On 6/6/10 10:00 PM, Eric Shubert wrote:
Scott Hughes wrote:
Gottcha. Where can one look at this? I can't seem to find it via
Google. o.O
On 6/6/10 9:06 PM, Eric Shubert wrote:
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS sp
Scott Hughes wrote:
Gottcha. Where can one look at this? I can't seem to find it via
Google. o.O
On 6/6/10 9:06 PM, Eric Shubert wrote:
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS spec.
Oops. That's SNI. CJ posted this link
June 06, 2010 8:07 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Webmail SSL
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS spec.
---
Gottcha. Where can one look at this? I can't seem to find it via
Google. o.O
On 6/6/10 9:06 PM, Eric Shubert wrote:
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS spec.
Eric S.,
Yes! I didn't think it was possible. Has anyone gotten NSI to work?
Eric B.
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
Sent: Sunday, June 06, 2010 8:07 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Webmail SSL
Right. This is
Right. This is what CJ's trying to overcome by using NSI, which is a
relatively recent enhancement to the TLS spec.
--
-Eric 'shubes'
Scott Hughes wrote:
From the comments in httpd.conf:
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due
CJ,
Can one use an IP certificate for a 'name' based virtual domain?
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Sunday, June 06, 2010 2:41 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
OK, that makes
webmail redirects to https://www.example1.com/webmail/
> example2.com/webmail redirects to https://www.example2.com/webmail/
>
> And so on...
>
> Eric
>
>
>
> -Original Message-
> From: Maxwell Smart [mailto:c...@yother.com]
> Sent: Saturday, June 05, 2010 9:35
example1.com/webmail/
example2.com/webmail redirects to https://www.example2.com/webmail/
And so on...
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Saturday, June 05, 2010 9:35 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail S
certificates for each of my 1st level sub-domains, so, up until now my
clients were simply adding an exception when going into webmail for a
particular sub-domain.
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 4:43 PM
To: qmailtoaster-lis
going into webmail for a
particular sub-domain.
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 4:43 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
@Eric Broch
So are all of your current secure site
was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as
;
>>>
>>> On 6/4/10 10:38 AM, Eric Broch wrote:
>>>> CJ,
>>>>
>>>> I don't use multiple certificates, but I did, in times past, try to find a
>>>> way to implement it and was glad to see the tutorial posted here for it.
>&g
but I did, in times past, try to find a
way to implement it and was glad to see the tutorial posted here for it.
Eric
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Friday, June 04, 2010 9:12 AM
To:qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] R
gt;
>> -Original Message-
>> From: Maxwell Smart [mailto:c...@yother.com]
>> Sent: Friday, June 04, 2010 9:12 AM
>> To: qmailtoaster-list@qmailtoaster.com
>> Subject: RE: [qmailtoaster] Re: Webmail SSL
>>
>> Eric,
>>
>> Sounds like the exac
>
>> Eric
>>
>> -Original Message-
>> From: Maxwell Smart [mailto:c...@yother.com]
>> Sent: Friday, June 04, 2010 9:12 AM
>> To: qmailtoaster-list@qmailtoaster.com
>> Subject: RE: [qmailtoaster] Re: Webmail SSL
>>
>> Eric,
>>
>> S
other.com]
>> Sent: Friday, June 04, 2010 9:12 AM
>> To: qmailtoaster-list@qmailtoaster.com
>> Subject: RE: [qmailtoaster] Re: Webmail SSL
>>
>> Eric,
>>
>> Sounds like the exact same configuration as mine.
>>
>> SNI is Server Name Includes and it all
Maxwell Smart [mailto:c...@yother.com]
> Sent: Friday, June 04, 2010 9:12 AM
> To: qmailtoaster-list@qmailtoaster.com
> Subject: RE: [qmailtoaster] Re: Webmail SSL
>
> Eric,
>
> Sounds like the exact same configuration as mine.
>
> SNI is Server Name Includes and it all
ne 04, 2010 9:12 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do yo
Maxwell Smart wrote:
Eric,
Have you been successful in securing more than one site?
CJ
Yes, and no.
Yes to the extent of SSL/TLS limitations w/out SNI.
Otherwise no.
--
-Eric 'shubes'
-
Qmailtoaster is sponsored
-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Sounds like the exact same configuration as mine.
SNI is Server Name Includes and it allows multiple secure connections
with a single IP. I am having trouble getting mine to work.
