Paul Dudley | 24 Jul 07:54 2015

Configuring extra IMAP ports

How do you configure perdition to allow IMAP access on ports other than the standard port of 143?
Can you configure perdition to allow IMAP access on multiple ports?
 
--
  Paul Dudley
  pdudley <at> fastmail.fm
 
 
-- -- http://www.fastmail.com - Same, same, but different...
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Egoitz Aurrekoetxea | 5 Mar 16:59 2015
Picon

Issues with Perdition 2.1 in FreeBSD

God afternoon,

I’m running some issues in a FreeBSD 10.1 RELENG machine with Perdition 2.1. Once or twice a day the parent process of POP3 or IMAP4 service dies. After doing some 
investigations have seen the problem comes when at vanessa_socket_server.c file at __vanessa_socket_server_accept() when it does the accept(). It seems accept() is failing 
with 53 (which continues) and later with 35 (talking about errno of course) with which exits with -1. So later is returning to __vanessa_socket_server_acceptv() and this one returns to 
vanessa_socket_server_acceptv due to : 

if (child < 0)
return status;

At this function (the last one) does exist : 

child = __vanessa_socket_server_acceptv(&g, ufds[i].fd,
listen_socketv, 
maximum_connections, 
return_from, return_to, flag);
VANESSA_LOGGER_DEBUG("EGOITZ 1E");
if (child < 0) {
VANESSA_LOGGER_DEBUG(
"__vanessa_socket_server_acceptv");
goto err;


Perhaps this file be (please ignore the debugging literals) could be like this ?

--- vanessa_socket_server.c 2010-06-22 09:21:37.000000000 +0200
+++ vanessa_socket_server.c 2015-03-05 16:50:25.000000000 +0100
<at> <at> -388,10 +388,20 <at> <at>
  addrlen = sizeof(from);
  *g = accept(listen_socket, (struct sockaddr *) &from, &addrlen);
  if (*g  < 0) {
+ char codigo[20];
+ sprintf(codigo, "%d", errno);
+ VANESSA_LOGGER_DEBUG("Falla accept con el error");
+ VANESSA_LOGGER_DEBUG("=========================");
+ VANESSA_LOGGER_DEBUG(codigo);
+ VANESSA_LOGGER_DEBUG("=========================");
+ if (errno == EAGAIN) 
+ {
+ VANESSA_LOGGER_DEBUG("TENEMOS UN EAGAIN");
+ }
  if(errno == EINTR || errno == ECONNABORTED) {
  continue; /* Ignore EINTR  and ECONNABORTED */
  }
- if (errno == EAGAIN || errno == EWOULDBLOCK)
+ if (errno == EWOULDBLOCK || errno == EAGAIN)
  return -1; /* Don't log EAGAIN or EWOULDBLOCK */
  VANESSA_LOGGER_DEBUG_ERRNO("accept");
  return(-1);
<at> <at> -551,7 +561,10 <at> <at>
  flag);
  if (child < 0) {
  if (errno == EAGAIN || errno == EWOULDBLOCK)
+ {
  status = 0;
+ VANESSA_LOGGER_DEBUG("EGOITZ STATUS -----> 0");
+ }
  else {
  VANESSA_LOGGER_DEBUG("__vanessa_socket_server_accept");
  status = -1;
<at> <at> -561,6 +574,7 <at> <at>
  if (!(opt & O_NONBLOCK) && child &&
      fcntl(listen_socket, F_SETFL, opt) < 0) {
  VANESSA_LOGGER_DEBUG_ERRNO("fcntl: F_SETFL 2");
+ VANESSA_LOGGER_DEBUG("ERROR 0000001 AAAAA");
  status = -1;
  }

  

<at> <at> -570,6 +584,7 <at> <at>
  if (!(opt & O_NONBLOCK) && (flag & VANESSA_SOCKET_NO_FORK || !child) &&
      fcntl(*g, F_SETFL, opt) < 0) {
  VANESSA_LOGGER_DEBUG_ERRNO("fcntl: F_SETFL 3");
+ VANESSA_LOGGER_DEBUG("ERROR 0000002 BBBB");
  status = -1;
  }

 

<at> <at> -632,6 +647,10 <at> <at>
  "__vanessa_socket_server_acceptv");
  goto err;
  }
+ if (!child && g < 0)
+ {
+ break;
+ }
  if (flag & VANESSA_SOCKET_NO_FORK || !child) {
  status = g;
  goto out;

Mainly talking about : 

+ if (!child && g < 0)
+ {
+ break;
+ }

That way polling again socket fds instead of exiting and stop servicing the affected protocol in each case (POP3 or IMAP4)??

