Perdition Users Mailing List ()

Mark Hamilton | 6 Apr 2013 21:23

Perdition log_passwd fail not working

I have been using an older version of perdition for a while now with no 
issues.  I am going to be upgrading the server running the proxy.  I 
installed a clean Centos 6.4 on a new machine.  I put in the repo for 
perdition and installed it.  After a couple of config file tweaks to add 
mysql, ssl etc I launced it and it worked fine right out of the shoots.

My problem is we use the log_passwd fail to help our users when they are 
messing up their password.  It has worked great on the older version of 
perdition.  On this version we don't seem to get the bad password logged 
even with log_passwd fail in the config file.  I am sure I am just 
missing something somewhere.  Is it logged to a different log level or 
something like that?

Current version: Logging failed password fine
   Perdition = 1.17
   OS = Slackware 9.1.0

New version: Not logging failed passwords
   Perdition = 1.19-rc5
   OS = Centos 6.4

Thanks for any help.

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

Christian Balzer | 28 Mar 2013 08:00

Multiple SSL certificates based on IP (or other rules)


Hello,

I'm pretty sure neither Perdition nor Dovecot can use SSL certificates
based on which IP address the connection is received on, right?

Of course firing up multiple instances of Perdition with separate config
files binding them to their respective IPs is possible, but lacks a bit of
elegance. And of course requires hacking/adding startup scripts, which in
turn has the tendency to bite ones behind when it comes to installing
security fix packages or entirely new versions. I'm not even sure
if /var/run would be only place where multiple Perdition instances would
step onto each others toes.

Regards,

Christian
--

-- 
Christian Balzer        Network/Systems Engineer                
chibi <at> gol.com   	Global OnLine Japan/Fusion Communications
http://www.gol.com/
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

Josh Coombs | 25 Mar 2013 22:23

Adding complexity to an existing deployment

I've got an existing Perdition proxy that I need to clone, and layer
on some more complexity to.

The existing setup uses a simple regex setup to farm incoming
connections to different servers based on username.

Conf:
map_library /usr/local/lib/libperditiondb_posix_regex.so.0
inetd_mode

popmap.re
^[0-9]: num.mail.domain.com
^[a,A]: a.mail.domain.com
^[b,B]: b.mail.domain.com

etc, etc

Users login with just a username, no domain info is present in their
login.  The mailservers they're directed to don't expect domain info
in the login.

What I've been asked to do on the new server is to require users to
login as user <at> domain.com and I have to bolt in support for a couple
dedicated subdomains.

My current conf:

map_library /usr/local/lib/libperditiondb_posix_regex.so.0
S remote_login

(Continue reading)

headers

Christian Schoepplein | 22 Feb 2013 14:09

Using more than one auth backend with perdition?

Hi,

is it possible to use both gdbm and mysql as map library on a single 
perdition instance? I have user data stored in a mysql database and also 
in a popmap file and I want to be able to use both backends.

Thanks and regards from Munich,

  Christian

-- 
Christian Schöpplein

Landeshauptstadt München
Referat fuer Bildung und Sport
Zentrum für Informationstechnologie im Bildungsbereich (ZIB)
- Netze und Servermanagement

Postanschrift:				Büroanschrift:

Landeshauptstadt München		Landeshauptstadt München
Referat fuer Bildung und Sport		Referat fuer Bildung und Sport
Postfach				Bayerstr. 28 (Raum 5328)

80313 München				80335 München

T: +49 (0)89 233-87735 			F: +49 (0)89 233-42951
E: christian (at) musin.de		I: http://www.zib.musin.de

(Continue reading)

headers

Marco | 22 Jan 2013 16:05

STARTTLS ip based

Hello perdition users!

I really appreciate Perdition, works great also in large environment!

I see that Perdition supports STARTTLS/STLS to manage secure connections. In my
network I would like separate "good" ips and "bad" ips, where "good" can
establish a clear connection (tls_listen), and "bad" must starttls
(tls_listen_force), all on the same perdition server.

Is this possible?

It would be very useful for me if ssl_mode could be user based (for instance set
on LDAP profile of the account).
Otherwise, it could be very useful a behaviour like Postfix: local networks can
connect without encryption, and other must use STARTTLS.

