[squid-users] transparent proxying in squid 2.6-Stable1
Dear All, before i have squid 2.5.stable 13 and then i want to transparent and get authentication in each user who's connected to internet using their browser. And then i found squid2.6 stable which support auth-on-accell. my problem is howto make transparent proxy in squid 2.6stable ?. here;s my squid install configuration : .. .. --enable-auth-on-acceleration \ .. --enable-truncate \ --enable-x-accelerator-vary \ --enable-follow-x-forwarded-for here's my squid config : http_port ip-proxy:3128 transparent vhost vport=80 defaultsite=virtual protocol=http cache_peer ip-sibling sibling 8080 3130 no-query originserver #Authentication auth_param basic program /usr/local/squid/libexec/auth.pl auth_param basic children 5 auth_param basic realm Restricted Access auth_param basic credentialsttl 1 hours firewall : rdr fxp0 from 192.168.0.0/24 to 0/0 port=80 - ip-proxy port 3128 tcp but it always show this error message : ERROR The requested URL could not be retrieved While trying to retrieve the URL: http://www.microsoft.com/isapi/redir.dll? The following error was encountered: Unable to forward this request at this time. This request could not be forwarded to the origin server or to any parent caches. The most likely cause for this error is that: The cache administrator does not allow this cache to make direct connections to origin servers, and All configured parent caches are currently unreachable. Your cache administrator is webmaster. Generated Mon, 03 Jul 2006 05:52:48 GMT by Aptech (squid/2.6.STABLE1) but if i checked the tools-options-connection and fill the ip-proxy address, then the above error disappear. can anyone help me ? Thanks
[squid-users] Can not access hindustanpetroleum.org
Sirs/ Madams, I am experiencing problem in accessing the website hindustanpetroleum.org through Squid. Internet Explorer keeps displaying : - DETECTING FLASH 6 ... Please help. Best Regards
[squid-users] use squid can build cdn?
hi all, i want build a cdn,except squid ,what software is i need? on linux base. thanks. ___ 雅虎免费邮箱-3.5G容量,20M附件 http://cn.mail.yahoo.com/
Re: [squid-users] refresh.c/refreshIsCachable buglet?
On Fri, 30 Jun 2006 17:46:14 +0200, Henrik Nordstrom [EMAIL PROTECTED] said: fre 2006-06-30 klockan 17:24 +0200 skrev Andreas J. Koenig: I'd be very happy, if the squid team could reconceive this as a buggy behaviour. Isn't it wonderful to improve software by just removing a few lines? It's a tradeoff. As the comment says there is not really any benefit in refreshing 0-sized objects as the overhead is the same as a full request. I would think what you want to change is actually the 60 seconds limit a few lines earlier... this limit is suitable for normal forward proxies in most setups, but reverse proxies may have quite different requirements. Yes, you're right, this solves the problem for *us* and it's nice that Squid 3.0 has it configurable with the minimum_expiry_time parameter. I still don't get it why the code lets downstream Squids with default minimum_expiry_time cache our 1-byte answers but not our 0-byte answers. This behaviour adds latency and traffic because our not changing headers are sent over again and again and they are always over 400 byte. -- andreas
[squid-users] Allow specific large files by URL
Dear Group, I have a basic 4MB limit on cache file size. This is about right for my needs. However, there is a group of about 5 URLs that keep cropping up that are downloads of larger files - normally software updates, virus definitions, that sort of thing. I want to cache them regardless of their size, but I don't want to cache anything else that it more than 4Mb. Can I set exceptions to the Maximum File Size rules for specific URLs? Actually, specific domain paths...? My only other thought was a kind of transparent redirection (perhaps in the iptables) to some other local server and then download these files in a cron job. However, this is a little bit like re-inventing the wheel just because you want a blue one. (shameless Hitchhikers guide to the Galaxy reference) Any suggestions? My thanks in advance, Ben Hathaway Software Developer http://www.spidersat.net
[squid-users] Message in cache.log
Hi, I have a Linux server running Squid 2.5 Stable 12 and I found the various following messages in the cache.log file. 2006/07/03 16:53:50| httpSendRequestEntryDone: Likely proxy abuse detected '192.168.1.37' - 'http://application.global.com/mgt/docu_upload.asp' Pls advise what are these messages about and can they be suppressed from the cache.log file. Thank you.
