Red Hat / Fedora :: Postfix, Disabling SSLv2: Not Trivial?
Aug 12, 2010
although I've been a lurker for a long time and hope the wealth of experience on LinuxForums can help me solve an issue I've been pulling my hair out for the last week.I am undergoing PCI compliancy scans and have been able to solve all the issues indicated with the exception of one: SSL Server Supports Weak Encryption Vulnerabilityport over port 25. Now before I go over the list of solutions I've tried let me post my Postfix main.cf and master.cf:
Code: main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
[code]....
View 4 Replies
ADVERTISEMENT
Aug 12, 2010
although I've been a lurker for a long time and hope the wealth of experience on LinuxQuestions can help me solve an issue I've been pulling my hair out for the last week.I am undergoing PCI compliancy scans and have been able to solve all the issues indicated with the exception of one: SSL Server Supports Weak Encryption Vulnerabilityport over port 25. Now before I go over the list of solutions I've tried let me post my Postfix main.cf and master.cf:
Code:
main.cf
queue_directory = /var/spool/postfix
[code]....
View 1 Replies
View Related
Sep 1, 2011
I would like to disable SSLv2 in Postfix but unfortunately Google has failed to produce a suitable answer. There are numerous posts on blogs and forums and such that do not appear to actually work. For example, one such post (which has been copied about quite a bit) says to use the following main.cf directives:
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium, high
But if I run:
$ openssl s_client -connect xxxx.xxxxxxx.xxx:25 -starttls smtp -ssl2
the command is successful and SSLv2 is still negotiated.
The Postfix documentation does not provide an example of this particular case but I don't think it would matter much if it did since I somewhat doubt that anyone other than the developers themselves fully understand how these directives actually work.
How do I disable SSLv2 in Postfix and more generally disable ciphers that are considered to be weak?
View 1 Replies
View Related
Feb 28, 2010
I have a netbook running opensuse 11.2 I'm trying to make it run faster by disabling services, and I would like to kill off postfix as I don't ever use it (As far as i actually know) What harm could come from disabling postfix, if any?
View 3 Replies
View Related
May 28, 2010
I am trying to learn how to write a kernel module. I am following the excellent guide from The Linux Documentation Project called The Linux Kernel Module Programming Guide v.2.6.4.
My machine is running Ubuntu Lucid Lynx (10.04)
Code:
I installed the corresponding linux headers and just to make sure I also installed the linux source and extracted it in /usr/src
I am trying to run the following trivial kernel module
Code:
View 4 Replies
View Related
Mar 11, 2010
Here is what i do: make clean make makefiles CCARGS='-DEF_CONFIG_DIR="/opt/product/postfix-2.6.5/etc"
-DEF_COMMAND_DIR="/opt/product/postfix-2.6.5"
-DEF_DAEMON_DIR="/opt/product/postfix-2.6.5/libexec"
-DEF_MAILQ_PATH="/opt/product/postfix-2.6.5/bin/mailq"
-DEF_DATA_DIR="/opt/product/postfix-2.6.5/lib"
-DEF_NEWALIAS_DIR="/opt/product/postfix-2.6.5/bin/newaliases"
[Code]...
make install then i got this error: postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory make: *** [install] Error 1 I don't understand why it's checking the usr/libexec folder for the daemons although I've set the folder to /opt/product/postfix-2.6.5/libexec in the makefile. Here is also the cat of my makedefs.out:
[Code]....
View 1 Replies
View Related
Jun 28, 2011
this is a minor but annoying problem and I hope maybe just a simple fix. I have a weather monitor in my top panel. Sometimes it gets stuck and can't update. How do I restart these little panel applets or whatever they are called? I don't want to restart or even relogon for such a trivial problem, but it is annoying. Not sure about the relogon, but I know a reboot fixes it. (running AMD64 bit lucid).
View 2 Replies
View Related
Apr 12, 2010
been looking for a easy way for simple users (newbies) to share folders over the internet with friends. I found almost nothing about it, in both Windows and Ubuntu, as people usually recommend online sharing (as dropbox and Ubuntu One, which is not what I ask for) or ssh, ftp and related, which are usually not trivial to set up for simple user and you need to install a nice GUI for the client.Why isn't there a simple way as a right-click menu option, then choosing some user/password and having it available over some iport? Something like local network file sharing.This seems like an incredible tool to have.
View 1 Replies
View Related
Aug 22, 2009
I just installed the new Fedora 11 and have used earlier versions in the past a few times before. I am trying to figure out if there is anyway to automatically allow root access to everything once an administrator logs in as admin. I am extremely tired of having to type in my password EVERY single time I want to do something. Especially having to use the terminal for something as simple as copying a file from one directory to another.
