Austin Witmer
2022-Jul-10 15:01 UTC
POSSIBLE SPAM: Re: Trouble configuring managesive plugin for roundcube
When I enable ssl = yes in my /etc/dovecot/conf.d/20-managesieve.conf file, I get the log line below from mail.log on my mail server. Jul 10 14:57:18 mail dovecot: managesieve-login: Disconnected (no auth attempts in 62 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<PoXYpnTjLN0KdAAD> I?m not smart enough with ssl stuff to know what the root cause of that error is. Can somebody help me out? Thanks! Austin Witmer> On Jul 10, 2022, at 8:52 AM, Austin Witmer <austin96 at emypeople.net> wrote: > > So, here is my dovecot configuration. /etc/dovecot/dovecot.conf > > ## Dovecot configuration file > > # Enable installed protocols > !include_try /usr/share/dovecot/protocols.d/*.protocol > > dict { > #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext > } > > !include conf.d/*.conf > > !include_try local.conf > > !include_try /usr/share/dovecot/protocols.d/*.protocol > > listen = * > > disable_plaintext_auth = yes > mail_privileged_group = mail > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocols = imap lmtp pop3 > > namespace inbox { > inbox = yes > > mailbox Trash { > auto = subscribe # autocreate and autosubscribe the Trash mailbox > special_use = \Trash > } > mailbox Sent { > auto = subscribe # autocreate and autosubscribe the Sent mailbox > special_use = \Sent > } > mailbox Spam { > auto = subscribe # autocreate and autosubscribe the Spam mailbox > } > } > > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > protocol lmtp { > postmaster_address=postmaster at mydomain.com > hostname=mail.mydomain.com > } > > ssl = required # Enable installed protocols > !include_try /usr/share/dovecot/protocols.d/*.protocol > > listen = * > > disable_plaintext_auth = yes > mail_privileged_group = mail > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > > namespace inbox { > inbox = yes > > mailbox Trash { > auto = subscribe # autocreate and autosubscribe the Trash mailbox > special_use = \Trash > } > mailbox Sent { > auto = subscribe # autocreate and autosubscribe the Sent mailbox > special_use = \Sent > } > } > > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > protocol lmtp { > postmaster_address=postmaster at mydomain.com > hostname=mail.mydomain.com > } > > ssl = required > ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem > ssl_cipher_list = AES128+EECDH:AES128+EDH > ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem > ssl_prefer_server_ciphers = yes > > > userdb { > driver = prefetch > } > > userdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem > ssl_cipher_list = AES128+EECDH:AES128+EDH > #ssl_dh_parameters_length = 4096 > ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem > ssl_prefer_server_ciphers = yes > #ssl_protocols = !SSLv3 > > userdb { > driver = prefetch > } > > userdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > And here is the /etc/dovecot/conf.d/20-managesieve.conf file. I tried enabling ssl = yes in the config below but it still didn?t work. > > ## > ## ManageSieve specific settings > ## > > # Uncomment to enable managesieve protocol: > protocols = $protocols sieve > > # Service definitions > > service managesieve-login { > inet_listener sieve { > port = 4190 > # ssl = yes > } > > #inet_listener sieve_deprecated { > # port = 2000 > #} > > # Number of connections to handle before starting a new process. Typically > # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 > # is faster. <doc/wiki/LoginProcess.txt> > #service_count = 1 > > # Number of processes to always keep waiting for more connections. > #process_min_avail = 0 > > # If you set service_count=0, you probably need to grow this. > #vsz_limit = 64M > } > > #service managesieve { > # Max. number of ManageSieve processes (connections) > #process_limit = 1024 > #} > > # Service configuration > > protocol sieve { > # Maximum ManageSieve command line length in bytes. ManageSieve usually does > # not involve overly long command lines, so this setting will not normally > # need adjustment > #managesieve_max_line_length = 65536 > > # Maximum number of ManageSieve connections allowed for a user from each IP > # address. > # NOTE: The username is compared case-sensitively. > #mail_max_userip_connections = 10 > > # Space separated list of plugins to load (none known to be useful so far). > # Do NOT try to load IMAP plugins here. > #mail_plugins > > # MANAGESIEVE logout format string: > # %i - total number of bytes read from client > # %o - total number of bytes sent to client > # %{put_bytes} - Number of bytes saved using PUTSCRIPT command > # %{put_count} - Number of scripts saved using PUTSCRIPT command > # %{get_bytes} - Number of bytes read using GETCRIPT command > # %{get_count} - Number of scripts read using GETSCRIPT command > # %{get_bytes} - Number of bytes processed using CHECKSCRIPT command > # %{get_count} - Number of scripts checked using CHECKSCRIPT command > # %{deleted_count} - Number of scripts deleted using DELETESCRIPT command > # %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command > #managesieve_logout_format = bytes=%i/%o > > # To fool ManageSieve clients that are focused on CMU's timesieved you can > # specify the IMPLEMENTATION capability that Dovecot reports to clients. > # For example: 'Cyrus timsieved v2.2.13' > #managesieve_implementation_string = Dovecot Pigeonhole > > # Explicitly specify the SIEVE and NOTIFY capability reported by the server > # before login. If left unassigned these will be reported dynamically > # according to what the Sieve interpreter supports by default (after login > # this may differ depending on the user). > #managesieve_sieve_capability > #managesieve_notify_capability > > # The maximum number of compile errors that are returned to the client upon > # script upload or script verification. > #managesieve_max_compile_errors = 5 > > # Refer to 90-sieve.conf for script quota configuration and configuration of > # Sieve execution limits. > } > > Here is the output of testing with openssl from the roundcube server. > > I ran this: openssl s_client -connect 10.116.0.2:4190 </dev/null > > And got this: > > CONNECTED(00000003) > 139804327073088:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 5 bytes and written 283 bytes > Verification: OK > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 0 (ok) > ? > > Is the second line in the output above the problem? > > Thanks to all of you for your help so far! > > Austin Witmer > >> On Jul 10, 2022, at 2:17 AM, Tomas Habarta <lists+dovecot at tocc.cz> wrote: >> >> I can't see your dovecot conf, but anyway -- roundcube side has to be aligned with dovecot's, i.e. if you use ssl on roundcube side, make sure you have it enabled on dovecot side too, something like: >> >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> ssl = yes >> } >> >> or just use tls, i.e. no "ssl=yes" in dovecot conf, but tls://10.116.0.2 in roundcube conf >> This seems to be the same case: https://github.com/roundcube/roundcubemail/issues/7127 >> >> Tomas >> >> >> On Sat, Jul 09, 2022 at 10:31:04PM -0600, Austin Witmer wrote: >>> Hello all! >>> I?ve got a bit of a problem that I would like some help with. So, I have >>> two servers, one is my mail server running postfix, dovecot etc. I have a >>> second server setup as my roundcube server. Both servers are running on >>> the same LAN network. >>> I have sieve scripts setup in dovecot in my mail server and they are >>> working great! My trouble is that I can?t seem to make my roundcube talk >>> correctly to managesieve on my mail server. >>> Here is the mail.log file from the mail server when I try to create a >>> sievescript from roundcube webmail: >>> Jul 10 04:11:45 mail dovecot: managesieve-login: Disconnected: Too many >>> invalid commands. (no auth attempts in 0 secs): user=<>, rip=10.116.0.3, >>> lip=10.116.0.2, session=<cZMzomvjyNgKdAAD> >>> And here is my managesieve configuration from my roundcube server. >>> /var/www/roundcube/plugins/managesieve/config.inc.php >>> <?php >>> $config['managesieve_port'] = 4190; >>> $config['managesieve_host'] = '[1]ssl://10.116.0.2'; >>> $config['managesieve_auth_type'] = null; >>> $config['managesieve_auth_cid'] = null; >>> $config['managesieve_auth_pw'] = null; >>> $config['managesieve_usetls'] = false; >>> $config['managesieve_conn_options'] = array( >>> 'ssl' => array( >>> 'verify_peer' => false, >>> 'allow_self_signed' => true, >>> ), >>> ); >>> $config['managesieve_default'] = 