Re: [squid-users] How to set up a reverse proxy server over SSL?
Yes. I have finished to set up reverse proxy server without SSL. It is fast! I love it! Now it is an issue to add SSL on it.I think it will not be hard. I will post the whole procedure and the actual woking squid.conf file once I got success. Thank you! -Original Message- From: Henrik Nordstrom [EMAIL PROTECTED] To: fulan Peng [EMAIL PROTECTED] Cc: squid-users@squid-cache.org; Visolve Squid [EMAIL PROTECTED] Sent: Mon, 03 Jul 2006 07:34:54 +0200 Subject: Re: [squid-users] How to set up a reverse proxy server over SSL? mån 2006-07-03 klockan 09:17 +0530 skrev Visolve Squid: Hello Peng, The following steps are used to configure the squid-3.0 with SSL Compile squid with the ssl support option ./configure --prefix=/usr/local/squid --enable-ssl Edit the squid configuration for squid with SSL support (Reverse proxy) https_port 443 protocol=http cert=/path/to/server/certificate/server_cert.pem key=/path/to/server/key/server_priv_key.pem vport=port in which the back end server listen almost... you should primarily use defaultsite=your.main.site to enable reverse proxy mode and maybe vhost is you need to support domain based virtual hosting. vport is normally not needed. The port number is specified in cache_peer. As hinted above you also need a cache_peer line defining the origin server address and port. acl SSL method CONNECT never_direct allow SSL The CONNECT mthod is not applicable to reverse proxies and should probably be denied entirely... Regards Henrik
[squid-users] Re: How to set up a reverse proxy server over SSL?
Hello, I got success to set up a reverse proxy server over SSL. The following is my experience: 1, compile squid with --enable-ssl and optional --with-openssl= if your ssl-devel not in /usr/include/openssl f.e. --with-openssl=/usr/local/include ./configure --enable-ssl --with-openssl=/usr/local/ssl/include 2. cd /usr/local/squid/etc mkdir demoCA cd demoCA touch index.txt echo 01 serial mkdir private mkdir newcerts generate CA certificate (self-signed) /usr/local/ss/bin/openssl req -new -x509 -keyout /usr/local/squid/etc/demoCA/private/cakey.pem -out /usr/local/squid/etc/demoCA/cacert.pem -days 365 -subj /CA=US/ST=/L=x/OU=/O=/CN=yourdomain/[EMAIL PROTECTED] 3. generate certificate /usr/local/ssl/bin/openssl req -new -keyout key.pem -out req.pem -days 365 where req.pem - certificate request 4. Remove the password from the key. cd /usr/local/squid/etc cp key.pem key.pem.old /usr/local/ssl/bin/openssl rsa -in key.pem.old -out key.pem 5.sign this certificate with your CA cert /usr/local/ssl/bin/openssl ca -in /usr/local/squid/etc/req.pem -out /usr/local/squid/etc/cert.pem 6.remove unneeded lines from cert.pem (usually you only need lines beetwen -BEGIN CERTIFICATE- . .. -END CERTIFICATE- 7. add this in squid.conf https_port [ip_address:]port cert=/where/cert.pem key=/where/key.pem Here are the keys for the config of squid: acl huanghuagang.org dstdomain huanghuagang.org acl our_networks src 192.168.0.0/24 http_access allow huanghuagang.org http_access allow our_networks https_port accel vhost cert=/usr/local/squid/etc/cert.pem key=/usr/local/squid/etc/key.pem cafile=/usr/local/squid/etc/demoCA/cacert.pem defaultsite=xxx.fr cache_peer huanghuagang.org parent 80 0 no-query originserver name=huanghuagang cache_peer_access huanghuagang allow huanghuagang.org If I need another site, I would assign 8889 to this site and repeat everything above. I do not know if there is a better way. But this way is easy to understand. On 7/3/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Yes. I have finished to set up reverse proxy server without SSL. It is fast! I love it! Now it is an issue to add SSL on it.I think it will not be hard. I will post the whole procedure and the actual woking squid.conf file once I got success. Thank you! -Original Message- From: Henrik Nordstrom [EMAIL PROTECTED] To: fulan Peng [EMAIL PROTECTED] Cc: squid-users@squid-cache.org; Visolve Squid [EMAIL PROTECTED] Sent: Mon, 03 Jul 2006 07:34:54 +0200 Subject: Re: [squid-users] How to set up a reverse proxy server over SSL? mån 2006-07-03 klockan 09:17 +0530 skrev Visolve Squid: Hello Peng, The following steps are used to configure the squid-3.0 with SSL Compile squid with the ssl support option ./configure --prefix=/usr/local/squid --enable-ssl Edit the squid configuration for squid with SSL