Do you use multiple certificates? One for eac
roch :
CJ,
I secure three sites (domains) on the same server. None of my other
clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: We
com]
Sent: Thursday, June 03, 2010 10:10 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Webmail SSL
Eric,
Virtual Hosts? Are you using SNI? GnuTLS or SSL? What version OpenSSL?
Sorry for so many questions, but a few of us on this list are trying
to sort this.
CJ
Qu
ster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch:
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried
.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch :
Maxwell
domains) on the same server. None of my other clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been success
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch:
CJ,
I secure three sites (domains) on the same server. None of my other clients
use webmail
Eric B.
-Original Message-
From: Maxwell Smart [mailto:c...@yother.com]
Sent: Thursday, June 03, 2010 6:05 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Webmail SSL
Eric,
Have you been successful in securing more than one site?
CJ
Quoting Eric Broch :
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I
cannot get it to work correctly otherwise. I just tried your
config and it didn't work either.
You are using the we
True, and in your case if you're using the
http://mail.myserver.com/webmail you shouldn't need to use the
ErrorDocumnet hack. Eric Shubes Rewrite rules should work. It
shouldn't be troublesome in that scenario since it is in a
whatchamacallit.
Quoting Eric Shubert :
Scott Hughes wrot
Scott Hughes wrote:
I'm using the "SSLRequireSSL / ErrorDocument 406" setup on my system for
my regular webmail and the new horde install I have and both are working
great.
Scott
That's nice to know, Scott.
I just want to be sure that people realize that the ErrorDocument
technique is a b
Yes, I am using Virtual hosts. I'll need to play with it more and
I'll report back.
My re direct issue is actually caused by the certificate it expects to
see at http://mail.myserver.com re directing to
https://mail.myserver.com If I go to http://mail.myserver.com/webmail
it works corre
Nothing much out of the ordinary. I have a few hosts that rewrite is
working on.
For some reason the rewrite isn't working for you.
I think you're missing a '.' after 'webmail', as in:
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
--
-Eric 'shubes'
sysadmin wrote:
Hi Maxwell an
he firewall, to allow port 443
So eric what does your conf file look like ?
Thanks all
- Original Message -
From: "Maxwell Smart"
To:
Sent: Thursday, June 03, 2010 12:46 PM
Subject: Re: [qmailtoaster] Re: Webmail SSL
It appears as though you have a default configuration
SNI looks interesting, and I certainly applaud your efforts. Be sure to
let us know how you make out.
You're using virtual hosts I presume?
--
-Eric 'shubes'
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I cannot
get it to work correctly otherwise. I just
Maxwell Smart wrote:
I realize that it's a bit of a hack and I don't like it, but I cannot
get it to work correctly otherwise. I just tried your config and it
didn't work either.
You are using the webmail suffix where I am not. I am trying to get
mail.myserver.com to work using SNI. I shoul
I realize that it's a bit of a hack and I don't like it, but I cannot
get it to work correctly otherwise. I just tried your config and it
didn't work either.
You are using the webmail suffix where I am not. I am trying to get
mail.myserver.com to work using SNI. I should be able to have m
It doesn't work with the variable either. Quoting Maxwell Smart
:
That's exactly where I am having problems and that's the only way I
can get it to work. If I have the welcome.conf enabled it goes to
the apache welcome page instead of redirecting and the log file says
failed, reason: SS
I'm not saying that ErrorDocument won't work, just that it's a bit of a
hack.
The conventional way (and 'better' for a number of reasons) is to use
the RewriteEngine. I seem to recall that there's a way to turn on
logging for the rewrite engine if you're having a problem with it.
Here's the
That's exactly where I am having problems and that's the only way I
can get it to work. If I have the welcome.conf enabled it goes to the
apache welcome page instead of redirecting and the log file says
failed, reason: SSL connection required. If I disable the
welcome.conf and include the
Maxwell Smart wrote:
It appears as though you have a default configuration. Replace this in
your squirrelmail.conf file.
Options None
Order allow,deny
allow from all
with this
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail*)$ https://%{SERVER_NAME}$1
rtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# http://httpd.apache.org/docs/2.2/vhosts/>
# for further
s in the directives below.
