Hi!
We are indeed listening. And Dovecot actually can check the name on the
certificate, if you ask it to do so.
https://doc.dovecot.org/settings/core/#core_setting-auth_ssl_username_from_cert
Aki
> On 16/05/2023 14:58 EEST Sean Gallagher wrote:
>
>
> It gets worse! If you request a client
It gets worse! If you request a client certificate, Dovecot will not
check the name on the certificate, only that it is signed by a known CA.
I raised this issue on this list some time ago and got no response. I'm
not sure anyone is listening.
On 16/05/2023 7:54 pm, Serg via dovecot wrote:
I w
> On 03/01/2022 17:15 dc...@dvl.werbittewas.de wrote:
>
>
> Am 03.01.22 um 15:47 schrieb Michael Peddemors:
>
> > Using your email system IS the reason, simply make sure that you inform
>
> no, it's not.
>
> and:
>
> > (SLA, Terms and Conditions etc) and it has a valid use, eg for security
Am 03.01.22 um 15:47 schrieb Michael Peddemors:
> Using your email system IS the reason, simply make sure that you inform
no, it's not.
and:
> (SLA, Terms and Conditions etc) and it has a valid use, eg for security
> purposes.
for security_reasons it's completly ok, to store this informatio
On 2022-01-01 11:04 a.m., dc...@dvl.werbittewas.de wrote:
because the client-ip is covered by GDPR as personal data and so it
should never shown to others without a certain reason, we want to hide
it, but there's no "submission_add_received_header"-option like for lmtp
and it doesn't seem to be a
nal Message-
> Sent: 17 March 2021 14:09
> Cc: dovecot@dovecot.org
> Subject: Re: feature request: maintain folder structure with expunged
> email
>
> On 17. Mar 2021, at 13.39, Marc mailto:Marc@f1-
> outsourcing.eu> > wrote:
>
>
>
> Feature reque
>
> diff --git a/src/lib-storage/index/dbox-multi/mdbox-save.c b/src/lib-
> storage/index/dbox-multi/mdbox-save.c
> index ff6e4f77b0..b522951b1d 100644
> --- a/src/lib-storage/index/dbox-multi/mdbox-save.c
> +++ b/src/lib-storage/index/dbox-multi/mdbox-save.c
> @@ -440,7 +440,7 @@ int mdbox_copy(s
>
> mdbox is intended to be high performance mail storage, and this would
> make copying significantly slower.
1. But copying does not happen that often.
2. You already have this copy between namespaces (with different storage)
3. If this really is an issue you could also use a command to schedul
On 17. Mar 2021, at 13.39, Marc wrote:
>
> The reason for copying an email to a different folder is that it is
> important. You do not want to loose it, and you want to be able to find it
> there.
> It is wrong to assume that a user will notice that these emails are missing
> and should look f
On 17. Mar 2021, at 13.39, Marc wrote:
>
> Feature request: maintain folder/mailbox structure with expunging.
You could use lazy_expunge with a namespace. Although it's marked as
deprecated, so that might go away at some point. There have been some thoughts
about the ability to remember the or
* Rogier Wolff:
> a few days ago my [Let's Encrypt] certificate expired and the
> fetchmail deamon running in the background had nowhere to
> complain.
> [...]
> Feature request: check the expiry date on the SSL certificate as it
> is being loaded and check for a new certificate if it HAS expired.
> Le 10 oct. 2020 à 11:38, @lbutlr a écrit :
>
> On 09 Oct 2020, at 02:16, Rogier Wolff wrote:
>> It turns out that dovecot had been running uninterrupted since august
>> 13th, the certificate was renewed on september 7th and I suspect it
>> expired on october 7th.
>
> The ACME protocol that
On 09 Oct 2020, at 02:16, Rogier Wolff wrote:
> It turns out that dovecot had been running uninterrupted since august
> 13th, the certificate was renewed on september 7th and I suspect it
> expired on october 7th.
