On 9/03/2012 1:07 a.m., JC Putter wrote:
Amos,
Thank you for the reply.
Sorry I meant 3.0 STABLE 19.
Please at minimum upgrade to 3.0.STABLE26 then, if possible 3.1.19.
There are a handful of major security vulnerabilities in between.
The Zimbra Desktop client connects via port 443 and I have the standard ACL;
http_access deny !Safe_ports
http_access deny !SSL_ports
however when I change the ACL to (very insecure)
http_access allow CONNECT (without the exception of !SSL_ports) the zimbra
client connects...
no too sure if my ACL is incorrect or if a need to add additional ports in the
ACL however according to Zimbra 443 is the only one required.
The ACL you list above is not the defaults. The correct default is:
http_access deny CONNECT !SSL_ports
SSL_Ports should only contain the HTTPS ports you permit requests to.
I ran wireshark trace I can confirm that the proxy offers all configured
authentication schemes and the client responds with a Kerberos ticket.
Okay. It would seem to be some other part of the configuration. If you
want a proper analysis please post your whole config (without the
comments and empty lines though).
Amos