Have done this last modification without having the luck of having an abnormal termination again, in order to check if this works…

Has anyone have noticed about something similar?.

Thank you so much,
Regards, 

Egoitz Aurrekoetxea
Departamento de sistemas
944 209 470
Parque Tecnológico. Edificio 103
48170 Zamudio (Bizkaia)

Antes de imprimir este correo electrónico piense si es necesario hacerlo.

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Joe Pruett | 4 Mar 20:40 2015

patch for wildcard matching in mysql

is this something that people would use? i have made a local patch that
lets me do some sql wildcard matching if there isn't an exact match in
the db. this allows me to have a front end server for multiple domains
and unless something needs special per-user handling, i can just match
on the domain and route on that. it even allows for multiple wildcard
matches and chooses the longest pattern as the best one.

for example:

% <at> foo.com    server1
% <at> bar.com    server2
%                   server3

user a <at> foo.com goes to server1, b <at> bar.com to server2, and c <at> baz.com to
server3.

if this is of interest i can send the patch. or if i've just missed an
obvious way to handle this, let me know that :-).
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

M. Rodrigo Monteiro | 2 Feb 18:21 2015
Picon

BAD Invalid tag, mate

Hi.

I'm new to Perdition...
Last week I configured 2 Perdition servers to handle imap proxy from a Zimbra 7.2 Server.
I've tested on PC (Thunderbird), Android and Iphone. Everything good.
Today Iphone is not working. PC and Android is fine.
The version, log and conf is below.

[root <at> 050 perdition]# ls /usr/src/
debug  kernels  perdition-1.18  postfix-2.11.3  vanessa_adt-0.0.8  vanessa_logger-0.0.8  vanessa_socket-0.0.10

