Hi,
I'm happy to announce the release of perdition 2.0
This is the culmination of the 1.19-rc series of releases. A decision has
been made to name the release 2.0 instead of 1.19 as there are significant
changes since the release of 1.18 including support for a new protocol,
managesieve.
Key changes since v1.19-rc5:
* Correct base64 calculation errors that resulted in managesieve
authentication failing in some circumstances.
* Use "imap" instead of "imap2" as default port for IMAP protocol
A full change log is provided by the Mercurial repository
http://hg.vergenet.net/perdition/perdition/
Perdition 2.0 and the vanessa libraries that it depends on
are available from:
http://horms.net/linux/perdition/download/1.19-rc5/
Debian unstable packages have been uploaded to Debian.Org
and should be available in the Debian archive within 24 hours.
http://packages.debian.org/source/unstable/perdition
Hi Perdition folks--
I just noticed that when i operate perdition as a server offering TLS,
clients are unable to select an ephemeral Diffie-Hellman key exchange
mechanism (also known as EDH or DHE). Since DHE is the most
widely-supported TLS key exchange mechanism to provide Perfect Forward
Secrecy (PFS), it seems like something perdition might want.
The patch below enables DHE support for perdition. By default, it looks
for a PEM-encoded DH PARAMETERS section in the server's certificate
file. I've also added a configuration option (--ssl_dh_params_file)
which can be used to specify a separate file for the DH params if
desired.
With the patch and --ssl_dh_params_file explicitly declared, perdition
will throw an error if no DH parameters could be loaded. if
--ssl_dh_params_file isn't declared, it just tries to load DH params
From the cert file and carries on without DHE if no params can be found.
Another alternative could be to embed a default set of DH parameters
into perdition itself, if no parameters can be loaded. I didn't
implement that, but could do so if it is desired. Please let me know.
Also attached is a simple test script (reliant on gnutls-bin for setup)
that can be run from a built perdition source tree; if the built version
of perdition supports DHE, the script will leave the user in an IMAP
session with a test server (no backend attached, basically only LOGOUT
works). If the built version of perdition doesn't work, then the script
will terminate. Either way, copious diagnostic output is produced.
I'd be happy to have this feature adopted by perdition upstream, since i
have users of perdition who actively want to configure their MUAs to use
some PFS-enabled ciphersuite.
The patch is made against changeset 913:384a78e5951a.
Please let me know if there are changes you'd like to see, or if there
is anything that i should update to make the patch more acceptable for
inclusion upstream.
Thanks for perdition,
--dkg
I am trying to set up perdition to proxy POP3S for some domains.
I have a main server (server1) serving domain1.com
I have another mail server (server2) serving domain2.com
I want to setup perdition on server1 so that all POP3S request is proxied
to server2 for domain2.com
I setup perdition.pop3s to listen on 996
I have setup popmap.re with the following rule
.*(a)domain1.com: localhost:995
.*(a)domain2.com: server2:995
I am trying to retrieve e-mail for user(a)domain1.com
I am not able to get this to work. I keep getting
"vanessa_socket_client_src_open: connect: Connection refused"
"-ERR failed: Could not connect to the server\r\n"
Since perdition is on server1 and proxying to localhost, I am not sure why
the connection is being refused?
Any pointers would be greatly appreciated.
