Hi Thomas, all ISPconfig servers are disabling SSL on HTTP, SMTP, POP, IMAP, FTP.... so am I
http://www.ispconfig.org/blog/1/entry-135-new-tutorial-how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack/ Who should become 'man in the middle' between YOUR assp and YOUR postfix ????? If set to "do TLS", ASSP will be the "man in the middle". ASSP will try to move both connections in to TLS. All data will be readable to ASSP - so all checks could be done. If any of the peers does not support TLS, ASSP will .... Or am I missing something here? Miro. Dňa 20.10.2014 o 9:56 Thomas Eckardt napísal(a): >> due to OpenSSL Poodle bug I switched to TLS only on my servers > There is no need to do this. POODLE is no problem for SMTPS. > >> Any ideas how to solve this? > Who should become 'man in the middle' between YOUR assp and YOUR postfix > ????? > > Thomas > > > > > > Von: Miroslav Šebek <se...@hako.sk> > An: assp-user@lists.sourceforge.net > Datum: 20.10.2014 09:39 > Betreff: [Assp-user] ASSP resendmail problem after switching to TLS > only > > > > > > Hi all, > > due to OpenSSL Poodle bug I switched to TLS only on my servers > > Config ASSP: > > doTLS = doTLS > > SSL_version = TLSv1:!SSLv2:!SSLv3 > > Config Postfix: > > smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 > smtpd_tls_protocols = !SSLv2,!SSLv3 > smtp_tls_protocols = !SSLv2,!SSLv3 > > and from this moment the resendmail function of ASSP is no more working > > Logs ASSP: > Oct-20-14 08:58:13 [Main_Thread] Info: request to create file: > RESENDMAIL/18348--71350.EML > Oct-20-14 08:58:16 [Worker_10000] FROM: <mo...@myserver.tld> denied > Oct-20-14 08:58:16 [Worker_10000] Can't send data - Bad file descriptor > Oct-20-14 08:58:16 [Worker_10000] *** send to 127.0.0.1:225 > (smtpDestination [1]) didn't work, trying others... > > Logs Postfix: > > Oct 20 08:58:16 squeeze postfix/smtpd[2891]: connect from > localhost.localdomain[127.0.0.1] > Oct 20 08:58:16 squeeze postfix/smtpd[2891]: SSL_accept error from > localhost.localdomain[127.0.0.1]: 0 > Oct 20 08:58:16 squeeze postfix/smtpd[2891]: warning: TLS library > problem: 2891:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert > certificate expired:s3_pkt.c:1258:SSL alert number 45: > Oct 20 08:58:16 squeeze postfix/smtpd[2891]: lost connection after > STARTTLS from localhost.localdomain[127.0.0.1] > Oct 20 08:58:16 squeeze postfix/smtpd[2891]: disconnect from > localhost.localdomain[127.0.0.1] > > But other mails are comming normally, this error is for resendmail only > > Oct-20-14 09:09:09 m-88948-03402 [Worker_1] [TLS-in] [TLS-out] > [MessageOK] 81.95.XXY.YYY <info@domain1.tld1> to: i...@mydomail.tld > message ok [Some subject] > > Any ideas how to solve this? > > Thanks, Miro. > > > > > ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://p.sf.net/sfu/Zoho _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user
