/
example2.com/webmail redirects to https://www.example2.com/webmail/
And so on...
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Saturday, June 05, 2010 9:35 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
OK, when I meant
to https://www.example2.com/webmail/
And so on...
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Saturday, June 05, 2010 9:35 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
OK, when I meant TLD I meant example.com
CJ,
Can one use an IP certificate for a 'name' based virtual domain?
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Sunday, June 06, 2010 2:41 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
OK, that makes sense
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS spec.
--
-Eric 'shubes'
Scott Hughes wrote:
From the comments in httpd.conf:
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used,
Eric S.,
Yes! I didn't think it was possible. Has anyone gotten NSI to work?
Eric B.
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Sunday, June 06, 2010 8:07 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Webmail SSL
Right. This is what
Scott Hughes wrote:
Gottcha. Where can one look at this? I can't seem to find it via
Google. o.O
On 6/6/10 9:06 PM, Eric Shubert wrote:
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS spec.
Oops. That's SNI. CJ posted this
On 6/6/10 10:00 PM, Eric Shubert wrote:
Scott Hughes wrote:
Gottcha. Where can one look at this? I can't seem to find it via
Google. o.O
On 6/6/10 9:06 PM, Eric Shubert wrote:
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS
: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 4:43 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
@Eric Broch
So are all of your current secure sites subdomains? ie
https://www.example.com/example or TLD https://www.example.com
my
clients were simply adding an exception when going into webmail for a
particular sub-domain.
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 4:43 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Brochebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for each top
Maxwell Smart wrote:
Eric,
Have you been successful in securing more than one site?
CJ
Yes, and no.
Yes to the extent of SSL/TLS limitations w/out SNI.
Otherwise no.
--
-Eric 'shubes'
-
Qmailtoaster is
, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work
, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch ebr...@whitehorsetc.com:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I
: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine
AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use
past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To:qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric
-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure
here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes
- Original Message -
From: Maxwell Smart c...@yother.com
To: qmailtoaster-list@qmailtoaster.com
Sent: Wednesday, June 02, 2010 3:59 PM
Subject: Re: [qmailtoaster] Re: Webmail SSL
Post your httpd.conf file or mail it off list.
On 06/02/2010 02:38 PM, sysadmin wrote:
Sorry for the delay, been
: Maxwell Smart c...@yother.com
To: qmailtoaster-list@qmailtoaster.com
Sent: Wednesday, June 02, 2010 3:59 PM
Subject: Re: [qmailtoaster] Re: Webmail SSL
Post your httpd.conf file or mail it off list.
On 06/02/2010 02:38 PM, sysadmin wrote:
Sorry for the delay, been away from the office:
I can
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace this in
your squirrelmail.conf file.
Directory /usr/share/squirrelmail
Options None
Order allow,deny
allow from all
/Directory
with this
Directory /usr/share/squirrelmail
RewriteEngine on
That's exactly where I am having problems and that's the only way I
can get it to work. If I have the welcome.conf enabled it goes to the
apache welcome page instead of redirecting and the log file says
failed, reason: SSL connection required. If I disable the
welcome.conf and include
I'm not saying that ErrorDocument won't work, just that it's a bit of a
hack.
The conventional way (and 'better' for a number of reasons) is to use
the RewriteEngine. I seem to recall that there's a way to turn on
logging for the rewrite engine if you're having a problem with it.
Here's the
It doesn't work with the variable either. Quoting Maxwell Smart
c...@yother.com:
That's exactly where I am having problems and that's the only way I
can get it to work. If I have the welcome.conf enabled it goes to
the apache welcome page instead of redirecting and the log file says
I realize that it's a bit of a hack and I don't like it, but I cannot
get it to work correctly otherwise. I just tried your config and it
didn't work either.
You are using the webmail suffix where I am not. I am trying to get
mail.myserver.com to work using SNI. I should be able to have
/httpd/conf/qcontrol.conf
- Original Message - From: Maxwell Smart c...@yother.com
To: qmailtoaster-list@qmailtoaster.com
Sent: Wednesday, June 02, 2010 3:59 PM
Subject: Re: [qmailtoaster] Re: Webmail SSL
Post your httpd.conf file or mail it off list.
On 06/02/2010 02:38 PM, sysadmin
Nothing much out of the ordinary. I have a few hosts that rewrite is
working on.
For some reason the rewrite isn't working for you.