support (Reverse proxy) https_port 443 protocol=http cert=/path/to/server/certificate/server_cert.pem key=/path/to/server/key/server_priv_key.pem vport=port in which the back end server listen almost... you should primarily use defaultsite=your.main.site to enable reverse proxy mode and maybe vhost is you need to support domain based virtual hosting. vport is normally not needed. The port number is specified in cache_peer. As hinted above you also need a cache_peer line defining the origin server address and port. acl SSL method CONNECT never_direct allow SSL The CONNECT mthod is not applicable to reverse proxies and should probably be denied entirely... Regards Henrik
[squid-users] Squid 2.6 - Support for proxying of NTLM web authentication
Hi, What is the support status of Squid 2.6-STABLE1 for Proxying of NTLM web authentication? Does it include the same level of support as Cacheboy version? Thank you, John Mok
Re: [squid-users] Squid 2.6 - Support for proxying of NTLM web authentication
Its connection-pinning support (pinning authenticated client connections against persistent server connections) so yes; it should be. The 2.6 code is different and handles more cases - it should correctly handle NTLM proxying through a proxy server hierarchy (ie up through parent proxies.) Adrian On Mon, Jul 03, 2006, John Mok wrote: Hi, What is the support status of Squid 2.6-STABLE1 for Proxying of NTLM web authentication? Does it include the same level of support as Cacheboy version? Thank you, John Mok
Re: [squid-users] Squid 2.6 - Support for proxying of NTLM web authentication
On Mon, Jul 03, 2006, Adrian Chadd wrote: Its connection-pinning support (pinning authenticated client connections against persistent server connections) so yes; it should be. ^-- * * was inspired by what went into the cacheboy stuff (sorry!) Adrian
[squid-users] Squid splitting SSL Closure Alert packet
Hi: multiple users intermittently get Page Cannot be Displayed when using IE to access a web server via SSL through Netcache proxy. When we access the server without the squid proxy in the path, users donot have any problems. We captured traces on the client and the server side. It looks like server sends a SSL Closure alert with TCP flags FIN, PSH flags set. But when the proxy forwards this alert to client browser, it sends a SSL Closure Alert with PSH flag set and then another packet with FIN flag set. 1. any idea why squid proxy seperates this out into two packets eventhough the server sent the whole thing in one packet 2. Can squid be configured not to split the packet? Thanks Ravi __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
[squid-users] httpd_accel in Squid 2.6.STABLE1 problem
Hi, I'm currently testing Squid 2.6.STABLE1. In the past I have always used Squid as a reverse proxy to our http servers on the internal network, today as I'm setting up Squid I notice it's missing something in the Squid.conf file. I just went through and configure everything as I had on the old Squid box but there is only one option under the httpd-accelerator section. # HTTPD-ACCELERATOR OPTIONS # - # TAG: httpd_accel_no_pmtu_discon|off # In many setups of transparently intercepting proxies Path-MTU # discovery can not work on traffic towards the clients. This is # the case when the intercepting device does not fully track # connections and fails to forward ICMP must fragment messages # to the cache server. # # If you have such setup and experience that certain clients # sporadically hang or never complete requests set this to on. # #Default: # httpd_accel_no_pmtu_disc off Then I check the FAQ and followed this link http://wiki.squid-cache.org/SquidFaq/ReverseProxy to read more about how to set it up. It says to use the options httpd_accel_host and httpd_accel_port but they're not valid options when I start Squid, it gives me an error. 2006/07/03 16:20:13| parseConfigFile: line 2967 unrecognized: 'httpd_accel_host virtual' 2006/07/03 16:20:13| parseConfigFile: line 2968 unrecognized: 'httpd_accel_port 80' I didn't have any problems configuring it in 2.5.STABLE14 release. Further searching the squid.conf for the term httpd_accel returns nothing except the above option. Am I doing something wrong? I checked if needed to compile it with options to enable reverse proxy but I don't. Thank you, Jon
[squid-users] How to fix the TCP_MISS 302 678 problem--Image can not be cached.
