Tag Archives: dovecot

Securing TLS

A StackExchange question on using HAProxy’s capture feature to pass data from TCP mode to HTTP mode prompted me to update my SSL configuration. This was intended to get an A+ rating from SSL Labs by sending non-SNI capable clients to a server with weaker ciphers. This was to enable clients on WinXP/IE8, Java 6, and an old Android version to connect. I found a solution without having to have two sets of ciphers and handling traffic in both the TCP mode and HTTP mode. I then optimized my settings to a minimal list of cipher specifications.
Continue reading

Disabling SSLv3 to block Poodle

The new Poodle vulnerability lead me to disable SSLv3 on my Ubuntu server. I have TLS/SSL enabled on three services: apache2, exim4, and dovecot2. Each service required a different method to disable SSLv3.

Ubuntu uses configuration files split into small pieces. The method should apply to other distributions, although the configuration files may be arranged differently. Continue reading

Email Logins for Dovecot and Exim

While I was cleaning up my Ubuntu Email server configuration, I consolidated my login security.  My SMTP server is Exim and my IMAP server is Dovecot.  Mail User Agents (MUAs) use authentication over TLS encrypted connections to access IMAP and SMTP.   Both programs had their own password configuration.

Exim includes Dovecot in its supported authentication mechanisms.  This enables one authentication mechanism to be used for both SMTP and IMAP (or POP3).   This post also includes configuration details for forced authentication over the Submission port. Continue reading