CJ,
Virtual hosts (yes, 5 domains on 1 server),
SNI (I don't think so, I'm not really sure what it is???),
openssl-0.9.8e-12.el5_4.6 (yes) (i386 and x86_64),
gnutls-1.4.1-3.el5_4.8 (yes) (i386 and x86_64).
Eric
-----Original Message-----
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL's
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Quoting Eric Broch <ebr...@whitehorsetc.com>:
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-----Original Message-----
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch <ebr...@whitehorsetc.com>:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the webmail suffix where I am not. I am trying to
get mail.myserver.com to work using SNI. I should be able to have
multiple virtual servers using https and I cannot get it to work.
I think part of the problem is openssl 0.9.8e SNI requires f and
newer. I upgraded on my test server, but I'm still having problems
getting it to work correctly.
I'll figure it out, it's just frustrating when you read the
documentation and it doesn't quite work that way. Then where do
you start to troubleshoot.
Quoting Eric Shubert <e...@shubes.net>:
I'm not saying that ErrorDocument won't work, just that it's a bit
of a hack.
The conventional way (and 'better' for a number of reasons) is to
use the RewriteEngine. I seem to recall that there's a way to turn
on logging for the rewrite engine if you're having a problem with
it.
Here's the RewriteRule I'm presently using:
RewriteRule ^/(webmail.*)$ https://%{SERVER_NAME}/$1 [R=301,L]
Upon closer examination, I see that
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
appears to be missing a period after webmail. I believe that it should
be:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
Subtle, but big difference. I believe this would work, the same as
the one I'm using above.
--
-Eric 'shubes'
Maxwell Smart wrote:
That's exactly where I am having problems and that's the only way
I can get it to work. If I have the welcome.conf enabled it goes
to the apache welcome page instead of redirecting and the log
file says failed, reason: SSL connection required. If I disable
the welcome.conf and include the Error 403 line it works. I was
just testing it with the variable when I received this e
mail.Quoting Eric Shubert <e...@shubes.net>:
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace
this in your squirrelmail.conf file.
<Directory /usr/share/squirrelmail>
Options None
Order allow,deny
allow from all
</Directory>
with this
<Directory "/usr/share/squirrelmail">
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1 [L,R]
allow from all
Options
SSLRequireSSL
ErrorDocument 403 "https://your.server.com/webmail/";
</Directory>
You will need to change the your.server.com to your server name.
CJ
You shouldn't need the ErrorDocument line.
In addision, if you were to use that hack, it'd be better to use
the %{SERVER_NAME} variable instead of hard coding your domain
name.
--
-Eric 'shubes'
----------------------------------------------------------------------------
----- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
----- Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
http://yother.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
----------------------------------------------------------------------------
----- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
----- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
----- Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
http://yother.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
----------------------------------------------------------------------------
----- Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
----- Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
I don't use the redirect in the squirrelmail config file but in the
apache config file using virtual hosting. You might give this a try
<VirtualHost *:80>
ServerName www.whitehorsetc.com
ServerAlias whitehorsetc.com
ServerAdmin postmas...@whitehorsetc.com
DocumentRoot /var/www/html
#
RewriteEngine On
#
RewriteLog "/var/log/httpd/whitehorsetc.com-rewrite_log"
RewriteLogLevel 9
#
RewriteCond %{REQUEST_URI} =/webmail/ [OR]
RewriteCond %{REQUEST_URI} =/webmail [OR]
RewriteCond %{REQUEST_URI} =/webmail/src/right_main.php
RewriteRule ^(.*)$ https://www.whitehorsetc.com$1 [R=301,L]
#
RewriteCond %{HTTP_HOST} !^www\.whitehorsetc\.com [NC]
RewriteRule ^(.*)$ http://www.whitehorsetc.com$1 [R=301,L]
#
ErrorLog logs/whitehorsetc.com-error_log
CustomLog logs/whitehorsetc.com-access_log common
</VirtualHost>
Eric
----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
http://yother.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
Cecil Yother, Jr. "cj"
cj's
2318 Clement Ave
Alameda, CA 94501
tel 510.865.2787
http://yother.com
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
----------------------------------------------------------------------------
-----
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
----------------------------------------------------------------------------
-----
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