Thanks a lots
Best Regards
Marco

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

Theodotos Andreou | 22 Jan 2013 15:56

tls_listen does not work MQID:02322413

Hi to all, I have a strange problem when I use perdition as a pop3s proxy on port 995. When ssl_listen is enabled it works just fine. When I switch the config to tls_listen the connection are dropped (but the port is in fact open and service running) Connecting with s_client I get: $ openssl s_client -connect pop.example.com:995 CONNECTED(00000003) 140123974153888:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:749: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 226 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Some excerpt from the logs with tls_listen active: Jan 22 16:29:47 mypopproxy perdition.pop3s[29639]: Connect: 125.139.6.45:33798->192.168.59.100:995 Jan 22 16:29:50 mypopproxy perdition.pop3s[29639]: token_read: token_fill_buffer Jan 22 16:29:50 mypopproxy perdition.pop3s[29639]: read_line: token_read Jan 22 16:29:50 mypopproxy perdition.pop3s[29639]: pop3_in_get_auth: read_line Jan 22 16:29:50 mypopproxy perdition.pop3s[29639]: main: protocol->in_get_auth Jan 22 16:29:50 mypopproxy perdition.pop3s[29639]: Fatal Error reading authentication information from client 176.139.6.45 :33798->192.168.59.100:995: Exiting child With ssl_listen active: Jan 22 16:37:15 mypopproxy perdition.pop3s[29677]: Connect: 125.139.6.45:38816->192.168.59.100:995 Jan 22 16:37:15 mypopproxy perdition.pop3s[29677]: SSL connection using CAMELLIA256-SHA Jan 22 16:37:15 mypopproxy perdition.pop3s[29677]: username_add_domain: username_add_domain 0 1 Jan 22 16:37:15 mypopproxy perdition.pop3s[29677]: getserver: do_dbserver_get Jan 22 16:37:15 mypopproxy perdition.pop3s[29677]: username_add_domain: username_add_domain 0 4 Jan 22 16:37:16 mypopproxy perdition.pop3s[29677]: Auth: 125.139.6.45:38816->192.168.59.100:995 client-secure=ssl author isation_id=NONE authentication_id="user <at> example.com" server="192.168.59.100:110" protocol=POP3S server-secure=plaintext status ="ok" Jan 22 16:37:17 mypoproxy perdition.pop3s[29677]: Closing session: 125.139.6.45:38816->192.168.59.100:995 authorisation _id=NONE authentication_id="user <at> example.com" received=32 sent=2782 My config: /etc/perdition/perdition.pop3s.conf outgoing_server 192.168.59.50 listen_port 995 outgoing_port 110 log_facility mail no_lookup debug timeout 40 pop_capability "CAPA.UIDL.USER.TOP.RESP-CODES.PIPELINING.STLS" pid_file /var/run/perdition.pop3s/perdition.pop3s.pid #ssl_mode ssl_listen ssl_mode tls_listen ssl_cert_file /path/to/cert ssl_key_file /path/to/key I am using perdition version: 1.19~rc4-4build1 downloaded on a 64 bit ubuntu 12.04, from official ubuntu repositories Any idea what I am missing?

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

David Severance | 11 Jan 2013 19:36

problems compiling vanessa_adt-0.0.9 in 64 bits

I get the following error compiling on RHEL/CentOS 5.9 on my 64 bit dev 
host...

> CC dynamic_array.lo
> dynamic_array.c: In function ‘vanessa_dynamic_array_split_str_to_int’:
> dynamic_array.c:556: warning: cast to pointer from integer of 
> different size
> dynamic_array.c:565: warning: cast to pointer from integer of 
> different size

This error does not occur my 32 bit dev host. Can this be safely ignored 
or is there a 32/64 mismatch problem that needs to be fixed?

thanks,
David

--

-- 
David Severance
Enterprise Unix Services
Office of Information Technology
(949) 824-7552
sev <at> uci.edu

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

Nicolás Valera | 19 Dec 2012 14:07

ssl verification problem


Hi all.

We have a problem configuring Perdition in a way to handle properly the
SSL verification path.
In our scenario we have 3 certificates, ours, intermediate and root. We
configure the option ssl_cachain_file pointing to a file with the 3
concatenated and does not work. Then we've configured ssl_cert file
pointing to our certificate, ssl_ca to the intermediate and ssl_ca_path
to the directory containing root and it does not work too.
The option ssl_key_file is pointing to the file containing our's
certificate private key.

