On 7.3.2011, at 22.35, Timo Sirainen wrote:
> (Why do I think I've heard about this bug before? Or at least the same type
> of way to exploit it? Maybe there was another similarly exploitable bug.)
Oh, found it. Also from Wietse:
http://www.porcupine.org/postfix-mirror/smtp-renegotiate.pdf
http://marc.info/?l=postfix-users&m=129952854117623&w=2
Dovecot doesn't have this bug. It discards all buffered data when STARTTLS
command runs.
(Why do I think I've heard about this bug before? Or at least the same type of
way to exploit it? Maybe there was another similarly exploitable bug.)
Hi Timo,
From other server:
gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...
- Simple Client Mode:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
9 starttls
9 OK Begin TLS
Hi Timo again,
It works right now, but only in command line approach:
gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...
- Simple Client Mode:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5
On Wed, 2011-02-02 at 22:47 +0100, Lucas -LandM- wrote:
> Same error:
> gnutls-cli --starttls -p 143 ip
> Resolving 'ip'...
> Connecting to 'ip:143'...
>
> - Simple Client Mode:
>
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=C
Hi Tio,
Thank you very much for your quick answer.
Same error:
gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip:143'...
- Simple Client Mode:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot
On Wed, 2011-02-02 at 21:28 +0100, Lucas -LandM- wrote:
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
> IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
> *** Starting TLS handshake
You're starting it too early. Give "x starttls" command first.
Hi,
We try to configure dovecot as usual (all our servers have
dovecot+vpopmail+qmail or postfix).
We set up dovecot with the next outcome:
- imap ok
- imaps ok
- imap STARTTLS NOT OK
Debug:
root@s13:/home/lucas# gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip'...
- Si
On Tue, May 25, 2010 at 16:31, Jerrale Gayle
wrote:
> The openssl client will connect you in plain text to your imap server where
> you can manually do login (AUTH LOGIN) and browse through your imap folders
> just like you use your SSH shell. This is a sufficient enough test. Refer
> here, after
On 5/24/2010 6:13 PM, Pascal Volk wrote:
On 05/25/2010 12:03 AM Phil Howard wrote:
I would be looking for components in languages I know (C a lot and
Pike some) or am learning (Python).
Python's standard library provides all you need:
- http://docs.python.org/library/poplib.html
On Mon, May 24, 2010 at 18:13, Pascal Volk
wrote:
> On 05/25/2010 12:03 AM Phil Howard wrote:
>> I would be looking for components in languages I know (C a lot and
>> Pike some) or am learning (Python).
>
> Python's standard library provides all you need:
> - http://docs.python.org/library/popl
On 05/25/2010 12:03 AM Phil Howard wrote:
> I would be looking for components in languages I know (C a lot and
> Pike some) or am learning (Python).
Python's standard library provides all you need:
- http://docs.python.org/library/poplib.html
- http://docs.python.org/library/imaplib.html
On Mon, May 24, 2010 at 17:59, Ken A wrote:
>
> Mail::POP3Client works pretty well.
> Net::IMAP::Simple looks easy too, but I've not used it.
> Ken
>
>
>>
>> At some point I think I need to learn the OpenSSL library API for C so
>> I can write some command line tool apps of my own with it (now we'
On 5/24/2010 4:46 PM, Phil Howard wrote:
On Mon, May 24, 2010 at 17:31, Mike Abbott wrote:
Well, that kinda complicates a "STARTTLS tunnel"
Perhaps you might be interested in these commands. I'm not sure about their
portability but they work tolerably well in scripts on Mac OS X 10.6.
$
On Mon, May 24, 2010 at 17:31, Mike Abbott wrote:
>> Well, that kinda complicates a "STARTTLS tunnel"
>
> Perhaps you might be interested in these commands. I'm not sure about their
> portability but they work tolerably well in scripts on Mac OS X 10.6.
>
> $ openssl s_client -connect yourhost:i
> Well, that kinda complicates a "STARTTLS tunnel"
Perhaps you might be interested in these commands. I'm not sure about their
portability but they work tolerably well in scripts on Mac OS X 10.6.