I have set up a Squid reverse proxy server for a web site named http://www.dajiyuan.com This site is ok both for IE and Netscape browsers. But when I reverse proxy it, it pop up a message says A license is required for all but for personal use of this code. See terms of use of Dyn-web.com. After I click OK, many image .gif files can not display. In the access_log, it says TCP_MISS 302 678 First_UP_Parent. I cannot understand why Squid did not cache this images since they can be catched in regular browsers. Thanks a lot! Fulan Peng.
Re: [squid-users] transparent proxying in squid 2.6-Stable1
mån 2006-07-03 klockan 13:06 +0700 skrev RdBSD: before i have squid 2.5.stable 13 and then i want to transparent and get authentication in each user who's connected to internet using their browser. Not possible I am afraid. This is not something you can do in a proxy using proxy authentication. You will need to implement a separate authentication system keeping track of your users and reporting the user name to Squid via external_acl_type.. And then i found squid2.6 stable which support auth-on-accell. Yes, but it's litterally what it says. Authentication in accelerator mode infront of YOUR web servers under your administrative control, not when transparently intercepting traffic to other web servers. Proxy authentication requires the browser to be configured to use the proxy. Authentication in accelerator mode is web server authentication, unique to each web server and for that web server only. my problem is howto make transparent proxy in squid 2.6stable ?. Similar to 2.5, except that you use the word transparent in the http_port line instead of the httpd_accel_host virtual thing one used in 2.5.. But unfortunately a small bug crept in into 2.6.STABLE1 in the transparent interception mode. See bug #1650. http_port ip-proxy:3128 transparent vhost vport=80 defaultsite=virtual protocol=http cache_peer ip-sibling sibling 8080 3130 no-query originserver This is a typical reverse proxy setup, not transparent proxy.. A transparent proxy setup looks more like http_port ip-proxy:3128 transparent and due to bug #1650 you will also need the following until a patch is available if you don't have any parent proxies the request should be forwarded to: always_direct allow all patch will be available shortly. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] httpd_accel in Squid 2.6.STABLE1 problem
mån 2006-07-03 klockan 16:44 -0400 skrev Jon: Then I check the FAQ and followed this link http://wiki.squid-cache.org/SquidFaq/ReverseProxy to read more about how to set it up. It says to use the options httpd_accel_host and httpd_accel_port but they're not valid options when I start Squid, it gives me an error. 2006/07/03 16:20:13| parseConfigFile: line 2967 unrecognized: 'httpd_accel_host virtual' 2006/07/03 16:20:13| parseConfigFile: line 2968 unrecognized: 'httpd_accel_port 80' I didn't have any problems configuring it in 2.5.STABLE14 release. Further searching the squid.conf for the term httpd_accel returns nothing except the above option. Things have changed a bit. See the Squid-2.6 release notes. (yes, there is release notes...) Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] How to fix the TCP_MISS 302 678 problem--Image can not be cached.