Any ideas?
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

Arun Gupta | 12 Oct 2012 14:37

Regarding perdition with SMTP-AUTH


Hi,

I am using perdition for IMAP authentication for differen IMAP servers 
located in different location, I don't want to use pop-before-smtp 
program, can we use SMTP-AUTH , if yes how it works if users are located 
on different different location.

Thanks & Regards,

Arun Kumar Gupta
INDIA

-------------------------------------------------------------------------------------------------------------------------------

This e-mail is for the sole use of the intended recipient(s) and may
contain confidential and privileged information. If you are not the
intended recipient, please contact the sender by reply e-mail and destroy
all copies and the original message. Any unauthorized review, use,
disclosure, dissemination, forwarding, printing or copying of this email
is strictly prohibited and appropriate legal action will be taken.
-------------------------------------------------------------------------------------------------------------------------------

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

Javier de Miguel Rodríguez | 10 Oct 2012 17:24

Question about "user agent" & perdition log files

Hello

We would like to see the user-agent (MUA) of the imap connections. For example, If I see detailed information of connections in gmail I see:

"name: iPhone Mail"
"os: iOS"
"os-version: 6.0 (10A403)"
"version: 10A403"

IMAP (Thunderbird) ocultar detalles ID de cliente (sin verificar):
"name: Thunderbird"
"version: 15.0.1"

How can we accomplish the same with perdition?

Regards

Javier

-- -- Apoyo a la docencia e investigación Universidad de Sevilla

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

headers

yogeen honnavar | 10 Sep 2012 18:31

access control based on Client IP

Hello users,

We are using perdition along with LDAP. We have defined an LDAP filter for allowing access to IMAP. This is working fine.

We have a new requirement i.e to allow access from our trusted IP's (our own servers) without applying the LDAP filter. But for access from all other IP's the LDAP filter should be applied.

Please let us know if this is possible ? If so, how to accomplish this ?

regards

-yogeen honnavar

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

4	April 2013
3	March 2013
3	February 2013
16	January 2013
7	December 2012
3	October 2012
1	September 2012
6	August 2012
9	July 2012
2	June 2012
1	May 2012
1	April 2012
9	March 2012
8	February 2012
3	January 2012
11	December 2011
5	November 2011
3	October 2011
2	September 2011
8	August 2011
5	July 2011
6	June 2011
6	May 2011
20	April 2011
11	March 2011
18	February 2011
8	January 2011
14	December 2010
14	November 2010
23	October 2010
15	September 2010
26	August 2010
50	July 2010
27	June 2010
14	May 2010
8	April 2010
14	March 2010
11	February 2010
4	January 2010
32	December 2009
20	November 2009
11	October 2009
27	September 2009
13	August 2009
9	July 2009
7	June 2009
5	May 2009
8	April 2009
2	March 2009
11	February 2009
29	January 2009
36	December 2008
3	November 2008
7	October 2008
9	September 2008
17	August 2008
12	July 2008
7	June 2008
1	May 2008
6	April 2008
2	February 2008
7	January 2008
9	December 2007
19	November 2007
9	October 2007
27	September 2007
11	August 2007
3	July 2007
11	June 2007
15	May 2007
15	April 2007
2	March 2007
8	February 2007
2	January 2007
18	December 2006
9	November 2006
4	October 2006
5	September 2006
11	August 2006
15	July 2006
15	June 2006
25	May 2006
9	April 2006
22	March 2006
54	February 2006
14	January 2006
27	December 2005
22	November 2005
17	October 2005
15	September 2005
44	August 2005
55	July 2005
34	June 2005
21	May 2005
14	April 2005
12	March 2005
20	February 2005
19	January 2005
43	December 2004
29	November 2004
15	October 2004
33	September 2004
30	August 2004
18	July 2004
39	June 2004
28	May 2004
58	April 2004
41	March 2004
50	February 2004
60	January 2004
39	December 2003
31	November 2003
29	October 2003
22	September 2003
10	August 2003

Mon	Tue	Wed	Thu	Fri	Sat	Sun

					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30