'var/lib/dovecot/sieve/default.sieve'; >>> $config['managesieve_script_name'] = 'default.sieve'; >>> $config['managesieve_mbox_encoding'] = 'UTF-8'; >>> $config['managesieve_replace_delimiter'] = ''; >>> $config['managesieve_disabled_extensions'] = []; >>> $config['managesieve_debug'] = true; >>> $config['managesieve_kolab_master'] = false; >>> $config['managesieve_filename_extension'] = '.sieve'; >>> $config['managesieve_filename_exceptions'] = []; >>> $config['managesieve_domains'] = []; >>> $config['managesieve_default_headers'] = ['Subject', 'From', 'To']; >>> $config['managesieve_vacation'] = 0; >>> $config['managesieve_forward'] = 0; >>> $config['managesieve_vacation_interval'] = 0; >>> $config['managesieve_vacation_addresses_init'] = false; >>> $config['managesieve_vacation_from_init'] = false; >>> $config['managesieve_notify_methods'] = ['mailto']; >>> $config['managesieve_raw_editor'] = true; >>> $config['managesieve_disabled_actions'] = []; >>> $config['managesieve_allowed_hosts'] = null; >>> Does anybody have any clue why roundcube isn?t able to login in to >>> managesieve on my mail server? >>> Are there more logs/configs you would like to see? >>> Thanks in advance for your help and suggestions! >>> Austin Witmer >>> >>> References >>> >>> Visible links >>> 1. file:///tmp/ssl:/10.116.0.2
Christian Kivalo
2022-Jul-10 15:49 UTC
POSSIBLE SPAM: Re: Trouble configuring managesive plugin for roundcube
On July 10, 2022 5:01:02 PM GMT+02:00, Austin Witmer <austin96 at emypeople.net> wrote:> When I enable ssl = yes in my /etc/dovecot/conf.d/20-managesieve.conf > file, I get the log line below from mail.log on my mail server. > > Jul 10 14:57:18 mail dovecot: managesieve-login: Disconnected (no auth > attempts in 62 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS > handshaking: SSL_accept() failed: error:1408F10B:SSL > routines:ssl3_get_record:wrong version number, > session=<PoXYpnTjLN0KdAAD> > > I?m not smart enough with ssl stuff to know what the root cause of that > error is. Can somebody help me out?You current dovecot config as below requires you to use tls:// prefix in the managesieve configuration. I just tried it with my server and it worked. Use: $config['managesieve_host'] = 'tls://10.116.0.2'; You have debug logging enabled in your roundcube managesieve config, the output should be in your roundcube logging. Look at that logging during a connection attempt, this helped me allot identifying a certificate name mismatch.> Thanks! > > Austin Witmer > >> On Jul 10, 2022, at 8:52 AM, Austin Witmer <austin96 at emypeople.net> >> wrote: >> >> So, here is my dovecot configuration. /etc/dovecot/dovecot.conf >> >> ## Dovecot configuration file >> >> # Enable installed protocols >> !include_try /usr/share/dovecot/protocols.d/*.protocol >> >> dict { >> #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext >> #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext >> } >> >> !include conf.d/*.conf >> >> !include_try local.conf >> >> !include_try /usr/share/dovecot/protocols.d/*.protocol >> >> listen = * >> >> disable_plaintext_auth = yes >> mail_privileged_group = mail >> >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> protocols = imap lmtp pop3 >> >> namespace inbox { >> inbox = yes >> >> mailbox Trash { >> auto = subscribe # autocreate and autosubscribe the Trash mailbox >> special_use = \Trash >> } >> mailbox Sent { >> auto = subscribe # autocreate and autosubscribe the Sent mailbox >> special_use = \Sent >> } >> mailbox Spam { >> auto = subscribe # autocreate and autosubscribe the Spam mailbox >> } >> } >> >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> inet_listener imaps { >> port = 993 >> } >> } >> >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> protocol lmtp { >> postmaster_address=postmaster at mydomain.com >> hostname=mail.mydomain.com >> } >> >> ssl = required # Enable installed protocols >> !include_try /usr/share/dovecot/protocols.d/*.protocol >> >> listen = * >> >> disable_plaintext_auth = yes >> mail_privileged_group = mail >> >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> >> namespace inbox { >> inbox = yes >> >> mailbox Trash { >> auto = subscribe # autocreate and autosubscribe the Trash mailbox >> special_use = \Trash >> } >> mailbox Sent { >> auto = subscribe # autocreate and autosubscribe the Sent mailbox >> special_use = \Sent >> } >> } >> >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> inet_listener imaps { >> port = 993 >> } >> } >> >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> protocol lmtp { >> postmaster_address=postmaster at mydomain.com >> hostname=mail.mydomain.com >> } >> >> ssl = required >> ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem >> ssl_cipher_list = AES128+EECDH:AES128+EDH >> ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem >> ssl_prefer_server_ciphers = yes >> >> >> userdb { >> driver = prefetch >> } >> >> userdb { >> driver = sql >> args = /etc/dovecot/dovecot-sql.conf >> } >> >> ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem >> ssl_cipher_list = AES128+EECDH:AES128+EDH >> #ssl_dh_parameters_length = 4096 >> ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem >> ssl_prefer_server_ciphers = yes >> #ssl_protocols = !SSLv3 >> >> userdb { >> driver = prefetch >> } >> >> userdb { >> driver = sql >> args = /etc/dovecot/dovecot-sql.conf >> } >> >> And here is the /etc/dovecot/conf.d/20-managesieve.conf file. I tried >> enabling ssl = yes in the config below but it still didn?t work. >> >> ## >> ## ManageSieve specific settings >> ## >> >> # Uncomment to enable managesieve protocol: >> protocols = $protocols sieve >> >> # Service definitions >> >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> # ssl = yes >> } >> >> #inet_listener sieve_deprecated { >> # port = 2000 >> #} >> >> # Number of connections to handle before starting a new process. >> Typically >> # the only useful values are 0 (unlimited) or 1. 1 is more secure, >> but 0 >> # is faster. <doc/wiki/LoginProcess.txt> >> #service_count = 1 >> >> # Number of processes to always keep waiting for more connections. >> #process_min_avail = 0 >> >> # If you set service_count=0, you probably need to grow this. >> #vsz_limit = 64M >> } >> >> #service managesieve { >> # Max. number of ManageSieve processes (connections) >> #process_limit = 1024 >> #} >> >> # Service configuration >> >> protocol sieve { >> # Maximum ManageSieve command line length in bytes. ManageSieve >> usually does >> # not involve overly long command lines, so this setting will not >> normally >> # need adjustment >> #managesieve_max_line_length = 65536 >> >> # Maximum number of ManageSieve connections allowed for a user from >> each IP >> # address. >> # NOTE: The username is compared case-sensitively. >> #mail_max_userip_connections = 10 >> >> # Space separated list of plugins to load (none known to be useful so >> far). >> # Do NOT try to load IMAP plugins here. >> #mail_plugins >> >> # MANAGESIEVE logout format string: >> # %i - total number of bytes read from client >> # %o - total number of bytes sent to client >> # %{put_bytes} - Number of bytes saved using PUTSCRIPT command >> # %{put_count} - Number of scripts saved using PUTSCRIPT command >> # %{get_bytes} - Number of bytes read using GETCRIPT command >> # %{get_count} - Number of scripts read using GETSCRIPT command >> # %{get_bytes} - Number of bytes processed using CHECKSCRIPT command >> # %{get_count} - Number of scripts checked using CHECKSCRIPT command >> # %{deleted_count} - Number of scripts deleted using DELETESCRIPT >> command >> # %{renamed_count} - Number of scripts renamed using RENAMESCRIPT >> command >> #managesieve_logout_format = bytes=%i/%o >> >> # To fool ManageSieve clients that are focused on CMU's timesieved >> you can >> # specify the IMPLEMENTATION capability that Dovecot reports to >> clients. >> # For example: 'Cyrus timsieved v2.2.13' >> #managesieve_implementation_string = Dovecot Pigeonhole >> >> # Explicitly specify the SIEVE and NOTIFY capability reported by the >> server >> # before login. If left unassigned these will be reported dynamically >> # according to what the Sieve interpreter supports by default (after >> login >> # this may differ depending on the user). >> #managesieve_sieve_capability >> #managesieve_notify_capability >> >> # The maximum number of compile errors that are returned to the >> client upon >> # script upload or script verification. >> #managesieve_max_compile_errors = 5 >> >> # Refer to 90-sieve.conf for script quota configuration and >> configuration