# maillog
Feb  2 14:06:15 050 perdition[19519]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:15 050 perdition[19519]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:15 050 perdition[19519]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\377\377 s\377\"\377s\031\026\377\377\377\377\377\377\377?H\
377\377\377\377\377\377\377\032\377\377\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\
017\377\016\377\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:15 050 perdition[19520]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:15 050 perdition[19520]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:15 050 perdition[19520]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\3777\377\377\377\377j$\377\377v\022\377\377(\377\377\377w\t
\377\377\377\377\177W\001;-\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\017\377\016\
377\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:15 050 perdition[19521]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:16 050 perdition[19521]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:16 050 perdition[19521]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\377\377\377i\377\377\377\377\377 <at> 8p\377k\377\377pxR\377A\37
7\026\377\377\377>\377\377\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\017\377\016\3
77\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain
v.br\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:17 050 perdition[19522]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:17 050 perdition[19522]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:17 050 perdition[19522]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\377a\377\377\377\377k\377|\377\377\377\377\377g\377\026?\37
7\377\033\377\377\377\377\377\377\377X\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\0
17\377\016\377\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:17 050 perdition[19523]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:17 050 perdition[19523]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:17 050 perdition[19523]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\377\025\377\377a\'\f\377\377\377bAE\377\177\377\3777\377U\3
77G(\037\377h\377r\377\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\017\377\016\377\r
\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld
\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:17 050 perdition[19524]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:17 050 perdition[19524]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:17 050 perdition[19524]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\3775\377\377\377O~\377\377\377m,\006\n\024=\377\377\0212\377>\035\024\377\377\377\377\377\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\017\377\016\377\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:18 050 perdition[19519]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:18 050 perdition[19520]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:19 050 perdition[19521]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:19 050 perdition[19525]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:20 050 perdition[19525]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:20 050 perdition[19525]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\3773\377qc\003`\377\377\0020\001\377y;\377\377\377H\377\377\377 <at> \'\377\377z\377\377\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\017\377\016\377\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:20 050 perdition[19522]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:20 050 perdition[19526]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:20 050 perdition[19526]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:20 050 perdition[19526]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\377\377\377|64\377\002\377a\377q\377T>\3774a\377\377\016\377\377]\037.9\377\377\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\017\377\016\377\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:20 050 perdition[19523]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:20 050 perdition[19527]: Connect: 179.171.122.121->SERVER_IP
Feb  2 14:06:20 050 perdition[19527]: SELF:   "* OK IMAP4 Ready 179-171-122-121.user.vivozap.com.br 000208fb\r\n"
Feb  2 14:06:20 050 perdition[19527]: CLIENT: "\026\003\001\000\377\001\000\000\377\003\001T\377\377\3775\377f\377\377y\377\377\023+\377{\3779\3779\377\025Q0[Ye\3777\377h\377\000\000J\000\377\377$\377#\377\n\377\t\377\b\377(\377\'\377\024\377\023\377\022\377&\377%\377\005\377\004\377\003\377*\377)\377\017\377\016\377\r\000k\000g\0009\0003\000\026\000=\000<\0005\000/\000\n\377\a\377\021\377\002\377\f\000\005\000\004\001\000\0000\000\000\000\032\000\030\000\000\025mails.mydomain.tld\000\n\000\b\000\006\000\027\000\030\000\031\000\v\000\002\001\000"
Feb  2 14:06:20 050 perdition[19524]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:21 050 perdition[19519]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:21 050 perdition[19519]: Exiting on signal 13
Feb  2 14:06:21 050 perdition[19520]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:21 050 perdition[19520]: Exiting on signal 13
Feb  2 14:06:22 050 perdition[19521]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:22 050 perdition[19521]: Exiting on signal 13
Feb  2 14:06:23 050 perdition[19525]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:23 050 perdition[19522]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:23 050 perdition[19522]: Exiting on signal 13
Feb  2 14:06:23 050 perdition[19526]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:23 050 perdition[19523]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:23 050 perdition[19523]: Exiting on signal 13
Feb  2 14:06:23 050 perdition[19527]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:23 050 perdition[19524]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:23 050 perdition[19524]: Exiting on signal 13
Feb  2 14:06:26 050 perdition[19525]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:26 050 perdition[19525]: Exiting on signal 13
Feb  2 14:06:26 050 perdition[19526]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:26 050 perdition[19526]: Exiting on signal 13
Feb  2 14:06:26 050 perdition[19527]: SELF:   "* BAD Invalid tag, mate\r\n"
Feb  2 14:06:26 050 perdition[19527]: Exiting on signal 13



[root <at> 050 perdition]# cat imap4.conf
#debug
connection_logging
#imap_capability IMAP4 IMAP4REV1
imap_capability "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE SORT QUOTA ACL ACL2=UNION STARTTLS"
protocol IMAP4
outgoing_server  172.26.2.47:143
timeout 1800
ssl_mode tls_listen
ssl_ca_accept_self_signed
ssl_cert_file /opt/perdition/etc/perdition/mails.cert
ssl_cert_accept_self_signed
ssl_cert_accept_expired
ssl_cert_accept_not_yet_valid
ssl_key_file /opt/perdition/etc/perdition/mails.key
ssl_no_cert_verify
ssl_no_cn_verify

[root <at> 050 perdition]# cat imap4s.conf
#debug
connection_logging
#imap_capability IMAP4 IMAP4REV1
imap_capability "IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE SORT QUOTA ACL ACL2=UNION STARTTLS"
protocol IMAP4S
outgoing_server  172.26.2.47:143
timeout 1800
ssl_mode tls_listen
ssl_ca_accept_self_signed
ssl_cert_file /opt/perdition/etc/perdition/mails.cert
ssl_cert_accept_self_signed
ssl_cert_accept_expired
ssl_cert_accept_not_yet_valid
ssl_key_file /opt/perdition/etc/perdition/mails.key
ssl_no_cert_verify
ssl_no_cn_verify



M. Rodrigo Monteiro
    
"Free as in Freedom, not free as in free beer"
"As we are liberated from our own fear, our presence automatically liberates others"
Linux User # 403730

Pense antes de imprimir. Think before printing.