#
# Please see the documentation at
# http://httpd.apache.org/docs/2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
# Use name-based virtual
ewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$
https://mydominname.com/webmail/$1 [R,L]it does not work, i did try others
but cannot remember which
- Original Message - From: "Eric Shubert"
To:
Sent: Friday, May 28, 2010 11:27 PM
Subject: [qmailtoaster] Re: Webmail SSL
Are you using
essage - From: "Eric Shubert"
> To:
> Sent: Friday, May 28, 2010 11:27 PM
> Subject: [qmailtoaster] Re: Webmail SSL
>
>
>> Are you using VirtualHost definitions in apache? If so, see
>> http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts
>>
%{SERVER_PORT} 80 RewriteRule ^(.*)$
https://mydominname.com/webmail/$1 [R,L]it does not work, i did try others
but cannot remember which
- Original Message -
From: "Eric Shubert"
To:
Sent: Friday, May 28, 2010 11:27 PM
Subject: [qmailtoaster] Re: Webmail SSL
Are you using V
working solution to get the correct redirect working, I
>> will add it to the VM Image and re-upload.
>>
>> Thanks All
>>
>> madmac
>>
>>
>> - Original Message -
>> *From:* Scott Hughes <mailto:sonicscott9...@gmail.com>
>>
ks All
madmac
- Original Message -
*From:* Scott Hughes <mailto:sonicscott9...@gmail.com>
*To:* qmailtoaster-list@qmailtoaster.com
<mailto:qmailtoaster-list@qmailtoaster.com>
*Sent:* Friday, May 28, 2010 10:18 PM
*Subject:* Re: [qmailtoaster] Re: We
admac
- Original Message -
From: Scott Hughes
To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, May 28, 2010 10:18 PM
Subject: Re: [qmailtoaster] Re: Webmail SSL
CJ,
Yes, those two directives are doing what I need them to do. Thanks!
Scott
On May 28, 2010, at 11:
CJ,
Yes, those two directives are doing what I need them to do. Thanks!
Scott
On May 28, 2010, at 11:12 PM, Maxwell Smart wrote:
Scott,
It sounds like you handle multiple domains, but only in a mail
environment. In my case I have used the QMTISO as a base to my
webservers. It has bee
Scott,
It sounds like you handle multiple domains, but only in a mail
environment. In my case I have used the QMTISO as a base to my
webservers. It has been an excellent base.
You can put those in the httpd.conf file or as Eric suggested in a
.conf file in your conf.d folder.
Also, I c
I see now. The aliases aren't relative to the root, so the fact that you
changed the root doesn't matter.
I think I'd try using the DirectoryIndex none the less. I think it's a
little cleaner, and more conventional. Although your work-around is
certainly clever. ;)
--
-Eric 'shubes'
Scott H
Also, I can still get to the webmail by using the standard
'www.SERVERNAME.net/webmail'. In this case, it does go to the SSL page
via the SSLREQUIRESSL and the 403 https://mail.SERVERNAME.net/ directives.
Scott
On 5/28/10 9:30 PM, Eric Shubert wrote:
I'm not sure there is a best place. You
I get to those by typing: www.SERVERNAME.net/admin-toaster (or
/qcontrol or /qmailadmin).
Those work just fine. It's the 'mail' on the front that is messing me up.
Scott
On 5/28/10 9:30 PM, Eric Shubert wrote:
I'm not sure there is a best place. You might want create your own
/etc/httpd/c
Scott Hughes wrote:
Thanks Eric - It should be noted that I have my DNS MX record set to
point simply to 'mail.SERVERNAME.net' for all of the domains instead of
worrying about smtp.SERVERNAME.net, pop.SERVERNAME.net,
imap.SERVERNAME.net, etc.
I think that's fine, so long as you don't expect
I'm not sure there is a best place. You might want create your own
/etc/httpd/conf.d/mydomain.conf file and put them in there. Any *.conf
file in conf.d is included automatically.
Scott, given the way that you have rigged webmail, how do you get to
qmailadmin (and admin-toaster, etc)?
--
-Er
Ok, I think I found the problem. Does
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts
apply to you? It fixed the problem for me. :)
Maxwell Smart wrote:
I have set up the Rewrite as suggested, but it does not redirect from
http to https is only says forbidden. I can create a 403 r
CJ,
I don't use virtual hosts on this server. While this QMT server does
handle several domains, I have everyone pointed to the main domain name
to access their mail (webmail and mail clients). In addition to keeping
all the settings the same, I can get away with only needing one SSL
certif
Thanks Eric - It should be noted that I have my DNS MX record set to
point simply to 'mail.SERVERNAME.net' for all of the domains instead of
worrying about smtp.SERVERNAME.net, pop.SERVERNAME.net,
imap.SERVERNAME.net, etc.