of >> # Sieve execution limits. >> } >> >> Here is the output of testing with openssl from the roundcube server. >> >> I ran this: openssl s_client -connect 10.116.0.2:4190 </dev/null >> >> And got this: >> >> CONNECTED(00000003) >> 139804327073088:error:1408F10B:SSL routines:ssl3_get_record:wrong >> version number:../ssl/record/ssl3_record.c:331: >> --- >> no peer certificate available >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 5 bytes and written 283 bytes >> Verification: OK >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> No ALPN negotiated >> Early data was not sent >> Verify return code: 0 (ok) >> ? >> >> Is the second line in the output above the problem? >> >> Thanks to all of you for your help so far! >> >> Austin Witmer >> >>> On Jul 10, 2022, at 2:17 AM, Tomas Habarta <lists+dovecot at tocc.cz> >>> wrote: >>> >>> I can't see your dovecot conf, but anyway -- roundcube side has to be >>> aligned with dovecot's, i.e. if you use ssl on roundcube side, make >>> sure you have it enabled on dovecot side too, something like: >>> >>> service managesieve-login { >>> inet_listener sieve { >>> port = 4190 >>> ssl = yes >>> } >>> >>> or just use tls, i.e. no "ssl=yes" in dovecot conf, but >>> tls://10.116.0.2 in roundcube conf >>> This seems to be the same case: >>> https://github.com/roundcube/roundcubemail/issues/7127 >>> >>> Tomas >>> >>> >>> On Sat, Jul 09, 2022 at 10:31:04PM -0600, Austin Witmer wrote: >>>> Hello all! >>>> I?ve got a bit of a problem that I would like some help with. So, I >>>> have >>>> two servers, one is my mail server running postfix, dovecot etc. I >>>> have a >>>> second server setup as my roundcube server. Both servers are >>>> running on >>>> the same LAN network. >>>> I have sieve scripts setup in dovecot in my mail server and they >>>> are >>>> working great! My trouble is that I can?t seem to make my roundcube >>>> talk >>>> correctly to managesieve on my mail server. >>>> Here is the mail.log file from the mail server when I try to create >>>> a >>>> sievescript from roundcube webmail: >>>> Jul 10 04:11:45 mail dovecot: managesieve-login: Disconnected: Too >>>> many >>>> invalid commands. (no auth attempts in 0 secs): user=<>, >>>> rip=10.116.0.3, >>>> lip=10.116.0.2, session=<cZMzomvjyNgKdAAD> >>>> And here is my managesieve configuration from my roundcube server. >>>> /var/www/roundcube/plugins/managesieve/config.inc.php >>>> <?php >>>> $config['managesieve_port'] = 4190; >>>> $config['managesieve_host'] = '[1]ssl://10.116.0.2'; >>>> $config['managesieve_auth_type'] = null; >>>> $config['managesieve_auth_cid'] = null; >>>> $config['managesieve_auth_pw'] = null; >>>> $config['managesieve_usetls'] = false; >>>> $config['managesieve_conn_options'] = array( >>>> 'ssl' => array( >>>> 'verify_peer' => false, >>>> 'allow_self_signed' => true, >>>> ), >>>> ); >>>> $config['managesieve_default'] = >>>> 'var/lib/dovecot/sieve/default.sieve'; >>>> $config['managesieve_script_name'] = 'default.sieve'; >>>> $config['managesieve_mbox_encoding'] = 'UTF-8'; >>>> $config['managesieve_replace_delimiter'] = ''; >>>> $config['managesieve_disabled_extensions'] = []; >>>> $config['managesieve_debug'] = true; >>>> $config['managesieve_kolab_master'] = false; >>>> $config['managesieve_filename_extension'] = '.sieve'; >>>> $config['managesieve_filename_exceptions'] = []; >>>> $config['managesieve_domains'] = []; >>>> $config['managesieve_default_headers'] = ['Subject', 'From', 'To']; >>>> $config['managesieve_vacation'] = 0; >>>> $config['managesieve_forward'] = 0; >>>> $config['managesieve_vacation_interval'] = 0; >>>> $config['managesieve_vacation_addresses_init'] = false; >>>> $config['managesieve_vacation_from_init'] = false; >>>> $config['managesieve_notify_methods'] = ['mailto']; >>>> $config['managesieve_raw_editor'] = true; >>>> $config['managesieve_disabled_actions'] = []; >>>> $config['managesieve_allowed_hosts'] = null; >>>> Does anybody have any clue why roundcube isn?t able to login in to >>>> managesieve on my mail server? >>>> Are there more logs/configs you would like to see? >>>> Thanks in advance for your help and suggestions! >>>> Austin Witmer >>>> >>>> References >>>> >>>> Visible links >>>> 1. file:///tmp/ssl:/10.116.0.2 >-- Christian Kivalo