AVISO LEGAL
Esta mensagem é destinada exclusivamente para a(s) pessoa(s) a quem é dirigida, podendo conter informação confidencial e/ou legalmente privilegiada. Se você não for destinatário desta mensagem, desde já fica notificado de abster-se a divulgar, copiar, distribuir, examinar ou, de qualquer forma, utilizar a informação contida nesta mensagem, por ser ilegal. Caso você tenha recebido esta mensagem por engano, pedimos que nos retorne este E-Mail, promovendo, desde logo, a eliminação do seu conteúdo em sua base de dados, registros ou sistema de controle. Fica desprovida de eficácia e validade a mensagem que contiver vínculos obrigacionais, expedida por quem não detenha poderes de representação.

LEGAL ADVICE
This message is exclusively destined for the people to whom it is directed, and it can bear private and/or legally exceptional information. If you are not addressee of this message, since now you are advised to not release, copy, distribute, check or, otherwise, use the information contained in this message, because it is illegal. If you received this message by mistake, we ask you to return this email, making possible, as soon as possible, the elimination of its contents of your database, registrations or controls system. The message that bears any mandatory links, issued by someone who has no representation powers, shall be null or void.

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Xavier Garcia | 31 Oct 13:59 2014
Picon

Disabling SSLv3

Dear all,

I am trying to disable SSLv3  on perdition 2.0-1.x86_64
It is running in a RHEL 6.5 clone and it was compiled with the SPEC files.

In theory, I should apply the following configuration but it also
disables TLSv1 and TLSv1.1, being TLSv1.2 still available.

---
ssl_listen_ciphers "ALL:!SSLv2:!SSLv3"
---

I don't know much about cryptography but I
guess it makes sense because I obtain the same result in all my
boxes (RHEL 6.5 , Fedora and FreeBSD 10) when I execute:

openssl ciphers -v 'ALL:!SSLv2:!SSLv3'

What would be the best way to disable SSLv2 and SSLv3 for incoming and
outgoing connections?

Regards,

Xavier Garcia
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Eivind Olsen | 24 Oct 15:23 2014
Picon

Weird issue with Perdition 2.1 to MS Exchange

Hello.

I'm currently trying to understand some issue I see with Perdition
connecting to MS Exchange.

For some reason some commands seem to do nothing, while they work fine if
used directly and not going through Perdition (version 2.1 running on
RHEL7 btw).

Here's what I see when I do a packet capture on the traffic going from the
server running Perdition (MS exchange = lines starting with S, and
perdition on the lines starting with C):

S: * OK The Microsoft Exchange IMAP4 service is ready.
C: flim07 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN STARTTLS
UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
S: flim07 OK CAPABILITY completed.
C: flim08 LOGIN {7}
S: + Ready for additional command text.
C: use-rna {20}
S: + Ready for additional command text.
C: thisISaLoNgPasswordd
S: flim08 OK LOGIN completed.
C: A002 SELECT "INBOX"
...and here it just seems to hang, no traffic is returned...

If I go to the server running Perdition and run these commands manually
with the help of "telnet msexchangeserver 143", they seem to work fine:

* OK The Microsoft Exchange IMAP4 service is ready.
flim07 CAPABILITY
* CAPABILITY IMAP4 IMAP4rev1 AUTH=NTLM AUTH=GSSAPI AUTH=PLAIN STARTTLS
UIDPLUS CHILDREN IDLE NAMESPACE LITERAL+
flim07 OK CAPABILITY completed.
flim08 LOGIN {7}
+ Ready for additional command text.
use-rna {20}
+ Ready for additional command text.
thisISaLoNgPasswordd
flim08 OK LOGIN completed.
A002 SELECT "INBOX"
* 11 EXISTS
* 0 RECENT
* FLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)
* OK [PERMANENTFLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)]
Permanent flags
* OK [UNSEEN 1] Is the first unseen message
* OK [UIDVALIDITY 2389685] UIDVALIDITY value
* OK [UIDNEXT 45] The next unique identifier value
A002 OK [READ-WRITE] SELECT completed.
A003 LOGOUT
* BYE Microsoft Exchange Server 2010 IMAP4 server signing off.
A003 OK LOGOUT completed.

