Oooh lala (I saw with my horrifically bad American accent). Can't wait to
try this out. As soon as I have, I will. Thanks for implementing this-
the likelihood of someone exploiting the weakness is almost nil, but it's a
risk nonetheless. Love that we're able to (optionally) close that now.
On Fri, May 22, 2015 at 7:35 AM, Thomas Eckardt <thomas.ecka...@thockar.com>
wrote:
> Ken , has you seen the new hidden variables in build 15141 ? They are
> still undocumented !!!
>
> # BlockReport security related
> our $BlockReportRequireSMIME = 0; # (0/1/2/3) 1 = users, 2 =
> admins, 3 = users & admins
> our $emailIntSMIMEpubKeyPath = ''; # full path to EmailInterface
> cert-chain folder (file=emailaddress.pem)
>
> our $BlockReportRequirePass = 0; # (0/1/2/3) 1 = users, 2 =
> admins, 3 = users & admins
> our $BlockReportUserPassword = ''; # the password must be anywhere
> starting in a line in the mail , one single password for all users
> our $BlockReportAdminPassword = {}; # the password must be anywhere
> starting in a line in the mail , every admin a password
> # definition as HASH:
> {'admin1emailaddress' => 'password1',
> # 'admin2emailaddress' =>
> 'password2'}
> # emailaddresses in lower case
> only !!
> #
> # passwords are NOT checked if
> SMIME is configured and is valid
> # passwords are ignored if SMIME
> failed
>
>
> In your case - setting the following in lib/CorrectASSPcfg.pm :
>
> $main::BlockReportRequirePass = 2;
> $main::BlockReportAdminPassword = {
> 'admin1emailaddress' => 'password1',
> 'admin2emailaddress' => 'password2',
> ......,
> ......
> };
>
> the admins will need to write there password anywhere in a BlockReport
> request mail at the start of any body line.
> Keep the email addresses in lower case ! Passwords are case sensitive and
> should not look like emailaddresses..
>
> Thomas
>
>
>
>
>
> Von: K Post <nntp.p...@gmail.com>
> An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> Datum: 21.05.2015 15:09
> Betreff: Re: [Assp-test] fixes in assp 2.4.4 build 15140
>
>
>
> >I can read it.
>
> Sorry, I have no idea what you mean.
>
> On Thu, May 21, 2015 at 3:51 AM, Thomas Eckardt
> <thomas.ecka...@thockar.com>
> wrote:
>
> > >Does BlockReportAdmins honor rules in EmailDomainAdmins? If so, it
> might
> > be good to indicate that in the GUI.
> >
> >
> > I can read it.
> >
> > Thomas
> >
> >
> >
> >
> > Von: K Post <nntp.p...@gmail.com>
> > An: ASSP development mailing list <assp-test@lists.sourceforge.net>
> > Datum: 21.05.2015 06:10
> > Betreff: Re: [Assp-test] fixes in assp 2.4.4 build 15140
> >
> >
> >
> > Excellent modifications as usual.
> >
> > Does BlockReportAdmins honor rules in EmailDomainAdmins? If so, it
> might
> > be good to indicate that in the GUI. I've got a couple other tiny GUI
> > changes, so let me know and I'll get you an update based on this version
> > as
> > I've done in the past.
> >
> > Thanks again for listening to my ideas, sometimes tearing them apart,
> but
> > often hearing me out and making your improved version of the concept a
> > reality These "little" things really add up. We ALL appreciate the
> > tremendous time commitment that this must entail..
> >
> > On Wed, May 20, 2015 at 12:48 PM, Thomas Eckardt
> > <thomas.ecka...@thockar.com
> > > wrote:
> >
> > > Hi all,
> > >
> > > fixed in assp 2.4.4 build 15140:
> > >
> > > - if 'DNSReuseSocket' was enabled, some DNS-queries failed because of
> > > ignored DNS-header sequences
> > >
> > > changed:
> > >
> > > - the 'Received:' headerline added by assp now contains 'unknown'
> > instead
> > > of the received 'HELO' if no
> > > PTR-record is available for the connected IP
> > >
> > > - enhanced debugging output for DNS
> > >
> > >
> > > added:
> > >
> > > 'BlockReportAdmins','BlockReport Admins*'
> > > 'A list of local addresses, which have the same rights like
> > EmailAdmins,
> > > but only for all BlockReport functions
> > > (nothing else). Leave this field blank (default), to disable this
> > > feature.
> > > This is useful, if a user must request BlockReports or resend mails
> > for
> > > other users like an EmailAdmin
> > > and BlockReportAdmin can do it, but should not have other extended
> > > rights to use the EmailInterface.
> > > Accepts specific addresses (u...@domain.com), user parts (user).
> > > Wildcards are supported (fribo*@domain.com).
> > > For example: fribo*@thisdomain.com|jhanna '
> > >
> > >
> > > Thomas
> > >
> > > DISCLAIMER:
> > > *******************************************************
> > > This email and any files transmitted with it may be confidential,
> > legally
> > > privileged and protected in law and are intended solely for the use of
> > the
> > >
> > > individual to whom it is addressed.
> > > This email was multiple times scanned for viruses. There should be no
> > > known virus in this email!
> > > *******************************************************
> > >
> > >
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > > One dashboard for servers and applications across
> Physical-Virtual-Cloud
> > > Widest out-of-the-box monitoring support with 50+ applications
> > > Performance metrics, stats and reports that give you Actionable
> Insights
> > > Deep dive visibility with transaction tracing using APM Insight.
> > > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > > _______________________________________________
> > > Assp-test mailing list
> > > Assp-test@lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/assp-test
> > >
> >
> >
>
> ------------------------------------------------------------------------------
> > One dashboard for servers and applications across Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
> >
> >
> >
> >
> >
> > DISCLAIMER:
> > *******************************************************
> > This email and any files transmitted with it may be confidential,
> legally
> > privileged and protected in law and are intended solely for the use of
> the
> >
> > individual to whom it is addressed.
> > This email was multiple times scanned for viruses. There should be no
> > known virus in this email!
> > *******************************************************
> >
> >
> >
>
> ------------------------------------------------------------------------------
> > One dashboard for servers and applications across Physical-Virtual-Cloud
> > Widest out-of-the-box monitoring support with 50+ applications
> > Performance metrics, stats and reports that give you Actionable Insights
> > Deep dive visibility with transaction tracing using APM Insight.
> > http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> > _______________________________________________
> > Assp-test mailing list
> > Assp-test@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/assp-test
> >
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
>
>
>
>
>
> DISCLAIMER:
> *******************************************************
> This email and any files transmitted with it may be confidential, legally
> privileged and protected in law and are intended solely for the use of the
>
> individual to whom it is addressed.
> This email was multiple times scanned for viruses. There should be no
> known virus in this email!
> *******************************************************
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Assp-test mailing list
> Assp-test@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-test
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