The ACME protocol that LE uses has a specific feature for specifying a script
to r
On Fri, 9 Oct 2020, David Morsberger wrote:
Both the renew hook and post hook are good candidates for our reload
script. Each has a downside however. The post hook will be run after
every renewal attempt, regardless of if anything was actually renewed
or not. This will result in the services
On Fri, Oct 09, 2020 at 07:55:53AM -0400, David Morsberger wrote:
> To configure a renew hook, add the following to the configuration file:
>
> renew-hook = /root/bin/certbot-renew
> Next, create the renew hook script at /root/bin/certbot-renew with the
> following contents:
>
> #!/bin/sh
> sys
so if you have a new certificate it is valid vor 89.something days, you
could do a:
openssl x509 -in file.crt -checkend 7689600 -noout > /dev/null &&
/usr/bin/systemctl reload dovecot
Automatic renewal
The Ubuntu package for certbot comes pre-configured with systemd timer that
will automatically renew existing certificates. What it does not handle however
is reloading postfix/dovecot so that they will begin using the new
certificates. For that, we need to implement a hook.
On 09/10/2020 14:02, Gerald Galster wrote:
I have to say I'm totally baffled since I do nothing when LetsEncrypt renews
the certificate.
I know the cert has been updated because the mail clients asks me if I trust
the certificate.
If it makes a difference I use the bash LetsEncrypt not the Py
> I have to say I'm totally baffled since I do nothing when LetsEncrypt renews
> the certificate.
>
> I know the cert has been updated because the mail clients asks me if I trust
> the certificate.
>
> If it makes a difference I use the bash LetsEncrypt not the Python code.
I don't like al
esh-official/acme.shFrom: r...@mrstuudio.eeSent: October 9, 2020 2:57 AMTo: dovecot@dovecot.orgSubject:
On 09/10/2020 12:52, lists wrote:
I have to say I'm totally baffled since I do nothing when LetsEncrypt renews
the certificate.
I know the cert has been updated because the mail clients asks me if I trust
the certificate.
Curious. The mail clients really shouldn't ask anything when
encounte
ginal Message
From: r...@mrstuudio.ee
Sent: October 9, 2020 1:55 AM
To: dovecot@dovecot.org
Subject: Re: Feature request.
On 09/10/2020 11:50, Plutocrat wrote:
> On 09/10/2020 4:16 pm, Rogier Wolff wrote:
>> It turns out that dovecot had been running uninterrupted since august
>> 1
On Fri, Oct 09, 2020 at 11:21:09AM +0300, Aki Tuomi wrote:
>
> > On 09/10/2020 11:16 Rogier Wolff wrote:
> > So Feature request: check the expiry date on the SSL certificate
> > as it is being loaded and check for a new certificate if it HAS
> > expired.
> That is indeed old version, but no,
On 09/10/2020 11:50, Plutocrat wrote:
On 09/10/2020 4:16 pm, Rogier Wolff wrote:
It turns out that dovecot had been running uninterrupted since august
13th, the certificate was renewed on september 7th and I suspect it
expired on october 7th.
I guess you could do a few things yourself to make s
On 09/10/2020 4:16 pm, Rogier Wolff wrote:
> It turns out that dovecot had been running uninterrupted since august
> 13th, the certificate was renewed on september 7th and I suspect it
> expired on october 7th.
I guess you could do a few things yourself to make sure the cert is valid.
Thinking ou
Does a dovecot reload not do that? For a webserver I just set a flag and
a cron job. Whenever I put a new cert, the webserver reloads.
-Original Message-
To: Rogier Wolff; dovecot@dovecot.org
Subject: Re: Feature request.
> On 09/10/2020 11:16 Rogier Wolff wrote:
>
&g
> On 09/10/2020 11:16 Rogier Wolff wrote:
>
>
> Hi,
>
> I get my Email from my own SMTP server on the internet using
> "fetchmail". Some time ago I did the smart thing and configured
> dovecot to use SSL and the letsencrypt certificate that automatically
> renews.
>
> Wel. a few da
On 12.02.20 17:32, Aki Tuomi wrote:
> You can use base_dir to specify an instance directory where files are stored
> under.
that works well, thanks!
