DirectAdmin 1.676

[Swift-AU]

I note that after the update to Dovecot 2.4, /etc/pam.d/dovecot was missing on my system, meaning that people who were accessing POP accounts belonging to usernames (as opposed to virtual email addresses) could not authenticate. I had to recreate it myself to restore previous functionality.

 

[Ohm J]

Dovecot fail to start

/etc/dovecot/conf/ssl.conf line 7: ssl_server_prefer_ciphers: Invalid value: yes

Confirm error,

with DA conf "ssl_configuration=old"

Solved Thread 'ssl_configuration=old causing dovecot crash'

Mar 7, 2025

Hello all,

Just a quick note, if you use the DirectAdmin setting:

ssl_configuration=old

it will add the line:

ssl_server_prefer_ciphers=yes

in:
/etc/dovecot/conf/ssl.conf

and prevent dovecot from starting..
as far as i can tell, the values for 'ssl_server_prefer_ciphers' should be 'client' (preferred) or 'server', not 'yes'

i set ssl_configuration to intermediate and that line no longer appears, and dovecot is happy again..
However, it could be a problem for people who need ssl_configuration set to old..
if that's the case, maybe override the value in...

• petersconsult
• Replies: 0
• Forum: General Technical Discussion & Troubleshooting

• 

 

[Driesp]

@vinao if this happened after you have updated the Exim configuration using CustomBuild (da build exim_conf or via GUI), then this could mean one of the two things (or both of them):

• Your clients using Thunderbird or Outlook were passing passwords over plain-text connection (not using encryption).
• Your clients using Thunderbird or Outlook were using SMTP port 25 to send emails.

To fix the issue clients should update the email sending configuration by making sure they use encrypted connection when sending emails (use TCP port 587 or 465).

If there is a large number of clients that need to update their configuration you can allow using old insecure authentication policy with the commands listed in the change log.

sed -i '/^AUTH_ENABLE_CONDITION /d' /etc/exim.variables.conf.custom
echo 'AUTH_ENABLE_CONDITION = yes' >> /etc/exim.variables.conf.custom
da build exim_conf

After all clients have updated their email applications to use encrypted connection you can switch to the default (secure) auth policy with commands:

sed -i '/^AUTH_ENABLE_CONDITION /d' /etc/exim.variables.conf.custom
da build exim_conf

I was actually looking for it this week.
We will have to contact our clients before we do this upgrade or activate this security feature.
Thank you for keep improving the security.

Kind regards
Dries

 

[fln]

A new release is made with the following fixes:

• Make sure Dovecot 2.4 works in the ssl_configuration=old mode, thanks @petersconsult and @Ohm J
• Create Dovecot PAM configuration for RHEL systems (Debian systems works without explicit config), thanks @Swift-AU

 

[vinao]

Hello
Today there was an update to dovecot.conf 0.5

Will it be necessary to allow the old authentication policy again after this update?

sed -i '/^AUTH_ENABLE_CONDITION /d' /etc/exim.variables.conf.custom
echo 'AUTH_ENABLE_CONDITION = yes' >> /etc/exim.variables.conf.custom
da build exim_conf

(too many clients use this option to change it immediately)

 

[fln]

@vinao, no the file /etc/exim.variables.conf.custom is never touched by DirectAdmin. If you have set custom variable there (custom SMTP auth policy) it will stay like this until you manually remove it.