Perdition-users February 2014

perdition-users@vergenet.net

5 participants
7 discussions

How to have plain, plain + starttls on port 143 AND ssl/tls on port 993?

by Alan McGinlay

Hi, We have long supported clients using whatever encryption scheme they choose. I am trying to get perdition running with the same level of support but am unable to have it successfully listen on both port 143 and 993 with STARTTLS and ssl/tls encryption. ssl_mode used to allow ssl_* and / or tls_* but now it's only one or the other not both. Been messing around for ages, please help! /A

9 years, 9 months

IPv6 listen syntax

by Julien Goodwin

I've just upgraded my mail box to wheezy, and at the same time enabled v6 on it, however I can't figure out what magic syntax is needed for perdition to actual listen on v6. The package in wheezy is 1.19~rc5-1+b1 which seems like it should have v6 support, but it doesn't by default listen on v6, and with what seems like the obvious setting: bind_address 0.0.0.0,:: Fails to start. Nowhere in the docs can I see any examples with v6 addresses, so I don't know if it's perhaps expecting [::] style or something different. Any pointers?

9 years, 9 months

[ANNOUNCE] perdition 2.1

by Simon Horman

Hi, I'm happy to announce the release of perdition 2.1 This is a bugfix release. Key changes since 2.0: * Apply configured ciperhsuite preferences for outpand connections. This is a fix for for CVE-2013-4584. * Use 1.0 as the managesieve version A full change log is provided by the Mercurial repository http://hg.vergenet.net/perdition/perdition/ Perdition 2.1 and the vanessa libraries that it depends on are available from: http://horms.net/linux/perdition/download/2.1/

9 years, 10 months

[PATCH] fix comment header for __perdition_ssl_log_certificate

by dkg＠fifthhorseman.net

# HG changeset patch # User dkg(a)fifthhorseman.net # Date 1391753933 18000 # Fri Feb 07 01:18:53 2014 -0500 # Node ID 851c073386f8e660920439a32c5faf0211f3149c # Parent 179fcc9a4fb8a4c6b207304db6e2c153388ce2b9 fix comment header for __perdition_ssl_log_certificate diff -r 179fcc9a4fb8 -r 851c073386f8 perdition/ssl.c --- a/perdition/ssl.c Fri Feb 07 01:10:06 2014 -0500 +++ b/perdition/ssl.c Fri Feb 07 01:18:53 2014 -0500 @@ -884,7 +884,7 @@ /********************************************************************** - * __perdition_ssl_check_certificate + * __perdition_ssl_log_certificate * Log the details of a certificate * pre: ssl: SSL object to log * cert: certificate to log

9 years, 10 months

[PATCH 0 of 3] normalize CA-loading behavior and configuration between incoming and outgoing

by dkg＠fifthhorseman.net

This series tries to make the configuration options symmetric and predictable between incoming and outgoing connections, as mentioned in Message-Id: 52F4719C.1020501(a)fifthhorseman.net. It may change the semantics for existing configurations, though!

9 years, 10 months

.dir-locals.el for perdition

by Daniel Kahn Gillmor

hi perdition folks-- I'm an emacs user. i know that's not to everyone's taste, but for those of us who use emacs, it makes it easier to work on a source file without modifying whitespace if the whitespace conventions are known to the One True text editor :P Placing the file below as .dir-locals.el in the root of the perdition tree should make it easier for emacs users to contribute patches without making accidental unnecessary whitespace changes: ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;; emacs local configuration settings for perdition source ;; surmised by dkg on 2013-10-24 09:42:45-0400 ((c-mode (indent-tabs-mode . t) (tab-width . 4) (c-basic-offset . 4) (c-file-style . "linux")) ) ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; happy hacking, --dkg

9 years, 10 months

ssl on port 993 and plain / STARTTLS on port 143

by Alan McGinlay - SICS

Hi! I have installed Perdition on a server which (will) sits between my mail server and mail gateway. Currently I am just running webmail via the proxy and it works really great but my plan is to change the imap CNAME to point to the proxy so that all connections from clients (thunderbird, iphone, etc) will go via the proxy as well. I have tested this and most clients worked fine as long as they were using STARTTLS on port 143 or unencrypted connections (which won't be allowed in production) however users connecting on port 993 seem "stuck" to the real mailserver, I suspect it is some kind of SSL session thing. Users connecting with STARTTLS immediately get a password prompt when the DNS change is dected by their computer but with SSL on port 993 the client fails to connect and / or sits there trying to connect indefinately. Restarting perdition or the real mail server doesn't change that behaviour. The really weird thing is that it seemed to work for a handfull of clients. Also, when changing the DNS back, some clients then remain "stuck" to the proxy server instead (only port 993 users). I am somewhat confused by the ssl_mode settings too. Advice would be seriously appreciated :) /Alan PS: same is true for POP on port 995. PPS: The real server and the proxy have different certs, proxy has a real one whereas the imap server has a self signed.

9 years, 10 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Perdition-users February 2014