I want to use perdition on a Debian server that I want to use for email
aggregation.
I believe I have a fairly basic use case. I want to route Imap requests for
each subdomain of a mail domain to a different private IP address. I found
documentation on how to do this for Debian / Mysql here:
https://opentodo.net/2012/04/configuring-an-imappop-proxy-with-perdition-and
-mysql/
Unfortunately, this documentation seems quite old. I do not know if it is
relevant to the latest version of perdition.
Is there a different / newer version of config example documentation for
perdition that someone can point me to?
Bruce T
Good day Guys
We have a need to put an imap reverse / proxy in front of our clients
machines.
Google is not proving to be of any help. Is there way a way I can have
perdition connect to the clients imap server based on their username?
Ive been looking at delimiter, but perdition keeps looking "locally".
So the idea is perdition looks at the username e.g. bob(a)variablemydomain.com
perdition connects to variablemydomain.com:993.
Many thanks
Regards
Brent Clark
Hi,
when trying to connect to my cyrus imap through perdition with ssl +
PLAIN I get the following error:
perdition.imaps[17045]: Fatal Error reading authentication information
from client ...
Connecting directly to cyrus authentication with ssl + plain works
fine. I checked my Evolution and Thunderbird client and both uses
"Password" for authentication.
Ciao
Marcus
HI,
Does perdition accept wildcards as certificate ?
I am trying to set a deploy with one and I am getting always the error that was no possible to find the DH parameters.
Anyone have problems with this ?
Cheers
Zeit
uriboxmobile(a)gmail.com
Please consider the environment before printing this email.
Hello ;)
We are successfully running perdition, however in times of high load
some SSL connections to perdition fail. Some work, but some do not. This
leads to clients having to retry. It resolves itself when load is
lessened.
> openssl s_client -connect imap.server:993
CONNECTED(00000004)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1523867288
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
Any ideas on how to debug this?
Thanks for any help,
Peter
I'm working on a new setup where we would like to used stored procedures
for an
extra layer of security, in addition to having a where-clause to limit
who can use
a perdition-server.
Has anyone made any patches to perdition / perditiondb_mysql to allow
for either
of these scenarios?
Examples:
1) Use a stored procedure to return a result instead of giving the
perdition mysql user
access to the whole database.
If I would have a table called "users" with the fields "email" and
"mailserver" I could map
these into perdition expected fields
CREATE PROCEDURE perdition_lookup (parameter_user VARCHAR(128))
BEGIN
SELECT email AS user, mailserver AS servername FROM users WHERE email
= parameter_user LIMIT 1
END;
Then perdition_mysql could be set up with CALL perdition_lookup(\U) or
something similar.
2) We will use multiple perdition servers and only some users should be
allowed to use
one of the servers (while all of them are allowed to use the second
one).
The addition of a WHERE-clause in the configuration would help make this
possible.
Example:
map_library_opt
dbserver:3306:dbPerdition:tblPerdition:perdition:perditionpassword:mailserver:email:NULL:SomeExtraField='Y'
Or for full flexibility allow overriding of the query like postfix or
dovecot:
# Perdition expects the fields "user", "servername" and "port" to be
retured by the query. %u will be substituted
# for what the user provided as login information
map_library_query SELECT email AS user, mailserver AS servername, NULL
as port FROM users WHERE email = '%u' AND SomeExtraField='Y'
As an alternative, could I cheat with using query_key?
query_key \U-Y
map_library_opt
dbserver:3306:dbPerdition:tblPerdition:perdition:perditionpassword:mailserver:CONCAT(email,'-',SomeExtraField):NULL
--
Harald
Hello,
I though that implicit TLS was evil, (port 465 for SMTP submission was
revoked) and STARTTLS encouraged.
But I read a new RFC that promotes implicit TLS as a recommended access.
https://tools.ietf.org/html/rfc8314#appendix-A
Uhm... If I well understood, new SMTP,POP,IMAP services should offer
implicit TLS as a favourite TLS negotiation.
Anyway I hope that new versions of Perdition could support the
STARTTLS/STLS for many years ;)
Regards
Marco
Howdy folks,
First of all, thank you for this awesome software. I mean, really thank
you, this works flawlessly.
Now, we got an issue here we have an email cluster and we're using
perdition to authenticate to the proper server.
Right now here's our popmap file:
test@webmasterd.com:one.mxroute.com:110
test@ola.com:eagle.mxlogin.com:110
We need to add every single email there. We'd like to add like:
*@domain:server:port
Is this somehow possible? Exporting a domains list and a server is alright,
however, emails are being created every minute, so we need to map the
server as per the domain only, not the full username/email.
Help would be appreciated.
Cheers!
--
*Com os meus melhores cumprimentos,*
*Best Regards,*
*Miguel Ângelo Santos Pereira*
Running a testssl check we have one threat left on the tls port 143:
Secure Client-Initiated Renegotiation VULNERABLE (NOT ok), DoS threat
Is there any chance to close that in perdition.imap4s.conf?
_____________________
DI (FH) Martin Hochreiter
Fachverantwortlicher Systemadministration
IT und Infrastruktur
Fachhochschule St. Pölten GmbH
Matthias Corvinus-Straße 15, 3100 St. Pölten
T: +43 (0) 2742 313 228 215
M: +43 (0) 676 847 228 215
E: <mailto:martin.hochreiter@fhstp.ac.at> martin.hochreiter(a)fhstp.ac.at
I: <http://www.fhstp.ac.at/> www.fhstp.ac.at
FN 146616m, LG St. Pölten, DVR 1028669F
Hi!
We are using perdition 2.2 on Centos 6.9 and on the Outlook mobile (2.2.5)
you cannot get imap/s to
work.
No matter if you use only server FQDN, or server FQDN:993 or FQDN:143 you
always get
Cant connect username password wrong
As far as our students have told us it was working until june - gmail or
other apps work fine.
Any hints/tipps?
_____________________
DI (FH) Martin Hochreiter
Fachverantwortlicher Systemadministration
IT und Infrastruktur
Fachhochschule St. Pölten GmbH
Matthias Corvinus-Straße 15, 3100 St. Pölten
T: +43 (0) 2742 313 228 215
M: +43 (0) 676 847 228 215
E: <mailto:martin.hochreiter@fhstp.ac.at> martin.hochreiter(a)fhstp.ac.at
I: <http://www.fhstp.ac.at/> www.fhstp.ac.at
FN 146616m, LG St. Pölten, DVR 1028669F