View 2 Replies
View Related
Oct 21, 2010
I replaced my gnome with openbox some time ago, some of the gnome utilities still boots at at the start and I love and use most of them. Still few of them are causing problems, how can I selectively disable from autostarting?Also which utility takes care of mouse speed? I keeps resetting my settings?PS; I did some research and fooled around with xinit files, tried to grep them out of the init stuff, no result...
View 1 Replies
View Related
Nov 10, 2010
it tried to test the autologin mechanism, now i have to decided to go back to normal
login on fc14 under gnome, but the login screen doesn't appear any longer.The autologin was activated with accounts-login and disabled by removing the twolines below
Code:
[daemon]
AutomaticLoginEnable=True
[code]....
View 2 Replies
View Related
Dec 17, 2010
When I first start up the computer, I would like to remove the login screen so I do not have to input a password. How can I do this?
View 1 Replies
View Related
Jun 25, 2011
I'm an inordinate amount of trouble getting F15 to run without NetworkManager. If I boot with the NetworkManager service enabled, my NIC presents as expected at /dev/eth0 (I'm using biosdevname=0). However, when I stop the NetworkManager service, /dev/eth0 disappears from the filesystem.If I boot without NetworkManager enabled, /dev/eth0 is never created. Reviewing dmesg, udev is loading an ethernet driver.
View 1 Replies
View Related
Feb 2, 2010
I am not sure if this is a bug or not: I have disabled updates in System/Preferences/Software Update Preferences (set to Never/Nothing/Never) and yet when there are updates I get the icon on the Gnome panel announcing bugs or security updates.The reason I have disabled updates is that I prefer to check for updates manually with Yum, also to prevent lock conflicts between manual Yum and PackageKit.
View 2 Replies
View Related
Feb 26, 2010
I was running NFS in my Fedora. I found that I could not mount exported directory in client machine (Fedora ) with firewall enable in NSF server. Even I tried by clicking out all services in firewall (but not disabling it), it did not work. To make it work, I had to disable firewall. Is there any way to do this without disabling firewall?
View 3 Replies
View Related
Jun 29, 2011
on FC15 is it possible to change (as compiz) the mouse top corner behaviour?I would like to obtain the full windows list moving the mouse on top right corner..exist any extension that allow the userelect specific corner or is it possible to tell him on xml file configuration?
View 6 Replies
View Related
Feb 23, 2011
I wanted to know if it is possible to turn off readdirplus calls at the server side. I am currently using a fedora core 8 server.
View 1 Replies
View Related
Apr 16, 2011
I am running CentOS 5.4 with CUPS v1.3.7 and have a Brother printer (MFC-5895CW) that connects wirelessly to a SonicWall device. The SonicWall is hardwired to my PC. I have found that periodically, the printer queue will become disabled and the only way to re-enable it is to issue a cupsenable command.
I believe that queue only gets disabled if the wireless connection drops in the middle of a print job. I've tried dropping the wireless connection and then bringing it back up when no print jobs are active or pending and the queue is fine for the next print job that is sent when the connection is up.
I did a little research and found that my version of CUPS contains support for an ErrorPolicy setting in the printer.conf file that may prevent the print queue from being disabled. I'm hoping that if I change the default value from "stop-printer" to "retry-job" that this will prevent CUPS from disabling the print queue and requirring a cupsenable command to re-enable the queue.
I don't want to play around with scheduling cron jobs to enable the queue.
View 3 Replies
View Related
Nov 26, 2010
First some specs:
Fedora 13 (Goddard) 32-bit
NVIDIA GeForce GTX 260
The DVI output on my card works just fine to my monitor, which is what I've been using. I installed no drivers; it just worked. However, now I need a duplicate screen to be given via the s-video output, but it doesn't work. Nothing is being given to the tv and nothing is being detected under monitors. From what I understand, this is because I need to install the appropriate Driver.
I downloaded my driver from the nvidia website, but it won't install. it tells me I need to disable nouveau.
View 9 Replies
View Related
Dec 21, 2010
I'm running a server using CentOS 5 x64 I want to disable access of groups to "bin" folder so they cannot execute commands. [info: actually because of a bug in cPanel (the control panel I installed) Perl will give access to all hosting users to execute commands.] so what i wanna do is to ban some groups on 'bin' folder, for example 'my_group1' and 'my_group2" cannot access bin but 'my_trusted_group' can access it.
View 1 Replies
View Related
Sep 25, 2010
is there any HOWTO for configuring Webmin Postfix server with multiple postfix virtual hosts? Seems to be a tough challenge to set it up without any easy manual..