I think you're missing a '.' after 'webmail', as in:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
--
-Eric 'shubes'
sysadmin wrote:
Hi Maxwell
Yes, I am using Virtual hosts. I'll need to play with it more and
I'll report back.
My re direct issue is actually caused by the certificate it expects to
see at http://mail.myserver.com re directing to
https://mail.myserver.com If I go to http://mail.myserver.com/webmail
it works
Scott Hughes wrote:
I'm using the SSLRequireSSL / ErrorDocument 406 setup on my system for
my regular webmail and the new horde install I have and both are working
great.
Scott
That's nice to know, Scott.
I just want to be sure that people realize that the ErrorDocument
technique is a
- Original Message -
*From:* Scott Hughes mailto:sonicscott9...@gmail.com
*To:* qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
*Sent:* Friday, May 28, 2010 10:18 PM
*Subject:* Re: [qmailtoaster] Re: Webmail SSL
CJ,
Yes, those two
To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, May 28, 2010 11:27 PM
Subject: [qmailtoaster] Re: Webmail SSL
Are you using VirtualHost definitions in apache? If so, see
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts
Will you post the mod_rewrite commands you were using
^(.*)$
https://mydominname.com/webmail/$1 [R,L]it does not work, i did try others
but cannot remember which
- Original Message - From: Eric Shubert e...@shubes.net
To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, May 28, 2010 11:27 PM
Subject: [qmailtoaster] Re: Webmail SSL
Are you using
*To:* qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
*Sent:* Friday, May 28, 2010 10:18 PM
*Subject:* Re: [qmailtoaster] Re: Webmail SSL
CJ,
Yes, those two directives are doing what I need them to do. Thanks!
Scott
On May 28, 2010
I have set up the Rewrite as suggested, but it does not redirect from
http to https is only says forbidden. I can create a 403 redirect, but
would rather set it up as a simple redirect. How is this done?
While this will work for one domain or if the user knows that the master
domain is the one
Maxwell Smart wrote:
I have set up the Rewrite as suggested, but it does not redirect from
http to https is only says forbidden. I can create a 403 redirect, but
would rather set it up as a simple redirect. How is this done?
Hmmm. I have one host where this is working, but I just checked
On 05/28/2010 09:52 AM, Eric Shubert wrote:
Maxwell Smart wrote:
I have set up the Rewrite as suggested, but it does not redirect from
http to https is only says forbidden. I can create a 403 redirect, but
would rather set it up as a simple redirect. How is this done?
Hmmm. I have one
Maxwell Smart wrote:
On 05/28/2010 09:52 AM, Eric Shubert wrote:
Maxwell Smart wrote:
While this will work for one domain or if the user knows that the master
domain is the one he is receiving the certificate for. Has anyone set
it up either using ssl or gnutls to have each virtual domain
CJ / Eric,
How does one set up a redirect so that people automatically go to the
secure area? My SSL setup is working, but only if I go directly there
(https://mail.SERVERNAME.net). If I just do 'mail.SERVERNAME.net, it
goes to the non-secure page.
My setup is as follows:
I have a symlink
You could just do some sort of redirect for that domain IE with PHP or even
javascript (but replies on hte browser then).
On 2010-05-28, at 4:27 PM, Scott Hughes wrote:
CJ / Eric,
How does one set up a redirect so that people automatically go to the secure
area? My SSL setup is
Add these two lines to the virtual server.
SSLRequireSSL
ErrorDocument 403 https://mail.servername.net
There is a way to do a simple redirect, but I haven't played with it
and can't seem to get it to work as desired. I am told it has to do
with timeout. You set the META to timeout and
CJ,
I'm not getting any 403 errors. Would this still apply? I'm just
looking to make it so that when one of my users goes to
mail.SERVERNAME.net' they get the SSL pages.
Thanks,
Scott
On 5/28/10 6:50 PM, Maxwell Smart wrote:
Add these two lines to the virtual server.
SSLRequireSSL
I'm working on the redirect (flip from http to https). I have it working
on one server, but not another. Trying to figure out why. I'll be sure
to post a solution when I figure it out.
AFA the default location goes, what you've done is ok, so long as nobody
will ever go anywhere besides
I like that, Scott. Just keep in mind, you're talking about 2 separate
things. The default page is one thing, and http-https redirection is
another. I suppose redirection could be used for the default page, that
would be unconventional, and more complicated than need be.
