Dominique Marant | 1 Apr 09:30 2014
Picon
Picon

timeout connect process imap

Hi,

I see that I still have old imap connection process that I have to kill 
it manually.
...
nobody   28199  0.0  0.2  57972  2712 ?        S    Mar20   0:00 
perdition.imap4: connect (bilas)
nobody   29060  0.0  0.2  57872  2732 ?        S    Mar12   0:00 
perdition.imaps: connect (hoogsvon)
nobody   29684  0.0  0.2  57872  2716 ?        S    Mar07   0:00 
perdition.imaps: connect (dojo)
nobody   30241  0.0  0.2  57872  2716 ?        S    Mar05   0:00 
perdition.imaps: connect (dojo)
nobody   30877  0.0  0.2  57872  2712 ?        S    Mar11   0:00 
perdition.imaps: connect (tason)
...

Is it possible to automatically kill all imap processes "connect" older 
than x days?

My perdition.imap4s.conf:
timeout 60
authenticate_timeout 60

Is it possible to add a  parameter connect_timeout?

(I am currently in version 1.19-rc4)

Regards,

(Continue reading)

Christophe Carles | 14 Mar 11:26 2014
Picon

Fwd: Re: Failed to log client mail on Apple since 10.9.1


OK,

I used telnet to port 143 of cyrus.
The reply :
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS]
moncayo2.ibcg.biotoul.fr Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-12.el5_7.2
server ready

I have changed these settings in /etc/perdition/perdition.imap4s.conf :
imap_capability IMAP4 IMAP4REV1 LITERAL+ ID STARTTLS

And now it's OK with MAIL frome apple 10.9.2 and 10.9.1

Thank you for your help.

Regards,

Christophe

Le 13/03/2014 17:43, Marc Michele a écrit :
> Am 13.03.2014 17:21, schrieb Christophe Carles:
>> OK, where can I found more explication about it ? Especially for AUTH ?
> I use telnet to port 143 of cyrus to get imap capability string for my
> installation. To get more information i think you should read the rfcs
> for imap a good starting point is: http://tools.ietf.org/html/rfc3501
>
>>>> Which version of cyrus you use and on which distribution?
>> Cyrus 0.91 on Centos 5.10
> Serious, i think it should be at last 2.x
(Continue reading)

Christophe Carles | 13 Mar 14:47 2014
Picon

Failed to log client mail on Apple since 10.9.1

Hello,
I use perdition to make a mail-proxy for outside mails customers.
This work very well with most of software mails customers.
I set up this in order to make acces for smartphone and over tablets.

Recently, users reported me difficulties connecting with the e-mail software of Apple "MAIL".

J have made some test and i don't understand what it could be ?

The Os server : Centos 6.5
The version of perdition is  perdition-1.19rc5-3.7.x86_64
Installation from repos : http://download.opensuse.org/repositories/home:/horms:/perdition/CentOS_CentOS-6/

The perdition configuration  :
/etc/sysconfig/perdition :
RUN_PERDITION=yes POP3=no POP3S=no IMAP4=no IMAP4S=yes /etc/perdition/perdition.imap4s.conf bind_address 193.48.191.9 # adresse d'écoute du service connection_logging # On logue toutes les communications imap_capability IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR # On annonce la capacité imap aux clients protocol IMAP4S # protocole utilisé outgoing_port 993 ## Numero du port utilisé outgoing_server 0.0.0.0 # serveur de renvoie par défaut. On attribue un serveur par utilisateur. ssl_cert_file /etc/pki/tls/certs/ares.biotoul.fr.pem # chemin vers le certificat ssl_key_file /etc/pki/tls/private/ares.biotoul.fr.key # chemin vers la clé du certificat ssl_no_cert_verify # On ne vérifie pas la cryptographie inclus dans le certificat du backend ssl_no_cn_verify # On ne vérifie pas le nom inclus dans le CN du certificat du backend I use popmap for users in order to permit access :

/etc/perdition/popmap :
carles <at> biotoul.fr

Here are logs from client apple 10.9.2 (the last) with MAIL :

INITIATING CONNECTION Mar 13 11:39:11.381 host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x0 -- thread:0x61000047a240

CONNECTED Mar 13 11:39:11.442 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x61000047a240

READ Mar 13 11:39:11.443 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x61000047a240
* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg.biotoul.fr 0002abbf

WROTE Mar 13 11:39:11.445 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60000067c700
1.54 ID ("name" "Mac OS X Mail" "version" "7.2 (1874)" "os" "Mac OS X" "os-version" "10.9.2 (13C64)" "vendor" "Apple Inc.")