mån 2006-07-03 klockan 17:20 -0400 skrev fulan Peng: I have set up a Squid reverse proxy server for a web site named http://www.dajiyuan.com This site is ok both for IE and Netscape browsers. But when I reverse proxy it, it pop up a message says A license is required for all but for personal use of this code. See terms of use of Dyn-web.com. I would suggest you try to comply with the license requirements of their code. After I click OK, many image .gif files can not display. In the access_log, it says TCP_MISS 302 678 First_UP_Parent. 302 Found indicates the object has moved temporarily to another URL. Normally not cacheable. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Message in cache.log
mån 2006-07-03 klockan 17:15 +0800 skrev squid squid: 2006/07/03 16:53:50| httpSendRequestEntryDone: Likely proxy abuse detected '192.168.1.37' - 'http://application.global.com/mgt/docu_upload.asp' Pls advise what are these messages about and can they be suppressed from the cache.log file. It means the HTTP protocol was used in an odd manner normally only seen in certain tunneling protocols abusing HTTP proxies for tunneling other non-HTTP traffic. But it could also be a web server behaving a bit oddly, sending the response before the request have been sent.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
[squid-users] Re: How to fix the TCP_MISS 302 678 problem--Image can not be cached.
Yes. I am reading their terms of use. They do not allow others to use their image icons. Now I understand. I have to get permission from this site in order to cache it. They have something anti-cache code probably. Thanks a lot! Fulan Peng. On 7/3/06, Henrik Nordstrom [EMAIL PROTECTED] wrote: mån 2006-07-03 klockan 17:20 -0400 skrev fulan Peng: I have set up a Squid reverse proxy server for a web site named http://www.dajiyuan.com This site is ok both for IE and Netscape browsers. But when I reverse proxy it, it pop up a message says A license is required for all but for personal use of this code. See terms of use of Dyn-web.com. I would suggest you try to comply with the license requirements of their code. After I click OK, many image .gif files can not display. In the access_log, it says TCP_MISS 302 678 First_UP_Parent. 302 Found indicates the object has moved temporarily to another URL. Normally not cacheable. Regards Henrik
[squid-users] ntlm auth fatal error
I get this error quite a bit. It doesn't cause any real problems though. [2006/07/03 13:13:13, 1] libsmb/ntlmssp.c:ntlmssp_update(267) got NTLMSSP command 3, expected 1 this is what worries me. 26 in queue but according to my reporting there were only 22 people accessing the proxy between 1 and 2. 2006/07/03 13:17:24| WARNING: All ntlmauthenticator processes are busy. 2006/07/03 13:17:24| WARNING: up to 5 pending requests queued 2006/07/03 13:17:37| storeDirWriteCleanLogs: Starting... 2006/07/03 13:17:37| WARNING: Closing open FD8 2006/07/03 13:17:37| Finished. Wrote 36113 entries. 2006/07/03 13:17:37| Took 0.0 seconds (1896093.7 entries/sec). FATAL: Too many queued ntlmauthenticator requests (26 on 5) Squid Cache (Version 2.5.STABLE14): Terminated abnormally. CPU Usage: 777.645 seconds = 435.479 user + 342.165 sys Maximum Resident Size: 0 KB Page faults with physical i/o: 0 Memory usage for squid via mallinfo(): total space in arena: 24064 KB Ordinary blocks:23338 KB 23 blks Small blocks: 0 KB 0 blks Holding blocks: 1240 KB 2 blks Free Small blocks: 0 KB Free Ordinary blocks: 725 KB Total in use: 24578 KB 102% Total free: 725 KB 3% I could add more helpers but would this really solve the problem? We plan on putting over 300 people on this proxy in a week and a half. This has happened twice and squid has always restarted in 3 seconds. A 3 second hiccup multiple times in a day would be a problem. The access log doesn't show anything helpful and there's nothing in squid.out. Any help would be appreciated. Thank you. Steve Wilson Jr Loxias IT Solutions 513-605-2726 [EMAIL PROTECTED]
[squid-users] WARNING: Cannot run '/user/bin/ntlm_auth' process.
