Displaying 20 results from an estimated 6000 matches similar to: "STARTTLS: read error=generic SSL error (0)""
2007 Jul 25
6
SHOULD I NEED TO RECOMPILE THE KERNEL ?
Hi,
I am still runnig Redhat 9 box with sendmail and squid. It is quite slow. It
has only 128 MB RAM. So I upgraded it to 512 MB RAM. Now, It is running with
512 MB RAM. But, It is still slow. No progress has been achived. Some users
say it is slower than before. Actually, I also have noticed it is NOW SLOWER
than before. WHY IS THAT?
SHOULD I NEED TO RECOMPILE THE KERNEL as I installed a new
2007 Nov 30
3
How to delete mails in the mailq in ONE DAY -- POSTFIX
I am runnig posfix on Centos 4.4 as a Mailgateway. It only accepts mails for
domains and then forwards mails to Lotus domino Server.
All clients sends outgoing mails to that Lotus domino Server. Then , That
Lotus Domino Server sends mails to Postfix mailgateway. This postfix
mailgateway sends mails to all the destinations. But, This Postfix
mailgateway has about 150 messages in the mailq. Some
2006 Nov 09
8
How to block Yahoo , MSN messanger and Kazza with IPTABLES
Hi,
I want to block Yahoo Messenger, MSN messanger and Kazza with IPTABLES as
my local network users always go there.
How Can I do it?
I am not runnig iptables as a script nor have I put anything in my rc.local.
But instaed, I input the commands and save it by using the below cmmand
/etc/init.d/iptables save
and I restart it
/etc/init.d/iptables restart
My box runs on Cent OS 4.4.
Help
2007 Oct 05
3
DNAT rule for vsftp (PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server''s port 21 from anywhere (Client initiates connection)
- FTP server''s port 21 to ports > 1024 (Server responds to client''s
control port)
- FTP server''s ports > 1024 from anywhere (Client initiates data
2007 Oct 05
3
DNAT rule for vsftp --(PASSIVE FTP)
Hi all,
I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as
passive ftp.
the theroy behind passive ftp is ,
- FTP server's port 21 from anywhere ( Client initiates connection)
- FTP server's port 21 to ports > 1024 (Server responds to client's
control port)
- FTP server's ports > 1024 from anywhere (Client initiates data
connection to
2007 Sep 25
1
DNAT PREROUTING issue with iptables
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall (i.e - its ip address -
1.2.3.4/29) to the internet ip
2007 Sep 25
7
DNAT PREROUTING issue with IPTABLES
Hi,
I have an DNAT ISSUE with PREROUTING.
This is my setup.
I have 2 firewalls running iptables.
Pls asume 1.2.3.4/29 is the internet interace of FIRST firewall.
2.3.4.5/29 is the internet interface of SECOND firewall. it has DMZ zone. in
that DMZ zone, mail server runnig @ 192.168.100.3
Now I want to DNAT port 25 of FISRT firewall ( i.e - its ip address -
1.2.3.4/29) to the internet ip
2007 Oct 05
0
[Fwd: Re: DNAT rule for vsftp (PASSIVE FTP)]
-------- Original Message --------
Subject: Re: [LARTC] DNAT rule for vsftp (PASSIVE FTP)
Date: Fri, 05 Oct 2007 12:17:42 +0530
From: Mohan Sundaram <smohan@vsnl.com>
Reply-To: smohan@vsnl.com
To: Indunil Jayasooriya <indunil75@gmail.com>
References: <7ed6b0aa0710042251u6442fb85ma74e46aa9d3f81f9@mail.gmail.com>
Indunil Jayasooriya wrote:
> Hi all,
>
> I want to run
2001 Mar 10
2
Samba and W95/98/NT clients - dropping connections
I'm begginer with samba and mailing lists -
I've problem with my server on RedHat 7.0 .
It's runnig only as a file server.When I log in and I'm doing something ,everything is runnig as it should..
But if I leave computers alone and they are not working for 1.5 min ---> connection is "dropped" and clients show message like: //Server destination host unreachable.
2016 Jul 14
5
controlling STARTTLS by IP address
On my POP3 server, I need to be able to control the use of STARTTLS by
client IP address. Specifically:
* Clients on certain internal subnets (e.g., 192.168.1.0/24) must not have
the option to use TLS. If the client tries to use STARTTLS, the option
should be rejected. This is to satisfy US FCC rules regarding the use of
encryption over certain radio frequencies.