Am I missing something obvious here?

Regards
Eivind Olsen

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

润青杨 | 21 Oct 17:08 2014
Picon

perdition have some ssl security problems

Hi guys,
Recently, our group are trying to find ssl security problems by static anlysis. Now we have find some problems in perdition and report this bugs to the launchpad, but we haven't receive any responses.
Could you please take a look at this bug:
https://bugs.launchpad.net/ubuntu/+source/perdition/+bug/1380304
Thanks,
Rainkin
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Vincent Fox | 15 Oct 23:03 2014
Picon

Poodle?

Hi,

Just catching up to this SSLv3 "Poodle" vulnerability.

Should I do anything with my Perdition config?

Thanks

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Steven Kelbley | 3 Sep 22:37 2014
Picon

Perdition not recognizing STARTTLS?


Hi all, hoping you might be able to help me out.

I have a Perdition proxy server (v1.17.1-1) setup to forward users to one of two Cyrus (v2.3.16) backend mailstores based on an LDAP query. Everything works fine except for securing the connection between Perdition and Cyrus; somehow Perdition is seemingly ignoring the STARTTLS entry in the mail server's CAPABILITY string. STARTTLS works perfectly fine connecting from the Perdition server to the Cyrus server using both "imtest" and "openssl s_client".

The certs are all signed by a separate test CA I set up the other day and work fine otherwise. I've posted the log and relevant Perdition configs below, and I’ve tested the backend servers individually to ensure STARTTLS is working fine on Cyrus’ end. Have I messed something up?

##/var/log/maillog##

    Sep  3 10:23:34 perdition-host perdition[20007]: Connect: client.example.com -> perdition.example.com

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "* OK IMAP4 Ready perdition.example.com 00021e71\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: CLIENT: "1 STARTTLS\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "1 OK Begin TLS negotiation now\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SSL connection using AES256-GCM-SHA384

    Sep  3 10:23:34 perdition-host perdition[20007]: CLIENT: "2 login \"user-test <at> email.example.com\" \"password\""

    Sep  3 10:23:34 perdition-host perdition[20007]: CLIENT: "\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: username_add_domain: username_add_domain 0 1 0x260e0b4

    Sep  3 10:23:34 perdition-host perdition[20007]: username_add_domain: username_add_domain 0 4 0x260e0b4

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE] server ready\r\n* OK [ALERT] Cyrus01\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "flim07 CAPABILITY\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: tls_outgoing_force is set, but the real-server does not have the STARTTLS capability, connection will not be encrypted

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "flim07 CAPABILITY\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK Completed\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "flim08 LOGIN {37}\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK Completed\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_response: invalid tag from server 1

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_authenticate: imap4_out_response login

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "user-test <at> email.example.com {9}\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "+ go ahead\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "password\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "+ go ahead\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_response: invalid tag from server 1

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_authenticate: imap4_out_response passwd

    Sep  3 10:23:34 perdition-host perdition[20007]: main: protocol->out_authenticate -1

    Sep  3 10:23:34 perdition-host perdition[20007]: Fatal error authenticating user. Exiting child.

##/etc/sysconfig/perdition##

    RUN_PERDITION=yes

    POP3=no

    POP3S=no

    IMAP4=no

    IMAP4S=yes

##/usr/etc/perdition/perdition_imap4s.conf##

    (All left default except following options:)

    connection_logging

    debug

    listen_port 143

    map_library /usr/lib/libperditiondb_ldap.so.0

    map_library_opt "ldap:<ldap_url_here>"

    ok_line Connected to perdition IMAP proxy.

    protocol IMAP4S

    outgoing_port 143

    pid_file /var/run/perdition/perdition.imap4s.pid

    timeout 60

    ssl_mode tls_all

    ssl_ca_file /etc/pki/tls/certs/ca.crt

    ssl_ca_accept_self_signed

    ssl_cert_file /etc/pki/tls/private/host_perdition.crt

    ssl_cert_accept_self_signed

    ssl_key_file /etc/pki/tls/private/host_perdition.key

Thanks in advance for any help, I’ve spent a good amount of time stuck on this issue.