View 1 Replies
View Related
Oct 4, 2010
so i set out to change the default smtp port the server uses because my ISP blocks port 25 and i need the email to work in outlook. this morning i could receive email, but not send it. so i did some research and thought that i needed to edit the master.cf file in /etc/postfix/ by commenting out this line: smtp inet n - n - - smtpd -oand replace it with587 inet n - n - - smtpd (587 being the port i want to use)somewhere along the lines postfix server stopped running and now i cannot get it to start.if i try using SSH it crashes immediately and if i restart it in simple control panel nothing happens
View 7 Replies
View Related
Feb 25, 2011
I recently moved over user from an old box running postfix(v 2.0.16) over to rhel 6 running postfix (v mail_version = 2.6.6). ive tried to make sure all the files are of correct permissions and that the main.cf file is configured corectly. However there is something wrong as when i run postfix: service postfix server i get no error but when checking the status:service postfix status i get: master dead but pid file exists Looking into /var/log/mailog i find this line being the issue:
Feb 25 16:24:39 puny1 postfix/master[3517]: fatal: fifo_listen: create fifo public/pickup: Permission denied
I gather this is a file permission issue and ive tried to make sure the public folder in /var/spool/postfix is correctly set but still no avail.
View 2 Replies
View Related
May 11, 2010
I was trying to write a graph plotting program with c++. I need to convert the infix expression from user to postfix expression for quick evaluation. However, the evaluation of postfix is kind of interpreted, and thus kind of slow for evaluating huge number of values. Say if I plot an implicit function the penalty is quite huge. Is there a way that I can compile the infix expression from my running graph plotting application for high speed evaluation.
View 6 Replies
View Related
Dec 12, 2008
I have isntalled a server with Centos 5.2 OS, now I would like to switch from the default sendmail to postfix doing a yum install postfix I've noticed there is already available an rpm version for the OS but I would like to compile my own 2.5 version, I've noticed compiling from source does not allow me to use the mail switcher to tell to the system I'm gonna use Postfix instead of Sendmail as the default MTA while this is possible when I use the "official" rpm version of the package. Now my question is this, would this be a problem? There is some specific procedure/best practice I should follow? Or once compiled and configured Postfix I can safely disable/uninstall sendmail?
View 6 Replies
View Related
May 31, 2011
On old laptops with a low capacity battery, you get the "battery may be broken" message. Before Gnome 3, this message could be disabled by using gconf-editor to change the value for this message under gnome-power-manager. This now seems impossible as gnome-power-manager does not appear in gconf.
View 1 Replies
View Related
Aug 6, 2009
browser just crashed trying to upload the config file at the end, so I fi miss something, sorry.I have been trying over the past few days to get either postfix or sendmail to properly forward my emails. I have made an entry in virtusers (for both postfix and sendmail) as:[URL]..I know that they these files are mapped correctly because I did an entry of:[URL].. that worked, it sent it to root's mailbox. I got this to work in both sendmail of postfix. What the problem is that when I point it to an external domain (ex. name@gmail.com), it fails, and the email gets lost somewhere on my server (I have yet to fine where they are going). The other thing I noticed is when I send an email from my server (via php) and send it to test (or whatever)@example.com the catchall works, and sends the email to my gmail address. Is this virtuser only applicable for outgoing email? Or is something else wrong?
View 1 Replies
View Related
May 27, 2010
I have configured Postfix, mysql and Dovecot according to following guide. [URL] My issue is When I'm Install dovecot ( using yum command). it Didn't create a "/usr/lib/dovecot/deliver" folder.Then my mail.log trace this error message
Code:
May 27 16:36:02 localhost pipe[26056]: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: No such file or directory May 27 16:36:02 localhost postfix/pipe[26055]: CE9768FED3: to=<john@example.com>, relay=dovecot, delay=26, delays=26/0.02/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: No such file or directory )
After that I have create "/usr/lib/dovecot/deliver' folder. Then I have set permission using follwing command.
Code:
mkdir /usr/lib/dovecot/deliver
chown vmail /usr/lib/dovecot/deliver
Now My log file trace this message
Code:
May 27 19:26:52 localhost postfix/pipe[30111]: E178F9000E: to=<john@example.com>, relay=dovecot, delay=388941, delays=388941/0.02/0/0, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied )
how to set permission for this? Or My configuration is wrong?
View 6 Replies
View Related
Jun 2, 2011
I have a fresh install of FC14 and I am looking for information on what I have to do to get postfix and fetchmail set up to use my roadrunner e-mail.
View 4 Replies
View Related
Nov 28, 2010
How will I configure sendmail or postfix ,so that I can send mail to external mailclient like to gmail,hotmail etc.
View 1 Replies
View Related