Scott Hughes wrote:
When you include SSLRequireSSL and it's not an SSL connection it will
give an error 403, using the ErrorDocument 403
https://mail.servername.net include it will then redirect the page to
the https page.
On 05/28/2010 06:26 PM, Scott Hughes wrote:
CJ,
I'm not getting any 403 errors. Would this
Thanks Eric - It should be noted that I have my DNS MX record set to
point simply to 'mail.SERVERNAME.net' for all of the domains instead of
worrying about smtp.SERVERNAME.net, pop.SERVERNAME.net,
imap.SERVERNAME.net, etc.
So if a user types into their browser 'mail.SERVERNAME.net' they are
CJ,
I don't use virtual hosts on this server. While this QMT server does
handle several domains, I have everyone pointed to the main domain name
to access their mail (webmail and mail clients). In addition to keeping
all the settings the same, I can get away with only needing one SSL
Ok, I think I found the problem. Does
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts
apply to you? It fixed the problem for me. :)
Maxwell Smart wrote:
I have set up the Rewrite as suggested, but it does not redirect from
http to https is only says forbidden. I can create a 403
I'm not sure there is a best place. You might want create your own
/etc/httpd/conf.d/mydomain.conf file and put them in there. Any *.conf
file in conf.d is included automatically.
Scott, given the way that you have rigged webmail, how do you get to
qmailadmin (and admin-toaster, etc)?
--
Scott Hughes wrote:
Thanks Eric - It should be noted that I have my DNS MX record set to
point simply to 'mail.SERVERNAME.net' for all of the domains instead of
worrying about smtp.SERVERNAME.net, pop.SERVERNAME.net,
imap.SERVERNAME.net, etc.
I think that's fine, so long as you don't expect
I get to those by typing: www.SERVERNAME.net/admin-toaster (or
/qcontrol or /qmailadmin).
Those work just fine. It's the 'mail' on the front that is messing me up.
Scott
On 5/28/10 9:30 PM, Eric Shubert wrote:
I'm not sure there is a best place. You might want create your own
Also, I can still get to the webmail by using the standard
'www.SERVERNAME.net/webmail'. In this case, it does go to the SSL page
via the SSLREQUIRESSL and the 403 https://mail.SERVERNAME.net/ directives.
Scott
On 5/28/10 9:30 PM, Eric Shubert wrote:
I'm not sure there is a best place.
I see now. The aliases aren't relative to the root, so the fact that you
changed the root doesn't matter.
I think I'd try using the DirectoryIndex none the less. I think it's a
little cleaner, and more conventional. Although your work-around is
certainly clever. ;)
--
-Eric 'shubes'
Scott
Scott,
It sounds like you handle multiple domains, but only in a mail
environment. In my case I have used the QMTISO as a base to my
webservers. It has been an excellent base.
You can put those in the httpd.conf file or as Eric suggested in a
.conf file in your conf.d folder.
Also, I can
- Original Message -
From: Scott Hughes
To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, May 28, 2010 10:18 PM
Subject: Re: [qmailtoaster] Re: Webmail SSL
CJ,
Yes, those two directives are doing what I need them to do. Thanks!
Scott
On May 28, 2010, at 11:12 PM
- Original Message -
*From:* Scott Hughes mailto:sonicscott9...@gmail.com
*To:* qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
*Sent:* Friday, May 28, 2010 10:18 PM
*Subject:* Re: [qmailtoaster] Re: Webmail SSL
CJ,
Yes, those
Scott Hughes wrote:
Does anyone happen to know if there is a wiki entry for securing
SquirrelMail using SSL? I'm looking but I'm not finding it.
Thanks,
Scott
http://wiki.qmailtoaster.com/index.php/Certificate briefly mentions that
you can use the cert for apache. That page could really
Thanks for the reply Eric. I'm attempting to tighten down the server a
bit. Every little bit helps these days!
BTW, I don't recall starting any 'SM' page. Care to share the link? My age
could be catching up with me! EEK!
Scott
On Thu, May 27, 2010 at 1:28 PM, Eric Shubert e...@shubes.net
I just assumed it was you. I should've checked.
The link is
http://wiki.qmailtoaster.com/index.php/Configuration#SquirrelMail
Click on the red SquirrelMail link on that page to create it.
Thanks.
--
-Eric 'shubes'
Scott Hughes wrote:
Thanks for the reply Eric. I'm attempting to tighten
60 matches
Mail list logo