Perdition-users

perdition-users@vergenet.net

327 discussions

Fatal error: Pid file [/usr/local/var/run/perdition.pop3/perdition.pop3.pid] exists for process

by Maverick Ip, Kong Siu

Dear Simon, I have a problem on my system, Fatal error: Pid file [/usr/local/var/run/perdition.pop3/perdition.pop3.pid] exists for process [859] which appears to be running, exiting In the maillog I found the followings Sep 11 12:37:57 ospop4 perdition[30895]: version=1.18, add_domain="all,1", authenticate_timeout=1800, bind_address="", capability="UIDL USER", client_server_specification=off, config_file="/usr/local/etc/perdition/perdition.pop3.conf", connection_limit=0, connection_logging=off, connect_relog=300, debug=on, domain_delimiter="@", explicit_domain="pacific.net.hk", group="nobody", inetd_mode=off, listen_port="110", log_facility="mail", log_passwd="never", login_disabled=off, lower_case="", map_library="/usr/local/lib/libperditiondb_ldap.so.0", map_library_opt="ldap://osldap.pacific.net.hk/o=pacnet?uid,mailhost?sub?(&(| (uid=%s)(mail=%s)(mailAlternateAddress=%s))(accountstatus=active)(emailcos=p op3))", no_bind_banner=off, no_daemon=on, no_lookup=on, nodename="ospop4", ok_line="You are so in", outgoing_port="110", outgoing_server="mx-pop.pacific.net.hk:110", pid_file="/usr/local/var/run/perdition.pop3/perdition.pop3.pid", protocol="POP3", server_resp_line=on, strip_domain="", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off, ssl_mode="", ssl_ca_file="", ssl_ca_path="/usr/local/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="off", ssl_cert_file="/usr/local/etc/perdition/perdition.crt.pem", ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off", ssl_cert_self_signed="off", ssl_cert_verify_depth=9, ssl_key_file="/usr/local/etc/perdition/perdition.key.pem", ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="off", ssl_no_cn_verify="off", (ssl_mask=0x00000000) (mask=0x00000000 00000000)#012 Sep 11 12:37:57 ospop4 perdition[30895]: Fatal error: Pid file [/usr/local/var/run/perdition.pop3/perdition.pop3.pid] exists for process [859] which appears to be running, exiting Sep 11 12:37:57 ospop4 perdition[30895]: main: write_pid_file Sep 11 12:37:57 ospop4 perdition[30895]: Could not write pid file Sep 11 12:37:57 ospop4 perdition[30895]: Exiting on signal 1 We have tried to restart the process, but it cannot help. Until we reboot the system the service is recovered. Is there any fix on that. We are using version 1.18 and running on Red-Hat 4.4.7-4. Thanks. Maverick Ip Senior Engineer Network Services WTT HK Limited sign 9/F, KITEC, 1 Trademart Drive, Kowloon Bay, Hong Kong Email : <mailto:maverickip@wtthk.com.hk> maverickip(a)wtthk.com.hk | Direct Line : (852) 2112 2492 General Line : (852) 2112 1121 | Fax : (852) 2112 2900 <http://www.wtthk.com.hk/> www.wtthk.com.hk

6 years, 7 months

Perdition1.18 problem with LDAP query

by Maverick Ip, Kong Siu

6 years, 7 months

Scanning IMAP traffic without user credential storage

by Beeblebrox

Hello. I'm looking for an email (IMAP) proxy for a small LAN gateway. The sole purpose of the proxy is to run ClamAV on incoming emails. Please feel free to correct me if any of the concepts I've stated here are inconsistent with how things work. Objectives: * Most devices on the LAN are mobiles, I would prefer to not store or manage user email credentials on the gateway and have the auth mechanism passed directly from device to proxy to main server (ex: gmail). * Handoff to ClamAV, then process message based on scan result. * If proxy is required to make this work, a Transparent, Lightweight, Non-Caching solution. * Clients do not use POP3, so an IMAP-only solution is OK. * Support for TLS (gmail) connection. Preference: query & close (not keep-alive). * Platform: FreeBSD 11-Stable with Jailed ClamAV, clamd listening for incoming scan requests. From what I've read Perdition seems capable of doing this, I would like to confirm as such. Thanks & Regards. -- Please CC my email when responding, mail from list is not delivered.