Björn
> On 12/02/2020 17:43 Bjoern Jacke wrote:
>
>
> Hi,
>
> because of an unsupported combination of configuration parameters for
> different dovecot services I looked into setting up two dovecot
> instances with different configurations on the same host. It looks like
> running two different do
On 4/5/2019 21:02, Aki Tuomi via dovecot wrote:
On 4 May 2019 20:55 Lefteris Tsintjelis via dovecot wrote:
Would be really really REALLY nice to have dovecot interact directly
with blacklistd! Makes a huge difference on busy systems and beats log
parsing by far.
Thank you
Dovecot suppo
> On 4 May 2019 20:55 Lefteris Tsintjelis via dovecot
> wrote:
>
>
> Would be really really REALLY nice to have dovecot interact directly
> with blacklistd! Makes a huge difference on busy systems and beats log
> parsing by far.
>
> Thank you
Dovecot supports JSON based weakforce protoco
Am 30.04.19 um 03:56 schrieb Zhang Huangbin via dovecot:
> Dear all,
>
> We use `allow_nets`[1] to restrict login clients, it works fine.
> Recently we need to allow some users to login from everywhere except some
> IP/networks, how can we accomplish this with "allow_nets"?
>
> Tried allow_net
> On Apr 30, 2019, at 10:37 PM, andre via dovecot wrote:
>
> You can easily do this without a new feature in Dovecot.
>
> - Create a post login script, for instance, in bash.
> - install grepcidr on your server.
>
> Your post login script can use grepcidr to check for white or black list.
>
> On Apr 30, 2019, at 2:35 PM, Sami Ketola via dovecot
> wrote:
>
> Just create another passdb for these premium users before the actual passdb
> and add skip = authenticated to the actual passdb.
Dear Sami,
Thank you for the suggestion.
Adding more passdb is not ideal at all, if we have
> On Apr 30, 2019, at 2:32 PM, Malcolm via dovecot wrote:
>
> On 4/29/2019 11:20 PM, Zhang Huangbin via dovecot wrote:
>> I understand what "allow" means. But it will be very handy to support
>> something like "!a.b.c.d" to allow all but just exclude few
>> IPs/networks. Isn't it? :)
> I'm no
Sorry for the top posting, I have not setup my new phone yet.
Here the script sample:
https://github.com/progmaticltd/homebox/blob/dev/install/playbooks/roles/dovecot/files/access-check-whitelist.sh
André.
Tue Apr 30 15:33:51 GMT+01:00 2019 andre :
>
> Hello, Zhang.
>
> You can easily do thi
Hello, Zhang.
You can easily do this without a new feature in Dovecot.
- Create a post login script, for instance, in bash.
- install grepcidr on your server.
Your post login script can use grepcidr to check for white or black list.
https://wiki.dovecot.org/PostLoginScripting
I have impleme
On 30 Apr 2019, at 00:20, Zhang Huangbin via dovecot
wrote:
> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot wrote:
>>
>> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot
>> wrote:
>>> Recently we need to allow some users to login from everywhere except some
>>> IP/networks,
>>
>> Ca
> On 30 Apr 2019, at 4.56, Zhang Huangbin via dovecot
> wrote:
>
> Dear all,
>
> We use `allow_nets`[1] to restrict login clients, it works fine.
> Recently we need to allow some users to login from everywhere except some
> IP/networks, how can we accomplish this with "allow_nets"?
>
> Tri
On 4/29/2019 11:20 PM, Zhang Huangbin via dovecot wrote:
I understand what "allow" means. But it will be very handy to
support something like "!a.b.c.d" to allow all but just exclude few
IPs/networks. Isn't it? :)
I'm not sure why:
iptables -A INPUT -p tcp --match multiport --syn ! -s a.b.c.d/
> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot wrote:
>
> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot
> wrote:
>> Recently we need to allow some users to login from everywhere except some
>> IP/networks,
>
> Can you use firewall rules for this?
