similar to: imap-login hanging when firewall blocks ssl handshaking

On December 5, 2012 2:07:14 AM PST, Ben Morrow <ben at morrow.me.uk> wrote: > At 1AM -0800 on 5/12/12 Erik A Johnson wrote: >> FYI, the tcpdump I sent previously was with one of our >> previously-discussed patches in place: >> >> if (!proxy->client_proxy && net_geterror(proxy->fd_ssl) == EBADF) { >> >> I'm attaching that dump

Hi I'm trying to use dovecot with client certificates. We produce our certificates with our on CA and we do NOT use certificate revocation lists. So I put "ssl_require_crl = no" into 10-ssl.conf. I did not find a solution neither in the wiki nor somewhere else, so I finally started to read the source. My impression is that openssl will always try to use CRLs. If

The attached patch makes the local IP address to which the client connected available to the authentication modules; i.e., the local IP address is available for substitution as %i for the mysql and pgsql modules. We needed this feature to support thousands of our legacy accounts which are authenticated by username/local_part (not the full email address) and IP address (one per domain). Timo,

On Wed, 21 Oct 2015 20:58, Nick Bright <nick.bright at ...> wrote: > On 10/21/2015 1:55 PM, Andrew Holway wrote: >> Personally I would go round to that particular vendors office with a pipe >> wrench and encourage them to do better however, unless this software is >> transmitting credit card information then it seems that you could be >> safe(ish) from the

On 10/21/2015 1:55 PM, Andrew Holway wrote: > Personally I would go round to that particular vendors office with a pipe > wrench and encourage them to do better however, unless this software is > transmitting credit card information then it seems that you could be > safe(ish) from the regulation standpoint. It really depends on the location > of the machine. Is it deep in the bowels

Hi list, ? I am currently trying to configure dovecot to act as a imap proxy in front of a Groupwise server. Because of a policy no services of the gw server may be directly served to the web. So currently this is only a security measure. Dovecot was previously used for providing sasl-auth capabilities to postfix. IMAP proxy features should be added now. Authentication backend is LDAP. OS is

Since I've been using this for maybe a year now, maybe someone else is interested in restricting IMAP and POP logins via libwrap. In addition to the attached patch (against 1.0.5) to src/login-common/main.c, src/{imap,pop3}-login/Makefile.in have to be modified to link against libwrap. Of course, the option needs to be integrated into configure in the long run. -------------- next part

We've been struggling with a problem for the past couple of days which to this point I've only gotten to be able to boil down to this: 1. Install nessus home edition (less pluggins I assume) 2. run all scans (sequentially or in parallel, doesn't seem to matter) 3. about 3 minutes in /var/log/messages will show segfaults on imap and/or pop3 imap-login[22185]: segfault at

hi I want to use ECC(ellyptic curve cryptography) for SSL-connections but somehow dovecot doesn't like my ECC-certificates :( I tried to test using following scenario: machine: debian 6 (x64) dovecot 2.0.15-0~auto+21 ((f6a2c0e8bc03) from http://xi.rename-it.nl/debian openssl 1.0.0e-2 from testing (as the default 0.9.8o-4squeeze3 needs also the parameter -cipher ECCdraft for testing)

Hi, I am simulating the sending of fax using sendfax through voip to reach an Asteria server via ZAP/1 ( PSTN phone line ) which then route call to a fax machine at ZAP/2. It seems like I am not able to establish any handshake with the physical fax machine using the sendfax program. Does anyone know why that happens and how to fix it? The scenario will be deployed in remote location in the

I'm running Ubuntu 10.04, recently upgraded. My dovecot version is 1.2.9. My SSL/TLS authentication with dovecot from non-local IP's has stopped working, and I can no longer access my mail securely. I have changed all entries to refer to my server as "host". I am the only user, and am OK with the a self-signed cert. When I try to connect using Thunderbird, the certificate

CentOS Errata and Security Advisory 2014:0626 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-0626.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4911acddf50a3f48cc5d2ce6f4011193a06112142a2d93e7e9f36aa7fd44e1bd openssl098e-0.9.8e-18.el6_5.2.i686.rpm x86_64:

CentOS Errata and Security Advisory 2016:0372 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0372.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e87cdaa0c6d6528e4395026ed75dd8c06d1d9cd20cbfc2b88b0d6046482aaa82 openssl098e-0.9.8e-20.el6.centos.1.i686.rpm x86_64:

CentOS Errata and Security Advisory 2016:0372 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0372.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: bda50ad8086ae3f1265eab271d0523c86cde3e9d1ef1fccbd4cce1abf13636e8 openssl098e-0.9.8e-29.el7.centos.3.i686.rpm

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Personally I would go round to that particular vendors office with a pipe wrench and encourage them to do better however, unless this software is transmitting credit card information then it seems that you could be safe(ish) from the regulation standpoint. It really depends on the location of the machine. Is it deep in the bowels of your high security nuclear bunker on an air gap network or is is

Remember that rhel/centos backports fixes, so just looking version number is not reliable way to detect security issues. Eero 2015-10-21 21:18 GMT+03:00 Nick Bright <nick.bright at valnet.net>: > Greetings, > > I'm working with a new CentOS 7 installation, moving a system up from > CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance > requirements. >

Greetings, I'm working with a new CentOS 7 installation, moving a system up from CentOS 5 due to OpenSSL version 0.9.8e not meeting PCI Compliance requirements. However, while setting up the CentOS 7 environment one of the closed source applications is requiring 0.9.8. The software vendor has advised installing package openssl098e from yum; but I'm hesitant to do so from a

On 10/21/2015 2:34 PM, Eero Volotinen wrote: > Remember that rhel/centos backports fixes, so just looking version > number is not reliable way to detect security issues. > > Eero Indeed, though I can say on CentOS 5 the required configuration to be PCI compliand is not valid in apache, and httpd will not start. -- ----------------------------------------------- - Nick Bright

CentOS Errata and Security Advisory 2012:0518 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0518.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 862142d2d7adc74311d7312c6ace396d36b6c8f3a0708f6fe5e0d3977d00a871 openssl098e-0.9.8e-17.el6.centos.2.i686.rpm