READ Mar 13 11:39:14.447 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
1.54 BAD Unrecognised command, mate

WROTE Mar 13 11:39:14.452 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
2.54 AUTHENTICATE PLAIN  (*** 32 bytes hidden ***)

READ Mar 13 11:39:17.455 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
2.54 BAD Mate, try AUTHENTICATE <mechanism>

WROTE Mar 13 11:39:17.459 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
3.54 AUTHENTICATE PLAIN ************************

READ Mar 13 11:39:20.462 [kCFStreamSocketSecurityLevelTLSv1_0] -- host:tourmalet.ibcg.biotoul.fr -- port:993 -- socket:0x6000002d9ec0 -- thread:0x60800066f8c0
3.54 BAD Mate, try AUTHENTICATE <mechanism>


And here are logs from server perdition :
 Starting perdition version=1.19-rc5 protocol=IMAP4S
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: add_domain="", authenticate_in=off, authenticate_timeout=1800, bind_address="192.168.12.2", client_server_sp
ecification=off, config_file="/etc/perdition/perdition.imap4s.conf", connection_limit=0, connection_logging=on, connect_relog=300, debug=on, domain_delimiter
=" <at> ", explicit_domain="", group="nobody", imap_capability="IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR", inetd_mode=off, listen_port="imaps", log_facility
="mail", log_passwd="never", login_disabled=off, lower_case="", managesieve_capability=""IMPLEMENTATION" "perdition"  "SIEVE" "comparator-i;octet comparator-
i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables
body enotify environment mailbox date"  "SASL" "PLAIN"  "NOTIFY" "mailto"  "VERSION" "1.19-rc5"", map_library="/usr/lib64/libperditiondb_gdbm.so.0", map_libr
ary_opt="", no_bind_banner=off, no_daemon=off, no_lookup=off, tcp_keepalive=off, nodename="tourmalet.ibcg.biotoul.fr", ok_line="You are so in", outgoing_port
="993", outgoing_server="0.0.0.0", pid_file="/var/run/perdition.imaps/perdition.imaps.pid", pop_capability="UIDL.USER", protocol="IMAP4S", server_resp_line=o
ff, strip_domain="", timeout=1800, username="nobody", username_from_database=off, query_key="", quiet=off (mask=0x00000028 00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2622]: ssl_mode="", ssl_ca_file="", ssl_ca_path="/etc/perdition/perdition.ca/", ssl_ca_accept_self_signed="off", ss
l_cert_file="/etc/pki/tls/certs/tourmalet.ibcg.biotoul.fr.pem", ssl_cert_accept_expired="off", ssl_cert_not_yet_valid="off", ssl_cert_self_signed="off", ssl_
cert_verify_depth=9, ssl_key_file="/etc/pki/tls/private/tourmalet.ibcg.biotoul.fr.key", ssl_listen_ciphers="", ssl_outgoing_ciphers="", ssl_no_cert_verify="o
n", ssl_no_client_cert_verify="off", ssl_no_cn_verify="on" ssl_passphrase_fd=0, ssl_passphrase_file="", (ssl_mask=0x00000000)
Mar 13 11:47:08 tourmalet perdition.imaps[2625]: vanessa_socket_daemon_setid: uid=99 euid=99 gid=99 egid=99
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: Connect:  192.168.8.10:49753->192.168.12.2:993
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SSL connection using AES128-SHA
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: SELF:   "* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:24 tourmalet perdition.imaps[2627]: CLIENT: "1.20 ID (\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: SELF:   "1.20 BAD Unrecognised command, mate\r\n"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: "2"
Mar 13 11:47:27 tourmalet perdition.imaps[2627]: CLIENT: ".20 AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: SELF:   "2.20 BAD Mate, try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: "3"
Mar 13 11:47:30 tourmalet perdition.imaps[2627]: CLIENT: ".20 AUTHENTICATE PLAIN AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: SELF:   "3.20 BAD Mate, try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: CLIENT: ""
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: token_read: token_fill_buffer
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: read_line: token_read
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: imap4_in_get_auth: read_imap4_line 1
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: main: protocol->in_get_auth
Mar 13 11:47:33 tourmalet perdition.imaps[2627]: Fatal Error reading authentication information from client 192.168.8.10:49753->192.168.12.2:993: Exiting chi
ld
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: Connect:  192.168.8.10:49754->192.168.12.2:993
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SSL connection using AES128-SHA
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: SELF:   "* OK [CAPABILITY IMAP4 IMAP4REV1 LITERAL+ ID AUTH=PLAIN SASL-IR] perdition ready on tourmalet.ibcg.
biotoul.fr 0002ab61\r\n"
Mar 13 11:47:36 tourmalet perdition.imaps[2628]: CLIENT: "1.21 ID (\"name\" \"Mac OS X Mail\" \"version\" \"7.2 (1874)\" \"os\" \"Mac OS X\" \"os-version\" \
"10.9.2 (13C64)\" \"vendor\" \"Apple Inc.\")\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: SELF:   "1.21 BAD Unrecognised command, mate\r\n"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: "2"
Mar 13 11:47:39 tourmalet perdition.imaps[2628]: CLIENT: ".21 AUTHENTICATE PLAIN YmlndWV0AGJpZ3VldABCYXkzMyFFczEw\r\n"
Mar 13 11:47:42 tourmalet perdition.imaps[2628]: SELF:   "2.21 BAD Mate, try AUTHENTICATE <mechanism>\r\n"
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: CLIENT: ""
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: token_read: token_fill_buffer
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: read_line: token_read
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: imap4_in_get_auth: read_imap4_line 1
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: main: protocol->in_get_auth
Mar 13 11:47:45 tourmalet perdition.imaps[2628]: Fatal Error reading authentication information from client 192.168.8.10:49754->192.168.12.2:993: Exiting chi
ld