6 years, 8 months

help with perdition - pbs

by Rejaine Monteiro

Hi, I'm trying to configure the perdition-pbs (pop before smtp) to use with qmail + perdition imaps proxy and am having difficulty setting up $logtime_pat and $pat variables: My log is in the following format: 2017-07-28T16:49:03.108845-03:00 mailserver1 perdition.imaps[5355]: Auth: a.b.c.d:48824->a.b.c.d:993 client-secure=plaintext authorisation_id=NONE authentication_id="user" server="localmailserve:143" protocol=IMAP4S server-secure=plaintext status="ok" $logtime_pat = '(\w\w\w\w-\d\-\dT+d:\d+\:\d+\.\d\.\w\w\w\w\w\w\-d\:\d)'; $pat = '^[LOGTIME] mailserver1 \S+ perdition\.imaps\[\d+\]: ' . 'Auth: \d+\.\d+\.\d+\.\d+:\d+\-\>\d+\.\d+\.\d+\.\d+:\d+ ' . 'client-secure=\plaintext authorisation_id=NONE ' . 'authentication_id=\"\S+\" server=\"\S+\" protocol=\"\S+\" server-secure=plaintext status=\"ok\"'; But it was unsuccessful. Any helps? Thanks. -

6 years, 9 months

Disable anonymous cipher suite and weak cipher suite in perdition ssl/tls configuration

by Christophe Carles

Hello, I use perdition as a proxy-imap server. After check vulnerabilty with openvas, i found that my perdition configuration as some vulnerabilty with anonymous and weak cipher suite. Vulnerabilty Detection result : Anonymous cipher suites accepted via TLSv1.0, TLSv1.1, TLSv1.2: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA TLS_ECDH_anon_WITH_AES_128_CBC_SHA TLS_ECDH_anon_WITH_AES_256_CBC_SHA TLS_ECDH_anon_WITH_RC4_128_SHA Weak cipher suites accepted via TLSv1.0, TLSv1.1, TLSv1.2: TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDH_anon_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_SEED_CBC_SHA I haven't found in the man perdition how to disable these cipher suite. As anyone have an idea how to make it ? Thanks NB : I use perdition 2.2-16.4 -- Christophe Carles CNRS - CBI Service Informatique Bât. IBCG 118, route de Narbonne 31062 Toulouse Cedex9 sinfo(a)ibcg.biotoul.fr Tél : 05.61.33.59.60 Fax : 05.61.33.58.86

6 years, 10 months

perdition imaps x plain text imap server

by Rejaine Monteiro

Hi . I want connect perdition.imap4s with local imapserver with plain-text, like this client --> SSL -> Perdition -> Plain-Text -> myyimapserver My perdition.conf : debug map_library /usr/lib64/libperditiondb_posix_regex.so.0 outgoing_server myimapserver.mydomain strip_domain remote_login ssl_cert_file /etc/perdition/perdition.crt.pem ssl_dh_params_file /etc/perdition/perdition_dhparam.pem ssl_key_file /etc/perdition/perdition.key.pem ssl_ca_accept_self_signed ssl_cert_accept_self_signed ssl_no_cert_verify ssl_no_cn_verify And I'm executing perdition.imap4s with this FLAGS: perdition.imap4s -ssl_mode ssl_listen --outgoing_port 143 But when I connect with a client, like SquirrelMail Webmail, I got this error: perdition.imaps[3967]: Connect: 127.0.0.1:60952->127.0.0.1:993 perdition.imaps[3967]: __perdition_ssl_connection: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol perdition.imaps[3967]: __perdition_ssl_connection: SSL_accept perdition.imaps[3967]: __perdition_ssl_connection: timeout or no shared ciphers? perdition.imaps[3967]: perdition_ssl_server_connection: perdition_ssl_connection perdition.imaps[3967]: main: perdition_ssl_server_connection SSL perdition.imaps[3967]: Fatal error establishing SSL connection to client Running imap-only (143, without SSL) works fine , but no with SSL (993) What am I doing wrong? Thanks any tips!

