Hi all,
I was searching the web and the mailing list, but couldn’t find an answer on this question:
Does Perdition support TLS Version 1.1. and 1.2 for imaps?
I tested perdition 1.19-rc5, which is included in Debian 7.4.
It also includes "OpenSSL 1.0.1e 11 Feb 2013“ which does support it.
When scanning with „sslscan localhost:993“, I don’t get any matching cipher, even if I’ve added them to the „ssl_listen_ciphers“ like this:
ssl_listen_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS“
Thanks for your help!
Cheers
Andreas
Hi,
We have long supported clients using whatever encryption scheme they
choose. I am trying to get perdition running with the same level of
support but am unable to have it successfully listen on both port 143
and 993 with STARTTLS and ssl/tls encryption.
ssl_mode used to allow ssl_* and / or tls_* but now it's only one or
the other not both.
Been messing around for ages, please help!
/A
I've just upgraded my mail box to wheezy, and at the same time enabled
v6 on it, however I can't figure out what magic syntax is needed for
perdition to actual listen on v6.
The package in wheezy is 1.19~rc5-1+b1 which seems like it should have
v6 support, but it doesn't by default listen on v6, and with what seems
like the obvious setting:
bind_address 0.0.0.0,::
Fails to start.
Nowhere in the docs can I see any examples with v6 addresses, so I don't
know if it's perhaps expecting [::] style or something different.
Any pointers?
Hi,
I'm happy to announce the release of perdition 2.1
This is a bugfix release.
Key changes since 2.0:
* Apply configured ciperhsuite preferences for outpand connections. This
is a fix for for CVE-2013-4584.
* Use 1.0 as the managesieve version
A full change log is provided by the Mercurial repository
http://hg.vergenet.net/perdition/perdition/
Perdition 2.1 and the vanessa libraries that it depends on
are available from:
http://horms.net/linux/perdition/download/2.1/
This series tries to make the configuration options symmetric and
predictable between incoming and outgoing connections, as mentioned in
Message-Id: 52F4719C.1020501(a)fifthhorseman.net.
It may change the semantics for existing configurations, though!
hi perdition folks--
I'm an emacs user. i know that's not to everyone's taste, but for those
of us who use emacs, it makes it easier to work on a source file without
modifying whitespace if the whitespace conventions are known to the One
True text editor :P
Placing the file below as .dir-locals.el in the root of the perdition
tree should make it easier for emacs users to contribute patches without
making accidental unnecessary whitespace changes:
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; emacs local configuration settings for perdition source
;; surmised by dkg on 2013-10-24 09:42:45-0400
((c-mode
(indent-tabs-mode . t)
(tab-width . 4)
(c-basic-offset . 4)
(c-file-style . "linux"))
)
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
happy hacking,
--dkg
Hi!
I have installed Perdition on a server which (will) sits between my
mail server and mail gateway. Currently I am just running webmail via
the proxy and it works really great but my plan is to change the imap
CNAME to point to the proxy so that all connections from clients
(thunderbird, iphone, etc) will go via the proxy as well.
I have tested this and most clients worked fine as long as they were
using STARTTLS on port 143 or unencrypted connections (which won't be
allowed in production) however users connecting on port 993 seem "stuck"
to the real mailserver, I suspect it is some kind of SSL session thing.
Users connecting with STARTTLS immediately get a password prompt when
the DNS change is dected by their computer but with SSL on port 993 the
client fails to connect and / or sits there trying to connect
indefinately. Restarting perdition or the real mail server doesn't
change that behaviour.
The really weird thing is that it seemed to work for a handfull of
clients. Also, when changing the DNS back, some clients then remain
"stuck" to the proxy server instead (only port 993 users).
I am somewhat confused by the ssl_mode settings too. Advice would be
seriously appreciated :)
/Alan
PS: same is true for POP on port 995.
PPS: The real server and the proxy have different certs, proxy has a
real one whereas the imap server has a self signed.
Dear Simon Horman,
I have cluster mail servers with IBM Domino server: server1.abc.com and server2.abc.com
The data on these servers auto syncronize with Domino clustering task
The configuration
user1: server1.abc.com
user2: server1.abc.com
How solution in perdition to auto switch to server2 when server1 not available?
Thank you
Terima kasih
Tji Lik
Information System Consulting
0812-835-8838
Hi,
I'm happy to announce the release of perdition 2.0
This is the culmination of the 1.19-rc series of releases. A decision has
been made to name the release 2.0 instead of 1.19 as there are significant
changes since the release of 1.18 including support for a new protocol,
managesieve.
Key changes since v1.19-rc5:
* Correct base64 calculation errors that resulted in managesieve
authentication failing in some circumstances.
* Use "imap" instead of "imap2" as default port for IMAP protocol
A full change log is provided by the Mercurial repository
http://hg.vergenet.net/perdition/perdition/
Perdition 2.0 and the vanessa libraries that it depends on
are available from:
http://horms.net/linux/perdition/download/1.19-rc5/
Debian unstable packages have been uploaded to Debian.Org
and should be available in the Debian archive within 24 hours.
http://packages.debian.org/source/unstable/perdition