search for: ruggedinbox

...SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher, session=<2C8jBjIMmQBVGNd1> Our smtp server is postfix, can you please suggest a better 'ssl_protocols' and 'ssl_cipher_list' configuration ? We are running Debian 7 Wheezy Thank you, RuggedInbox team

..._server_ciphers and if trying to comment the line with 'ssl_prefer_server_ciphers', dovecot restarts fine but same problem as before, claws-mail can't connect. dovecot version is 2.1.7 any hints ? On 2015-01-09 07:50, Philipp Resch wrote: > Am 09.01.2015 um 08:07 schrieb ml at ruggedinbox.com: >> Hi all, when hardening dovecot against the POODLE vulnerability, >> we followed the advise to disable SSL2 and SSL3 >> but this is giving problems with some email clients (claws-mail). >> >> ssl_protocols = !SSLv2 !SSLv3 >> >> results in the follo...

doveconf -n output? On 1/9/2015 2:07 AM, ml at ruggedinbox.com <ml at ruggedinbox.com> wrote: > Hi all, when hardening dovecot against the POODLE vulnerability, > we followed the advise to disable SSL2 and SSL3 > but this is giving problems with some email clients (claws-mail). > > ssl_protocols = !SSLv2 !SSLv3 > > results in the...

Am 09.01.2015 um 08:58 schrieb ml at ruggedinbox.com: > Hi thanks for your help! > Trying to set your same parameters, when restarting dovecot, gives the > error: > > doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf > line 136: Unknown setting: ssl_prefer_server_ciphers > doveconf: Error: managesieve-lo...

Am 09.01.2015 um 08:07 schrieb ml at ruggedinbox.com: > Hi all, when hardening dovecot against the POODLE vulnerability, > we followed the advise to disable SSL2 and SSL3 > but this is giving problems with some email clients (claws-mail). > > ssl_protocols = !SSLv2 !SSLv3 > > results in the following error: > > dovec...

To take advantage of the filters, is it as simple as adding these couple of lines in a guest's xml file like the example from https://libvirt.org/formatnwfilter.html#nwfconcepts ? <devices> <interface type='bridge'> <mac address='00:16:3e:5d:c7:9e'/> <filterref filter='clean-traffic'> <parameter name='IP'

On 1/9/2015 3:06 AM, Philipp Resch <philipp at devh.de> wrote: > It seems as if claws mail is preferring SSLv3 And since dovecot is really not affected by the poodle vulnerability, if you can't upgrade (I believe 2.2 is in the backports repo?), probably easiest to just reenable SSLv3...

ml at ruggedinbox.com writes: > Our smtp server is postfix, can you please suggest a better > 'ssl_protocols' and 'ssl_cipher_list' configuration ? > We are running Debian 7 Wheezy A useful command to know is "openssl ciphers" run on the server that will tell you the ciphers avai...

How can I enforce SELinux separation between the shared folders belonging to different VMs running with sVirt's SELinux dynamic labels? I want to create a permanent exception for VM 'A' to only be able to read and write to shared folder 'A' and the same for VM 'B' and shared folder 'B' svirt_image_t permits access to a shared folder but for all VMs.

Would it degrade security if libvirt were to handle SELinux labeling of shared folders automatically instead of the manual adjustments needed currently? Would it degrade security if libvirt were allowed to create a non existing shared directory specified in a VM's xml upon import?

On 2015-01-09 08:34, Charles Marcus wrote: > On 1/9/2015 3:06 AM, Philipp Resch <philipp at devh.de> wrote: >> It seems as if claws mail is preferring SSLv3 > > And since dovecot is really not affected by the poodle vulnerability, > if > you can't upgrade (I believe 2.2 is in the backports repo?), probably > easiest to just reenable SSLv3... Hi thanks Charles