Hi all! I am trying to set up Squid as the proxy for the net work here but am running into a problem as you can see by the subject. I have had Samba 3 running on the computer (running Ubuntu 5.10) for quite some time doing some file sharing and that is working fine no one has any troubles with it at all. I originally installed squid from a package and was initially making great progress. I had been enabling features one at a time and testing the net to make sure that if I broke it I could fix it. Everything was going fine until I tried to enable ntlm authorisation. Was wanting this working so I can see who does what not just what ip does what. The first thing I noticed was that when ntlm was configured in the .conf file with the following : auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours It took about 25 min for Squid to finish its initialisation (according to the cache.log) At first I thought it had broken squid totally (no acl configured) as I couldn't connect to it anymore however checking the logs showed that it was simply stalling at helperStatefulOpenServers:Starting 5 'ntlm_auth' processes. This line was then followed by 5 WARNING: Cannot run '/user/bin/ntlm_auth' process. messages about 3 min apart. The same is then repeated for the helperOpenServers: starting 5 'ntlm_auth processes line. Needless to say because of the above any users cant authenticate and are blocked from the proxy when ACL's using ntlm authentication are used. (if the ntlm is no required for a particular user then they can still access the proxy). At first I thought it might be a permissions issue so I went gave proxy group full permissions to every samba file on the computer. No difference. I bumped up the logging level to 9 and this is what I get. (for ntlm children 1) (same time stamp) authNTLMConfigured: returning configured helperStatefulOpenServers: Starting 1 'ntlm_auth' processes Comm._open: FD 7 is a new socket fd_open FD 7 ntlm_auth Comm._open: FD 8 is a new socket fd_open FD 8 ntlm_auth ipcCreate: prfd FD 8 ipcCreate: prfd FD 8 ipcCreate: crfd FD 7 ipcCreate: cwfd FD 7 ipcCreate: FD 8 sockaddr 127.0.0.1:53820 ipcCreate: FD 7 sockaddr 127.0.0.1:53819 ipcCreate: FD 7 Listening... leave_suid: PID 26486 called leave_suid: PID 26486 giving up root priveleges forever ipcCreate: calling accept in FD 7 comm_close: FD 7 commCallCloseHandlers: FD 7 fd_close FD 7 ntlm_auth connect FD 8: (110) Connection timed out comm_close: FD 8 CommCallCloseHandlers: FD 8 Fd_close FD 8 ntlm_auth WARNING: Cannot run '/user/bin/ntlm_auth' process. StatefulGetFirstAvailable: Running servers 0. cachemgrRegester: registered ntlmauthenticator authBasicCofigured: returning configured helperStatefulOpenServers: Starting 1 'ntlm_auth' processes (3 min time jump on the stamp) It all starts again.. I figured that it might be an issue with the package so I downloaded the source and compiled it as per the web site and get the same issue. (stable 10) I guess I am hoping that all of this means something to someone and that you can help me! If anymore info is required please let me know! Nathaniel
[squid-users] SSL_GET_PREV_SESSION Error When refreshing the page
Hello all, I have setup squid-3.0 with Reverse Proxy and client authentication with ssl certificate.Squid also starts fine.When i browsed a page,It works fine with the client authentication and the page get displayed.when i used the refresh button in my browser(Mozilla firefox).I got the following error in my cache.log I Surfed the net and in bug database i found this was posted as a bug(#973) and there is also patch available for this one.But it doesn't works for me.Is there any suggested patch available for this. 2006/07/04 09:27:26| clientNegotiateSSL: Error negotiating SSL connection on FD 10: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized (1/-1) Thanks, Prabu.M.A
[squid-users] 3.0 PRE4
Im trying to setup a proxy (accelerated) for sitting in front of our public web servers. Ive got 3.0 PRE4 working kind of now The cache_peer line is cache_peer 192.168.8.100 parent 443 7 ssl sslversion=3 originserver sslflags=DONT_VERIFY_PEER I was having trouble getting it to make an ssl connection (the server has a valid certificate that is signed by a well known CA) at all but the version=3 stuff seems to make it work (I have no idea why) The problem now is that it stops working after a few seconds. I can load a page over https, but then, on the next reload, it reports 2006/07/04 14:13:35| Detected DEAD Parent: 192.168.8.100 2006/07/04 14:13:35| Failed to select source for 'https://www.xxx.com.au/document.html' I don't know how to stop the DEAD parent stuff (its not really a cache_peer, its an origin server) and I guess it drops the tcp connection. Does anyone have any ideas about this ? Thanks. -- Kevin Withnall ILB Computing PH: 02 4227 0001 Mobile: 0412 453 846 FAX: 02 4227 0081 http://kevin.withnall.com/ smime.p7s Description: S/MIME cryptographic signature