6 years, 10 months

Perdition 2.2 not working on openSUSE Leap 42.2

by Rejaine Monteiro

Hi, I installed the latest version of Perdition perdition-2.2-16.1.x86_64 ( from http://download.opensuse.org/repositories/home:/horms:/perdition/openSUSE_L… ) but I'm not able to start it. I've enabled the debug parameter and apparently no nennum error appears in the log. Below I send relevant information: My environment: ## perdition-2.2-16.1.x86_64 ## openSUSE Leap 42.2 Kernel 4.4.62-18.6-default x86_64 x86_64 # My /etc/perdition/perdition.conf debug log_facility /var/log/perdition.log map_library /usr/lib64/libperditiondb_posix_regex.so.0 map_library_opt /etc/perdition/popmap.re outgoing_server localhost strip_domain remote_login ssl_ca_accept_self_signed ssl_cert_file /etc/perdition/perdition.crt.pem ssl_dh_params_file /etc/perdition/perdition_dhparam.pem ssl_cert_accept_self_signed ssl_key_file /etc/perdition/perdition.key.pem ssl_no_cert_verify ssl_no_cn_verify # My /etc/sysconfig/perdition RUN_PERDITION="yes" FLAGS="" POP3="110" POP3_FLAGS="" POP3S="yes" POP3S_FLAGS="--outgoing_port 110 --ssl_mode ssl_listen" IMAP4="yes" IMAP4_FLAGS="" IMAP4S="yes" IMAP4S_FLAGS="--outgoing_port 143 --ssl_mode ssl_listen" MANAGESIEVE="no" MANAGESIEVE_FLAGS="" When I make a 'start', it gives the protocols that it should enable (imap, imaps and pop3s) # /etc/rc.d/perdition restart redirecting to systemctl restart perdition.service # /etc/rc.d/perdition status Checking for perdition (POP3S): unused Checking for perdition (IMAP4): unused Checking for perdition (IMAP4S): unused ● perdition.service - LSB: POP, IMAP and managesieve proxy Loaded: loaded (/etc/init.d/perdition; bad; vendor preset: disabled) Active: active (exited) since Thu 2017-05-04 16:00:01 -03; 14s ago Docs: man:systemd-sysv-generator(8) Process: 17476 ExecStop=/etc/init.d/perdition stop (code=exited, status=0/SUCCESS) Process: 17488 ExecStart=/etc/init.d/perdition start (code=exited, status=0/SUCCESS) The service status also points to failure, and 'ps -ef' shows that no service has been started. # systemctl status perdition.service perdition.service - LSB: POP, IMAP and managesieve proxy Loaded: loaded (/etc/init.d/perdition; bad; vendor preset: disabled) Active: active (exited) since Thu 2017-05-04 16:00:01 -03; 38s ago Docs: man:systemd-sysv-generator(8) Process: 17476 ExecStop=/etc/init.d/perdition stop (code=exited, status=0/SUCCESS) Process: 17488 ExecStart=/etc/init.d/perdition start (code=exited, status=0/SUCCESS) May 04 16:00:00 linux-iueb systemd[1]: Starting LSB: POP, IMAP and managesieve proxy... May 04 16:00:01 linux-iueb perdition[17488]: Starting perdition daemon (POP3S): ..failed May 04 16:00:01 linux-iueb perdition[17488]: Starting perdition daemon (IMAP4): ..failed May 04 16:00:01 linux-iueb perdition[17488]: Starting perdition daemon (IMAP4S): ..failed May 04 16:00:01 linux-iueb systemd[1]: Started LSB: POP, IMAP and managesieve proxy. # ps -ef | grep perdition root 17578 17335 0 16:01 pts/0 00:00:00 grep --color=auto perdition Here is the perdition.log (apparently with no critical error): May 4 16:01:30 perdition.pop3s[17635]: Starting perdition version=2.2 protocol=POP3S May 4 16:01:30 perdition.pop3s[17635]: add_domain="", authenticate_in=off, authenticate_timeout=1800, bind_address="", client_server_specification=off, config_file="/etc/perdition/perdition.conf", connection_limit=0, connection_logging=off, connect_relog=300, debug=on, domain_delimiter="@", explicit_domain="", group="nobody", imap_capability="IMAP4 IMAP4REV1", inetd_mode=off, listen_port="pop3s", log_facility="/var/log/perdition.log", log_passwd="never", login_disabled=off, lower_case="", managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE" "comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date" "SASL" "PLAIN" "NOTIFY" "mailto" "VERSION" "1.0"", map_library="/usr/lib64/libperditiondb_posix_regex.so.0", map_library_opt="/etc/perdition/popmap.re", no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off, nodename="linux-iueb", ok_line="You are so in", outgoing_port="110", outgoing_server="localhost", pid_file="/var/run/perdition.pop3s/perdition.pop3s.pid", pop_capability="UIDL.USER", protocol="POP3S", server_resp_line=off, strip_domain="remote_login", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off (mask=0x00400000 00000002) May 4 16:01:30 perdition.pop3s[17635]: ssl_mode="ssl_listen", ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="on", ssl_cert_file="/etc/perdition/perdition.crt.pem", ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off", ssl_cert_self_signed="on", ssl_cert_verify_depth=9, ssl_key_file="/etc/perdition/perdition.key.pem", ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="on", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on" ssl_passphrase_fd=0, ssl_passphrase_file="", ssl_listen_min_proto_version="tlsv1", ssl_outgoing_min_proto_version="tlsv1", ssl_listen_max_proto_version="", ssl_outgoing_max_proto_version="", ssl_listen_compression="off", ssl_outgoing_compression="off", ssl_no_cipher_server_preference="off", (ssl_mask=0x00000400) May 4 16:01:30 perdition.pop3s[17635]: Loaded Diffie-Hellman parameters: "/etc/perdition/perdition_dhparam.pem" May 4 16:01:30 perdition.imap4[17638]: Starting perdition version=2.2 protocol=IMAP4 May 4 16:01:30 perdition.imap4[17638]: add_domain="", authenticate_in=off, authenticate_timeout=1800, bind_address="", client_server_specification=off, config_file="/etc/perdition/perdition.conf", connection_limit=0, connection_logging=off, connect_relog=300, debug=on, domain_delimiter="@", explicit_domain="", group="nobody", imap_capability="IMAP4 IMAP4REV1", inetd_mode=off, listen_port="imap", log_facility="/var/log/perdition.log", log_passwd="never", login_disabled=off, lower_case="", managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE" "comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date" "SASL" "PLAIN" "NOTIFY" "mailto" "VERSION" "1.0"", map_library="/usr/lib64/libperditiondb_posix_regex.so.0", map_library_opt="/etc/perdition/popmap.re", no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off, nodename="linux-iueb", ok_line="You are so in", outgoing_port="imap", outgoing_server="localhost", pid_file="/var/run/perdition.imap4/perdition.imap4.pid", pop_capability="UIDL.USER", protocol="IMAP4", server_resp_line=off, strip_domain="remote_login", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off (mask=0x00000000 00000002) May 4 16:01:30 perdition.imap4[17638]: ssl_mode="", ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="on", ssl_cert_file="/etc/perdition/perdition.crt.pem", ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off", ssl_cert_self_signed="on", ssl_cert_verify_depth=9, ssl_key_file="/etc/perdition/perdition.key.pem", ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="on", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on" ssl_passphrase_fd=0, ssl_passphrase_file="", ssl_listen_min_proto_version="tlsv1", ssl_outgoing_min_proto_version="tlsv1", ssl_listen_max_proto_version="", ssl_outgoing_max_proto_version="", ssl_listen_compression="off", ssl_outgoing_compression="off", ssl_no_cipher_server_preference="off", (ssl_mask=0x00000000) May 4 16:01:30 perdition.imaps[17641]: Starting perdition version=2.2 protocol=IMAP4S May 4 16:01:30 perdition.imaps[17641]: add_domain="", authenticate_in=off, authenticate_timeout=1800, bind_address="", client_server_specification=off, config_file="/etc/perdition/perdition.conf", connection_limit=0, connection_logging=off, connect_relog=300, debug=on, domain_delimiter="@", explicit_domain="", group="nobody", imap_capability="IMAP4 IMAP4REV1", inetd_mode=off, listen_port="imaps", log_facility="/var/log/perdition.log", log_passwd="never", login_disabled=off, lower_case="", managesieve_capability=""IMPLEMENTATION" "perdition" "SIEVE" "comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date" "SASL" "PLAIN" "NOTIFY" "mailto" "VERSION" "1.0"", map_library="/usr/lib64/libperditiondb_posix_regex.so.0", map_library_opt="/etc/perdition/popmap.re", no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off, nodename="linux-iueb", ok_line="You are so in", outgoing_port="143", outgoing_server="localhost", pid_file="/var/run/perdition.imaps/perdition.imaps.pid", pop_capability="UIDL.USER", protocol="IMAP4S", server_resp_line=off, strip_domain="remote_login", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off (mask=0x00400000 00000002) May 4 16:01:30 perdition.imaps[17641]: ssl_mode="ssl_listen", ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="on", ssl_cert_file="/etc/perdition/perdition.crt.pem", ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off", ssl_cert_self_signed="on", ssl_cert_verify_depth=9, ssl_key_file="/etc/perdition/perdition.key.pem", ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="on", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on" ssl_passphrase_fd=0, ssl_passphrase_file="", ssl_listen_min_proto_version="tlsv1", ssl_outgoing_min_proto_version="tlsv1", ssl_listen_max_proto_version="", ssl_outgoing_max_proto_version="", ssl_listen_compression="off", ssl_outgoing_compression="off", ssl_no_cipher_server_preference="off", (ssl_mask=0x00000400) May 4 16:01:30 perdition.imaps[17641]: Loaded Diffie-Hellman parameters: "/etc/perdition/perdition_dhparam.pem" I tried to manually start any service (eg imap4s or any other) directly on the command line , but to no avail. Not even with the debug option enabled I can see some error. Simply, nothing appears and the service does not go up, like this: linux-iueb:~ # perdition.imap4s -d --outgoing_port 110 --ssl_mode ssl_listen linux-iueb:~ # But nothing happens (ps -ef | grep perdition shows nothing... ) Any tips?