* All other internal clients
2009 Jan 15
3
Enforcing STARTTLS for all mechs while disabling imaps
Hi all,
Is there a way to enforce STARTTLS for all connections, regardless their
authentication mechanism? disable_plaintext_auth only takes care of the auth
conversation, but I would like to have all communication encrypted.
As far as I can see, this would only be possible when using imaps and
disabling imap. However, I would like to have the other way around;
disabling imaps and using imap for
2017 Nov 23
3
Dovecot LMTP Proxy + STARTTLS?
Hi
I got dovecot 2.2.26 on a Centos7 with latest updates. Dovecot is
configured to act as director and delivers to my two backend servers.
I enabled lmtp proxy on director to listen on port 24.
Now I see in msg headers that the connection to the lmtp proxy uses
STARTTLS but the connection from proxy to backend seems to be
unencrypted. Is it possible to enforce the use of STARTTLS in the
2014 Aug 18
2
IMAP on 993/SSL or 143/STARTTLS?
Hi,
I have a postfix+dovecot-2.2.13 system and have configured it to support
IMAPS on 993 with SSL/TLS. I'm noticing with users using Thunderbird, the
autodetect defaults to IMAPS on 143 with STARTTLS.
Which is preferred? Which is more secure? Which is more common?
Why would someone choose one over the other?
Can I ask the same question about SMTP and submission? Why would one choose
587
2018 Sep 17
2
Using both starttls and ssl in passdb on proxy results in timeouts
Hi List,
I have a dovecot which proxies to different backends depending on an entry in a mysql-database. The mysql-query sets ?ssl? to ?any-cert? and this works fine. But this causes me a problem: sieve-backends only support STARTTLS and if I set ?ssl? to ?any-cert? (or yes), it will attempt a TLS-connection to the sieve-backends, which fails.
My attempt was to alter the query to include
2020 Feb 10
2
starttls for some services only
Hi,
I would like to disable offering starttls to clients for certain dovecot
services.
Background is that I want to do let a load balancer do the TLS stuff
right on connect time and let dovecot only do plain imap without
offering starttls (because the clients do imaps actually). Getting rid
of the starttls feature offering works only if I set ssl = no globally
only. Setting it in the service
2004 Jan 06
3
SSL and STARTTLS
I wanted to enable SSL on some alternate ports so that a limited number
of people could try SSL access. But doing so enabled STARTTLS in
IMAP, so that all IMAP users got surprised (at least those whose
clients attempted to use it automatically).
e.g.:
# IP or host address where to listen in for SSL connections. Defaults
# to above non-SSL equilevants if not specified.
imaps_listen =
2014 Nov 21
3
Outlook Express and STARTTLS
I have one user that uses Outlook Express. Not only do I not use it, I
don't have any systems here that can easily use it. I bit of a challenge.
I am strictly enforcing STARTTLS or TLS for SMTP/POP3/IMAP connections.
SO far a google search has not shown me how to configure this for a
user. Anyone have a pointer to instructions so I can talk the person
through the changes?
2010 May 24
2
STARTTLS does not seem to work
I believe I have the configuration set to use START TLS on IMAP4 (143)
and POP3 (110) ports. ?However, it does not seem to be working. ?Yet
"STARTTLS" is listed as a capability (which tells me I probably do
have it configured right).
In the session below, 172.30.0.24 is the mail server I'm putting up.
64.26.60.229 is an outside mail service. A similar thing happens on
POP3. The
2016 Jul 14
5
controlling STARTTLS by IP address
> Seems like your firewall could redirect to a different port that doesn't
> offer starttls.
Yes, of course. But that would require multiple ports, making the client
configuration cumbersome and error-prone.
Michael
2020 Feb 10
2
starttls for some services only
Hi Aki,
On 10.02.20 17:03, Aki Tuomi wrote:
> Try setting
>
> login_trusted_networks = lb-ip/32
>
> See?
> https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks
I do have login-trusted_networks set already. Along with the proxy
protocol (haproxy_trusted_networks = lb-ip) I had to set
login_trusted_networks to 0.0.0.0/0 actually because the proxy