I suppose not. We don't restric
On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot
wrote:
> Recently we need to allow some users to login from everywhere except some
> IP/networks,
Can you use firewall rules for this?
> how can we accomplish this with "allow_nets"?
Allow_nets specifies allowed networks. Doesn't say anythi
Hi John,
Op 04/01/2019 om 16:25 schreef John Fawcett:
Hi
would it be possible to consider a new parameter for replication:
doveadm_local_ip which allows the source ip address to be set when
connection to a remote dovecot for replication?
It could be useful when the network interface has multip
Op 07/01/2019 om 20:31 schreef Stephan Bosch:
Op 16/12/2018 om 10:06 schreef Tributh via dovecot:
Am 16.12.18 um 09:42 schrieb Aki Tuomi:
On 16 December 2018 at 10:27 Tributh via dovecot
wrote:
Hi,
is that here the right place to make feature requests?
dovecot supports as authenticati
Hi,
Op 13/01/2019 om 17:48 schreef Tributh via dovecot:
Hi,
sorry for my late reply. Was too busy during the week.
Thank you for your patches. I hope I will be able with them to get now
some client support for SCRAM-SHA-256. Will report how I succeed in the
future.
I managed to test it success
Hi,
sorry for my late reply. Was too busy during the week.
Thank you for your patches. I hope I will be able with them to get now
some client support for SCRAM-SHA-256. Will report how I succeed in the
future.
Regards,
Torsten
On 07.01.19 20:31, Stephan Bosch wrote:
>
> Op 16/12/2018 om 10:06
Op 16/12/2018 om 10:06 schreef Tributh via dovecot:
Am 16.12.18 um 09:42 schrieb Aki Tuomi:
On 16 December 2018 at 10:27 Tributh via dovecot wrote:
Hi,
is that here the right place to make feature requests?
dovecot supports as authentication mechanism
SCRAM-SHA-1 from RFC 5802
which was u
> On 16 December 2018 at 11:06 Tributh wrote:
>
>
>
>
> Am 16.12.18 um 09:42 schrieb Aki Tuomi:
> >
> >> On 16 December 2018 at 10:27 Tributh via dovecot
> >> wrote:
> >>
> >>
> >> Hi,
> >> is that here the right place to make feature requests?
> >>
> >> dovecot supports as authentication
Am 16.12.18 um 09:42 schrieb Aki Tuomi:
>
>> On 16 December 2018 at 10:27 Tributh via dovecot wrote:
>>
>>
>> Hi,
>> is that here the right place to make feature requests?
>>
>> dovecot supports as authentication mechanism
>> SCRAM-SHA-1 from RFC 5802
>> which was updated to
>> SCRAM-SHA-256 i
> On 16 December 2018 at 10:27 Tributh via dovecot wrote:
>
>
> Hi,
> is that here the right place to make feature requests?
>
> dovecot supports as authentication mechanism
> SCRAM-SHA-1 from RFC 5802
> which was updated to
> SCRAM-SHA-256 in RFC 7677
>
> Can SCRAM-SHA-256 be added to the a
Shrinking director_user_expire might be a workaround but not as good as a
solution, as also the user can end up mapped to the same server again.
Director flush is both manual and aggressive, so not a good solution too.
The possibility to move users between backends without killing existing
connect
On 20 Apr 2017, at 17.35, Webert de Souza Lima wrote:
>
> Hi,
>
> often I run into the situation where a dovecot server goes down for
> maintenance, and all users get concentrated in the remaining dovecot server
> (considering I have 2 dovecot servers only).
>
> When that dovecot server comes b
On 05 Jul 2016, at 00:39, Doug Hardie wrote:
>
> I would like to request an additional optional argument for queue-id to
> dovecot-lda. The intended use for this argument is to include in the
> logging. From what I can tell, the queue-id size is not consistent between
> the various MTAs and
Haravikk:
So I have a script for handling my specific archive and expunge
needs, but it’d be nice to be able to track how many messages are
being affected.
Currently I’m doing it by firing the same search queries into
doveadm search and counting the lines of the result with wc -l, but
54 matches
Mail list logo