 2019 16:45 Laura Smith via dovecot < dovecot@dovecot.org> wrote:
> >
> > On Thursday, April 11, 2019 2:02 PM, Aki Tuomi <
> > aki.tu...@open-xchange.com&g
On Thursday, April 11, 2019 2:02 PM, Aki Tuomi
wrote:
> PAM is trying to lookup user@domain while you probably only have user. PAM
> driver does not yet support username_format.
>
> Aki
But /etc/dovecot/users file isn't pam ? I don't need pam if if I'm using
/etc/dovecot/users ? Or am I u
pam(foo...@example.com,192.0.1.1,<9zMTUUCGNfHZzMpL>): unknown user (SHA1 of
given password: ff75068c2f4d700a49dae204d56477a5ffa5d23d)
The password is correct, i.e. 'echo -n 'passed' | openssl dgst -sha1' matches.
The user is setup correctly in /etc/dovecot/users (the /etc/dovecot/users was
cop
‐‐‐ Original Message ‐‐‐
On Thursday, April 11, 2019 9:05 AM, Aki Tuomi
wrote:
> > On 11 April 2019 11:02 Laura Smith via dovecot dovecot@dovecot.org wrote:
> > ‐‐‐ Original Message ‐‐‐
> > On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot
>
‐‐‐ Original Message ‐‐‐
On Thursday, April 11, 2019 12:55 AM, John Fawcett via dovecot
wrote:
> On 11/04/2019 00:51, Laura Smith via dovecot wrote:
>
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, April 10, 2019 11:48 PM, John Fawcett via dovecot
>
‐‐‐ Original Message ‐‐‐
On Wednesday, April 10, 2019 11:48 PM, John Fawcett via dovecot
wrote:
> On 11/04/2019 00:18, Laura Smith via dovecot wrote:
>
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, April 10, 2019 10:24 PM, Aki Tuomi aki.tu...@open-xcha
‐‐‐ Original Message ‐‐‐
On Wednesday, April 10, 2019 10:24 PM, Aki Tuomi
wrote:
> > On 10 April 2019 23:56 Laura Smith via dovecot < dovecot@dovecot.org> wrote:
> >
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, April 10, 2019 9:14 PM, A
‐‐‐ Original Message ‐‐‐
On Wednesday, April 10, 2019 9:14 PM, Aki Tuomi
wrote:
> > On 10 April 2019 23:13 Laura Smith via dovecot dovecot@dovecot.org wrote:
> > Sent with ProtonMail Secure Email.
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, April 10,
Sent with ProtonMail Secure Email.
‐‐‐ Original Message ‐‐‐
On Wednesday, April 10, 2019 8:20 PM, Aki Tuomi
wrote:
> > On 10 April 2019 22:13 Laura Smith via dovecot dovecot@dovecot.org wrote:
> > On Wednesday, April 10, 2019 7:57 PM, Aki Tuomi aki.tu...@open-xchange.co
On Wednesday, April 10, 2019 7:57 PM, Aki Tuomi
wrote:
> > On 10 April 2019 21:26 Laura Smith via dovecot dovecot@dovecot.org wrote:
> > ===
> > dsync(foo...@example.com): Error: imapc(foobar.example.com:993):
> > dns_lookup(foobar.example.com) failed: read(/va
‐‐‐ Original Message ‐‐‐
On Wednesday, April 10, 2019 1:08 PM, Michael Orlitzky via dovecot
wrote:
> On 4/10/19 6:39 AM, Dmitry Donskih via dovecot wrote:
>
> > `chmod -R 655 /etc/foobar/ssl' drops x attribute from`ssl' itself.
> > Use `chmod -R 755' or`chmod +x' or similar.
>
> Your p
===
dsync(foo...@example.com): Error: imapc(foobar.example.com:993):
dns_lookup(foobar.example.com) failed: read(/var/run/dovecot/dns-client)
failed: read(size=512) failed: Connection reset by peer
dsync(foo...@example.com): Error: Failed to initialize user: imapc: Login to
foobar.example.com f
On Wednesday, April 10, 2019 11:40 AM, Gerald Galster via dovecot
wrote:
> > Am 10.04.2019 um 11:59 schrieb Laura Smith via dovecot
> > :
> >
> > On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot
> > wrote:
> >
> > > On 1
On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot
wrote:
> On 10.4.2019 12.36, Laura Smith via dovecot wrote:
>
> > Dovecot 2.3.3 (dcead646b)
> > openSUSE Leap 15.0
> > I am getting a weird error message:
> > Fatal: Error in configuration file /
Dovecot 2.3.3 (dcead646b)
openSUSE Leap 15.0
I am getting a weird error message:
Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert:
Can't open file /etc/foobar/ssl/certbot.pem: Permission denied
I have tried the following:
- chmod -R 655 /etc/foobar/ssl (/etc/foobar i
On Thursday, October 11, 2018 1:29 PM, Aki Tuomi
wrote:
> > On 11 October 2018 at 15:02 Laura Smith n5d9xq3ti233xiyif...@protonmail.ch
> > wrote:
> >
> > > That's a permission error. Somewhere in your directory hierarchy things
> > > are off. See Post
> That's a permission error. Somewhere in your directory hierarchy things
> are off. See Postfix' set-permissions command.
>
But surely if Dovecot is staring as root then directory permissions are
relevant, especially if I'm then asking the config to chmod the file anway ?
To me, it seems doveco
> Do you have SELinux or the like running on the system?
>
Not as far as I'm aware. Its openSUSE LEAP 15, which does not ship with
SELinux.
On Thursday, October 11, 2018 12:07 PM, Ralph Seichter
wrote:
> On 11.10.18 11:30, Laura Smith wrote:
>
> > unix_listener /var/spool/postfix-authrelay/private/dovecot-auth {
> > group = postfix
> > mode = 0666
> > user = postfix
> > }
>
> I sugg
Hi,
I am trying to create an authenticated relay server using Postfix and Dovecot.
However I am having two problems :
(a) If I create a dovecot config entry as follows :
unix_listener /var/spool/postfix-authrelay/private/dovecot-auth {
group = postfix
mode = 0666
user = postfix
82 matches
Mail list logo