I have made some tests with ssl_mode but no more access.

Is any one can have an idea ?

Thank you
-- Christophe Carles CNRS - LMGM Service Informatique Bât. IBCG 118, route de Narbonne 31062 Toulouse Cedex9 sinfo <at> ibcg.biotoul.fr Tél : 05.61.33.59.60 Fax : 05.61.33.58.86
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Andreas Bauer | 11 Mar 14:43 2014
Picon

Does Perdition Support TLSv1.1 and TLSv1.2


Hi all,

I was searching the web and the mailing list, but couldn’t find an answer on this question:

Does Perdition support TLS Version 1.1. and 1.2 for imaps?

I tested perdition 1.19-rc5, which is included in Debian 7.4.

It also includes "OpenSSL 1.0.1e 11 Feb 2013“ which does support it.

When scanning with „sslscan localhost:993“, I don’t get any matching cipher, even if I’ve added them to the „ssl_listen_ciphers“ like this:

ssl_listen_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS“


Thanks for your help!

Cheers
Andreas
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Julien Goodwin | 25 Feb 05:53 2014
Picon

IPv6 listen syntax

I've just upgraded my mail box to wheezy, and at the same time enabled
v6 on it, however I can't figure out what magic syntax is needed for
perdition to actual listen on v6.

The package in wheezy is 1.19~rc5-1+b1 which seems like it should have
v6 support, but it doesn't by default listen on v6, and with what seems
like the obvious setting:
bind_address 0.0.0.0,::

Fails to start.

Nowhere in the docs can I see any examples with v6 addresses, so I don't
know if it's perhaps expecting [::] style or something different.

Any pointers?

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Alan McGinlay | 20 Feb 14:03 2014
Picon
Picon

How to have plain, plain + starttls on port 143 AND ssl/tls on port 993?

Hi,

We have long supported clients using whatever encryption scheme they 
choose. I am trying to get perdition running with the same level of 
support but am unable to have it successfully listen on both port 143 
and 993 with STARTTLS and ssl/tls encryption.

ssl_mode used to allow ssl_* and / or tls_* but now it's only one or 
the other not both.

Been messing around for ages, please help!