So if a user types into their browser 'mail.SERVERNAME.net' they are
a
When you include SSLRequireSSL and it's not an SSL connection it will
give an error 403, using the ErrorDocument 403
https://mail.servername.net include it will then redirect the page to
the https page.
On 05/28/2010 06:26 PM, Scott Hughes wrote:
> CJ,
>
> I'm not getting any 403 errors. Would th
I like that, Scott. Just keep in mind, you're talking about 2 separate
things. The default page is one thing, and http->https redirection is
another. I suppose redirection could be used for the default page, that
would be unconventional, and more complicated than need be.
Scott Hughes wrote:
I'm working on the redirect (flip from http to https). I have it working
on one server, but not another. Trying to figure out why. I'll be sure
to post a solution when I figure it out.
AFA the default location goes, what you've done is ok, so long as nobody
will ever go anywhere besides webmai
CJ,
I'm not getting any 403 errors. Would this still apply? I'm just
looking to make it so that when one of my users goes to
"mail.SERVERNAME.net' they get the SSL pages.
Thanks,
Scott
On 5/28/10 6:50 PM, Maxwell Smart wrote:
Add these two lines to the virtual server.
SSLRequireSSL
Err
Add these two lines to the virtual server.
SSLRequireSSL
ErrorDocument 403 https://mail.servername.net
There is a way to do a simple redirect, but I haven't played with it
and can't seem to get it to work as desired. I am told it has to do
with timeout. You set the META to timeout and redir
You could just do some sort of redirect for that domain IE with PHP or even
javascript (but replies on hte browser then).
On 2010-05-28, at 4:27 PM, Scott Hughes wrote:
> CJ / Eric,
>
> How does one set up a redirect so that people automatically go to the secure
> area? My SSL setup is wo
CJ / Eric,
How does one set up a redirect so that people automatically go to the
secure area? My SSL setup is working, but only if I go directly there
(https://mail.SERVERNAME.net). If I just do 'mail.SERVERNAME.net, it
goes to the non-secure page.
My setup is as follows:
I have a symlink
Maxwell Smart wrote:
On 05/28/2010 09:52 AM, Eric Shubert wrote:
Maxwell Smart wrote:
While this will work for one domain or if the user knows that the master
domain is the one he is receiving the certificate for. Has anyone set
it up either using ssl or gnutls to have each virtual domain us
On 05/28/2010 09:52 AM, Eric Shubert wrote:
> Maxwell Smart wrote:
>> I have set up the Rewrite as suggested, but it does not redirect from
>> http to https is only says forbidden. I can create a 403 redirect, but
>> would rather set it up as a simple redirect. How is this done?
>
> Hmmm. I hav
Maxwell Smart wrote:
I have set up the Rewrite as suggested, but it does not redirect from
http to https is only says forbidden. I can create a 403 redirect, but
would rather set it up as a simple redirect. How is this done?
Hmmm. I have one host where this is working, but I just checked anot
I have set up the Rewrite as suggested, but it does not redirect from
http to https is only says forbidden. I can create a 403 redirect, but
would rather set it up as a simple redirect. How is this done?
While this will work for one domain or if the user knows that the master
domain is the one
I just assumed it was you. I should've checked.
The link is
http://wiki.qmailtoaster.com/index.php/Configuration#SquirrelMail
Click on the red SquirrelMail link on that page to create it.
Thanks.
--
-Eric 'shubes'
Scott Hughes wrote:
Thanks for the reply Eric. I'm attempting to tighten dow
Thanks for the reply Eric. I'm attempting to tighten down the server a
bit. Every little bit helps these days!
BTW, I don't recall starting any 'SM' page. Care to share the link? My age
could be catching up with me! EEK!
Scott
On Thu, May 27, 2010 at 1:28 PM, Eric Shubert wrote:
> Scott H
Scott Hughes wrote:
Does anyone happen to know if there is a wiki entry for securing
SquirrelMail using SSL? I'm looking but I'm not finding it.
Thanks,
Scott
http://wiki.qmailtoaster.com/index.php/Certificate briefly mentions that
you can use the cert for apache. That page could really u
73 matches
Mail list logo