$ openssl s_client -connect yourhost:imap -starttls imap
$ openssl s_client -connect yourhost:pop3
On Mon, May 24, 2010 at 11:49, Mike Abbott wrote:
>> Anyway, with the tag it does work on IMAP. But it still fails on POP
>
> For POP3 the command is STLS.
>
Well, that kinda complicates a "STARTTLS tunnel" :-) ... I was
thinking of trying to do that to address some issues.
OK, well, put the em
> Anyway, with the tag it does work on IMAP. But it still fails on POP
For POP3 the command is STLS.
On Mon, May 24, 2010 at 11:31, Mike Abbott wrote:
>> altair/phil /home/phil 162> telnet 172.30.0.24 143
>> Trying 172.30.0.24...
>> Connected to 172.30.0.24.
>> Escape character is '^]'.
>> * OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
>> UNSELECT LITERAL+ IDLE CHILDREN NAM
> altair/phil /home/phil 162> telnet 172.30.0.24 143
> Trying 172.30.0.24...
> Connected to 172.30.0.24.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
> UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS
> LIST-EXTENDED I18NLEVEL=
I believe I have the configuration set to use START TLS on IMAP4 (143)
and POP3 (110) ports. However, it does not seem to be working. Yet
"STARTTLS" is listed as a capability (which tells me I probably do
have it configured right).
In the session below, 172.30.0.24 is the mail server I'm putting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 30 Jul 2009, Рачков Сергей wrote:
A lot of thanks, Steffen!
My problem was a "Kaspersky Internet Security".
It has a "network traffic control" function and option "check SSL
connection", if this option checked - everything work, if not chec
regards, Sergey.
- Original Message -
From: "Steffen Kaiser"
To:
Sent: Wednesday, July 29, 2009 8:31 PM
Subject: Re: [Dovecot] STARTTLS problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 29 Jul 2009, Рачков Сергей wrote:
I have a problem with STARTTLS, with ima
On 7/29/2009, Matthias Andree (matthias.and...@gmx.de) wrote:
>> If its a Cisco PIX, diable the 'smtp fixup' crap that breaks smtp...
> What has the Cisco PIX "smtp fixup" feature got to do with IMAP STARTTLS?
Obviously, nothing... ;)
Sorry, wrong list (I'm on the postfix list and this is a comm
Charles Marcus schrieb:
> On 7/29/2009, Steffen Kaiser (skdove...@smail.inf.fh-brs.de) wrote:
>> Do you have a Cisco Firewall/IDS or a software firewall running
>> between your client and Dovecot? If so, try to disable it for a test.
>>
>> Some firewalls don't understand that after STARTTLS they ha
On 7/29/2009, Steffen Kaiser (skdove...@smail.inf.fh-brs.de) wrote:
> Do you have a Cisco Firewall/IDS or a software firewall running
> between your client and Dovecot? If so, try to disable it for a test.
>
> Some firewalls don't understand that after STARTTLS they have to stop
> listening / chec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 29 Jul 2009, Рачков Сергей wrote:
I have a problem with STARTTLS, with imaps all ok.
Do you have a Cisco Firewall/IDS or a software firewall running between
your client and Dovecot? If so, try to disable it for a test.
Some firewalls do
Hi
I have a problem with STARTTLS, with imaps all ok.
I have tried to connect to server with different clients (thunderbird, the
bat, mulberry) and had same result.
Thunderbird log for example:
0[284708]: 25c0e08:192.168.4.200:NA:SetupWithUrl: clearing
IMAP_CONNECTION_IS_OPEN
1920[25c77c8]:
Sokvantha Youk wrote:
> Dear ALL,
>
> Could you tell me how can i get starttls working with dovecot authentication
> via port 25?
>
> ---
> best regards,
> sokvantha
>
hello
here is a good starting point
http://www.debianadmin.com/debian-mail-server-setup-with-postfix-dovecot-sasl-squirrel-m
Dear ALL,
Could you tell me how can i get starttls working with dovecot authentication
via port 25?
---
best regards,
sokvantha
Make Yahoo!7 your homepage and win a trip to the Quiksilver Pro. Find out
more
30 matches
Mail list logo