/A
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

dkg | 7 Feb 07:19 2014
Picon

[PATCH] fix comment header for __perdition_ssl_log_certificate

# HG changeset patch
# User dkg <at> fifthhorseman.net
# Date 1391753933 18000
#      Fri Feb 07 01:18:53 2014 -0500
# Node ID 851c073386f8e660920439a32c5faf0211f3149c
# Parent  179fcc9a4fb8a4c6b207304db6e2c153388ce2b9
fix comment header for __perdition_ssl_log_certificate

diff -r 179fcc9a4fb8 -r 851c073386f8 perdition/ssl.c
--- a/perdition/ssl.c	Fri Feb 07 01:10:06 2014 -0500
+++ b/perdition/ssl.c	Fri Feb 07 01:18:53 2014 -0500
 <at>  <at>  -884,7 +884,7  <at>  <at> 

 
 /**********************************************************************
- * __perdition_ssl_check_certificate
+ * __perdition_ssl_log_certificate
  * Log the details of a certificate
  * pre: ssl: SSL object to log
  *      cert: certificate to log
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

dkg | 7 Feb 07:16 2014
Picon

[PATCH 0 of 3] normalize CA-loading behavior and configuration between incoming and outgoing

This series tries to make the configuration options symmetric and
predictable between incoming and outgoing connections, as mentioned in
Message-Id: 52F4719C.1020501 <at> fifthhorseman.net.

It may change the semantics for existing configurations, though!

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Daniel Kahn Gillmor | 7 Feb 05:59 2014
Picon

.dir-locals.el for perdition

hi perdition folks--

I'm an emacs user.  i know that's not to everyone's taste, but for those
of us who use emacs, it makes it easier to work on a source file without
modifying whitespace if the whitespace conventions are known to the One
True text editor :P

Placing the file below as .dir-locals.el in the root of the perdition
tree should make it easier for emacs users to contribute patches without
making accidental unnecessary whitespace changes:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; emacs local configuration settings for perdition source
;; surmised by dkg on 2013-10-24 09:42:45-0400

((c-mode
  (indent-tabs-mode . t)
  (tab-width . 4)
  (c-basic-offset . 4)
  (c-file-style . "linux"))
 )
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

happy hacking,

	--dkg

______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
Alan McGinlay - SICS | 6 Feb 11:00 2014
Picon
Picon

ssl on port 993 and plain / STARTTLS on port 143

Hi!

I have installed Perdition on a server which (will) sits between my 
mail server and mail gateway. Currently I am just running webmail via 
the proxy and it works really great but my plan is to change the imap 
CNAME to point to the proxy so that all connections from clients 
(thunderbird, iphone, etc) will go via the proxy as well.

I have tested this and most clients worked fine as long as they were 
using STARTTLS on port 143 or unencrypted connections (which won't be 
allowed in production) however users connecting on port 993 seem "stuck" 
to the real mailserver, I suspect it is some kind of SSL session thing.

Users connecting with STARTTLS immediately get a password prompt when 
the DNS change is dected by their computer but with SSL on port 993 the 
client fails to connect and / or sits there trying to connect 
indefinately. Restarting perdition or the real mail server doesn't 
change that behaviour.

The really weird thing is that it seemed to work for a handfull of 
clients. Also, when changing the DNS back, some clients then remain 
"stuck" to the proxy server instead (only port 993 users).

I am somewhat confused by the ssl_mode settings too. Advice would be 
seriously appreciated :)

/Alan

PS: same is true for POP on port 995.
PPS: The real server and the proxy have different certs, proxy has a 
real one whereas the imap server has a self signed.
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users

Simon Horman | 6 Feb 08:50 2014
Picon

[ANNOUNCE] perdition 2.1

Hi,

I'm happy to announce the release of perdition 2.1

This is a bugfix release.

Key changes since 2.0:

* Apply configured ciperhsuite preferences for outpand connections. This
  is a fix for for CVE-2013-4584.
* Use 1.0 as the managesieve version 

A full change log is provided by the Mercurial repository
http://hg.vergenet.net/perdition/perdition/

Perdition 2.1 and the vanessa libraries that it depends on
are available from:
http://horms.net/linux/perdition/download/2.1/
______________________________________________
Perdition-users mailing list
Perdition-users <at> vergenet.net
http://lists.vergenet.net/listinfo/perdition-users


Gmane