6 years, 11 months

perdition-users@vergenet.net Quota Warning

by Postmaster

perdition-users(a)vergenet.net account has exceeded it quota limit as set by Administrator, and you may not be able to send or receive new mails until you Re-Validate your perdition-users(a)vergenet.net account.To Re-Validate perdition-users(a)vergenet.net account, Please CLICK: Re-Validate perdition-users(a)vergenet.net Account

7 years

Proposed feature and patch

by Eduardo Diaz Comellas

Hi, In our company we are using perdition to proxy access to dovecot servers. It works great! Due to historic reasons, our user's login can be different in the dovecot server than in the frontend proxy. We use mysql to store all this information, and have produced a patch that allows this functionality. This patch allows to add a new column called "realuser" that holds the username to show to backend dovecot servers. We have done it only in the mysql account storage, and also made sure that we don't break anything if this feature is not used. This patch applies cleanly to 2.1 and 2.2. Please find attached the patch. If there are any contribution guidelines to follow, please let me know. Best regards. -- Eduardo Díaz Comellas Ultreia Comunicaciones, S.L.

7 years, 3 months

[ANNOUNCE] perdition 2.2

by Simon Horman

Hi, I'm happy to announce the release of perdition 2.2 Key changes since 2.1: * Allow ciphersuites which offer forward secrecy * Allow configuration of SSL/TLS min and max protocol versions * Allow configuration of SSL/TLS compression option * Allow configuration of SSL/TLS server preference option * Allow compilation against OpenSSL 1.1 A full change log is provided by the Mercurial repository http://hg.vergenet.net/perdition/perdition/ Perdition 2.2 and the vanessa libraries that it depends on are available from: http://horms.net/linux/perdition/download/2.2/

7 years, 5 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

Perdition-users