similar to: Disable SSLv3 in sendmail in CentOS 5

Am 04.07.2015 um 15:34 schrieb Gregory P. Ennis <PoMec at PoMec.Net>: > On Sat, 2015-07-04 at 08:07 -0500, Gregory P. Ennis wrote: >> Everyone, >> >> Looks like the new version of oppenssl has broken my sendmail's use >> of >> tls. Has anyone else had this problem or seen a fix? >> >> Greg Ennis >>

On Thu, 16 Apr 2015, Andrew Daviel wrote: > RedHat released sendmail-8.13.8-10.el5_11.src.rpm which includes > sendmail-8.13.8-ssl-opts.patch which adds support for disabling > SSLv3 and SSLv2 in sendmail.cf > > But as far as I can see there is no support in sendmail.mc - I can't > see how to compile sendmail.mc to get the required line > ServerSSLOptions in

Hi, how do I protect dovecot 1.2.17 against poodle? Br /Marc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://dovecot.org/pipermail/dovecot/attachments/20141019/b4152487/attachment-0001.sig>

Hi! I'm new to this list and i could not find a way to search through the already posted articles, so please forgive me if this subject has been discussed before. Our security scanner stumbled over the IMAPs server i've set up recently using dovecot on a RedHat Enterprise 64bit Server. The security scanner found an error regarding a new SSL security leak named "BEAST". The

Hi, I came up with the following patch while trying to figure out a good solution for the situation described in Debian bug #871987[1]. In short, OpenSSL in Debian unstable has disabled TLSv1.0 and TLSv1.1 *by default*. That means that unless an application requests otherwise, only TLSv1.2 is supported. In the world of e-mail this is seemingly an issue, as there are still way too many old clients

Hi all, I'm trying to set up my server with support for TLS 1.3 only, but that does not seem to be supported. First off, TLS 1.3 itself does work fine, so it's not the config or ssl library, and 1.3-only works fine with Postfix. The problem is only in disabling TLS 1.2 for Dovecot. On connection, I'm getting an error that 1.3 is an "Unknown ssl_min_protocol setting". Reading

I wish to add options to sendmail INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter/spamass-milter.sock, F=T, T=C:5m;S:4m;R:4m;E:5m')dnl dnl MAILER(cyrusv2)dnl INPUT_MAIL_FILTER(`greylist', `S=local:/var/run/milter-greylist/milter-greylist.sock') define(`confMILTER_MACROS_CONNECT', `j, {if_addr}') define(`confMILTER_MACROS_HELO', `{verify},

Hello, Is it possible to group many nodes together? Suppose I have a large number of machines that I all want to have the same config - rather than specify them as individual nodes each inheriting the same config, I''d like to say that a group inherits a config, and define the group elsewhere. Does this sort of construction already exist? Could it be cobbled together from what we

I was trying to use rsync to send files to a fileserver using an rssh restricted server. It refuses, saying that trying to override the shell with -e is forbidden. I didn't type "-e". When I look at the source, I see /* Checking the pre-negotiated value allows --protocol=29 override. */ if (protocol_version >= 30) { /* We make use of the -e

On 05/08/15 08:06 PM, Andrew Daviel wrote: > > I have Skype 2.1.0 running on CentOS 5, but it does not support video. > > At various times I have tried to install or run more recent versions on > CentOS 5 and CentOS 6, but generally they fail for some reason, e.g. > library requirements. > > We would like to run Skype in some conference rooms, for business > reasons

On 04/13/2016 08:44 PM, ???? wrote: > # mount > /dev/mapper/VolGroup-lv_root on / type ext4 (rw,usrquota,grpquota) > proc on /proc type proc (rw) > sysfs on /sys type sysfs (rw) > devpts on /dev/pts type devpts (rw,gid=5,mode=620) > tmpfs on /dev/shm type tmpfs (rw) > /dev/vda1 on /boot type ext4 (rw) > /dev/vdb on /mnt/extradiskA type ext4 (rw,usrquota,grpquota) >

I've dovecot --version 2.3.10.1 (a3d0e1171) openssl version OpenSSL 1.1.1g FIPS 21 Apr 2020 , atm on Fedora32. I configure /etc/pki/tls/openssl.cnf to set preferences for apps' usage, e.g. Postfix etc; Typically, here cat /etc/pki/tls/openssl.cnf openssl_conf = default_conf [default_conf] ssl_conf = ssl_sect [ssl_sect] system_default = system_default_sect

I have a fully working cyrus+sendmail mail server hosting all users for foo.com. Company foo has been acquired by company bar and it has been decided that bar.com is the new domain of choice. The administrator of bar.com has added a pile of redirects to send various user at bar.com addresses so they come up to my server at foo.com. My users have changed their From: addresses to user at bar.com and

the whois command in c6 references whois.v6nic.net for ip addresses in the 43.0.0.0/8 range (and maybe others). v6nic is no longer a valid whois server, any nets delegated to it should instead be delegated to apnic. i have no upstream connections... this change was made in the generic sources for jwhois some time ago I see this fix was introduced in F20 here,

We are trying to upgrade from SSH1 to OpenSSH/SSH2. I see that configuration support for "cipher NONE" was removed in OpenSSH. Is there an alternative for this ? We need to move big files (>100Mb) between machines on the Internet. In the past we had used NFS or ftp but want to block those services at one or both ends. Moving them with SSH 1 scp takes quite a bit of CPU effort for

(apologies for the length - there are questions at the end...) I've been running Linux for 20 years, and done a lot of dual-boots. I know that's old-school now, but I run Linux 95% of the time yet don't want to lose a Windows system I've paid for - but I've never tried removing it from a system and reinstalling the same licenced copy inside a virtual machine. I bought a

I recently upgraded my servers to 3.4p1 and have been having a problem connecting with an old Windows SSH1 client by Cedomir Igaly, and also with PuTTY which I just downloaded. I get a "CRC error". This is with OpenSSH that I built from the SRPM, setting the flag in the spec file for RHL 6. My RH6 ssh talks both ways to OpenSSH_2.9.9 (RedHat patch) and to sshd 3.4 on RedHat 7.2. My

I recently compiled openssh 3.4p1 for SGI Irix, and found the same problem I'd had with 2.5. Viz. that Irix /usr/include/paths.h defines _PATH_USERPATH, not USER_PATH, so that defines.h doesn't find it and we get the default, which is missing /usr/bsd (which on Irix has things like head, more, lpr) and /usr/bin/X11. This annoys the users, who want X11 to work. I added a test to

We had an incident recently where an openssh client and server were replaced with trojanned versions (it has SKYNET ASCII-art in the binary, if anyone's seen it. Anyone seen the source code ?). The trojan ssh & sshd both logged host/user/password, and probably had a login backdoor. Someone asked me what was their exposure if they used public/private keys instead of passwords. My

I tried to set in sendmail.mc file at the LAST line define(`LUSER_RELAY', `local:unknownuser') dnl I did service sendmail restart and got an error on a completely different line. - as a thought I deleted that line and put it on line 2 of the sendmail.mc file. re-ran service sendmail restart and now it worked. I changed nothing else. Is there something special about the placement of this