Steven Kelbley

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Steven Kelbley | 3 Sep 22:56 2014
Picon

Perdition not recognizing STARTTLS


Hi all, hoping you might be able to help me out. I have a Perdition proxy server (v1.17.1-1) setup to forward users to one of two Cyrus (v2.3.16) backend mailstores based on an LDAP query. Everything works fine except for securing the connection between Perdition and Cyrus; somehow Perdition is seemingly ignoring the STARTTLS entry in the mail server's CAPABILITY string. STARTTLS works perfectly fine connecting from the Perdition server to the Cyrus server using both "imtest" and "openssl s_client".

The certs are all signed by a separate test CA I set up the other day and work fine otherwise. I've posted the log and relevant Perdition configs below, and I’ve tested the backend servers individually to ensure STARTTLS is working fine on Cyrus’ end. Have I messed something up?

##/var/log/maillog##

    Sep  3 10:23:34 perdition-host perdition[20007]: Connect: client.example.com -> perdition.example.com

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "* OK IMAP4 Ready perdition.example.com 00021e71\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: CLIENT: "1 STARTTLS\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "1 OK Begin TLS negotiation now\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SSL connection using AES256-GCM-SHA384

    Sep  3 10:23:34 perdition-host perdition[20007]: CLIENT: "2 login \"user-test <at> email.example.com\" \"password\""

    Sep  3 10:23:34 perdition-host perdition[20007]: CLIENT: "\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: username_add_domain: username_add_domain 0 1 0x260e0b4

    Sep  3 10:23:34 perdition-host perdition[20007]: username_add_domain: username_add_domain 0 4 0x260e0b4

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE] server ready\r\n* OK [ALERT] Cyrus01\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "flim07 CAPABILITY\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: tls_outgoing_force is set, but the real-server does not have the STARTTLS capability, connection will not be encrypted

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "flim07 CAPABILITY\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK Completed\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "flim08 LOGIN {37}\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\nflim07 OK Completed\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN AUTH=LOGIN SASL-IR COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_response: invalid tag from server 1

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_authenticate: imap4_out_response login

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "user-test <at> email.example.com {9}\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "+ go ahead\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: SELF:   "password\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: REAL:   "+ go ahead\r\n"

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_response: invalid tag from server 1

    Sep  3 10:23:34 perdition-host perdition[20007]: imap4_out_authenticate: imap4_out_response passwd

    Sep  3 10:23:34 perdition-host perdition[20007]: main: protocol->out_authenticate -1

    Sep  3 10:23:34 perdition-host perdition[20007]: Fatal error authenticating user. Exiting child.

##/etc/sysconfig/perdition##

    RUN_PERDITION=yes

    POP3=no

    POP3S=no

    IMAP4=no

    IMAP4S=yes

##/usr/etc/perdition/perdition_imap4s.conf##

    (All left default except following options:)

    connection_logging

    debug

    listen_port 143

    map_library /usr/lib/libperditiondb_ldap.so.0

    map_library_opt "ldap:<redacted>"

    ok_line Connected to perdition IMAP proxy.

    protocol IMAP4S

    outgoing_port 143

    pid_file /var/run/perdition/perdition.imap4s.pid

    timeout 60

    ssl_mode tls_all

    ssl_ca_file /etc/pki/tls/certs/ca.crt

    ssl_ca_accept_self_signed

    ssl_cert_file /etc/pki/tls/private/host_perdition.crt

    ssl_cert_accept_self_signed

    ssl_key_file /etc/pki/tls/private/host_perdition.key

Thanks in advance for any help, I’ve spent a good amount of time stuck on this issue.

Steven Kelbley

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Steve Campbell | 8 Jul 17:43 2014

I need to know what this error is telling me

new installation of perdition. I use the same file and content on my 
popmap as I do on a working production server.

I see in my maillogs the following error:

Fatal Error reading authentication information from client 
127.0.0.1:43557->127.0.0.1:143: Exiting child

It seems that perdition can't read my popmap file to get the redirection 
to the imap server.

Can someone explain what the message is really telling me, please?

Thanks

steve campbell
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users


Gmane