Software :: Postfix, Disabling SSLv2: Not Trivial?
Aug 12, 2010
although I've been a lurker for a long time and hope the wealth of experience on LinuxQuestions can help me solve an issue I've been pulling my hair out for the last week.I am undergoing PCI compliancy scans and have been able to solve all the issues indicated with the exception of one: SSL Server Supports Weak Encryption Vulnerabilityport over port 25. Now before I go over the list of solutions I've tried let me post my Postfix main.cf and master.cf:
although I've been a lurker for a long time and hope the wealth of experience on LinuxForums can help me solve an issue I've been pulling my hair out for the last week.I am undergoing PCI compliancy scans and have been able to solve all the issues indicated with the exception of one: SSL Server Supports Weak Encryption Vulnerabilityport over port 25. Now before I go over the list of solutions I've tried let me post my Postfix main.cf and master.cf:
I would like to disable SSLv2 in Postfix but unfortunately Google has failed to produce a suitable answer. There are numerous posts on blogs and forums and such that do not appear to actually work. For example, one such post (which has been copied about quite a bit) says to use the following main.cf directives:
smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_mandatory_ciphers = medium, high
the command is successful and SSLv2 is still negotiated.
The Postfix documentation does not provide an example of this particular case but I don't think it would matter much if it did since I somewhat doubt that anyone other than the developers themselves fully understand how these directives actually work.
How do I disable SSLv2 in Postfix and more generally disable ciphers that are considered to be weak?
I have a netbook running opensuse 11.2 I'm trying to make it run faster by disabling services, and I would like to kill off postfix as I don't ever use it (As far as i actually know) What harm could come from disabling postfix, if any?
I am trying to learn how to write a kernel module. I am following the excellent guide from The Linux Documentation Project called The Linux Kernel Module Programming Guide v.2.6.4.
My machine is running Ubuntu Lucid Lynx (10.04)
Code:
I installed the corresponding linux headers and just to make sure I also installed the linux source and extracted it in /usr/src
I am trying to run the following trivial kernel module
make install then i got this error: postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory make: *** [install] Error 1 I don't understand why it's checking the usr/libexec folder for the daemons although I've set the folder to /opt/product/postfix-2.6.5/libexec in the makefile. Here is also the cat of my makedefs.out:
this is a minor but annoying problem and I hope maybe just a simple fix. I have a weather monitor in my top panel. Sometimes it gets stuck and can't update. How do I restart these little panel applets or whatever they are called? I don't want to restart or even relogon for such a trivial problem, but it is annoying. Not sure about the relogon, but I know a reboot fixes it. (running AMD64 bit lucid).
been looking for a easy way for simple users (newbies) to share folders over the internet with friends. I found almost nothing about it, in both Windows and Ubuntu, as people usually recommend online sharing (as dropbox and Ubuntu One, which is not what I ask for) or ssh, ftp and related, which are usually not trivial to set up for simple user and you need to install a nice GUI for the client.Why isn't there a simple way as a right-click menu option, then choosing some user/password and having it available over some iport? Something like local network file sharing.This seems like an incredible tool to have.
is there any HOWTO for configuring Webmin Postfix server with multiple postfix virtual hosts? Seems to be a tough challenge to set it up without any easy manual..
so i set out to change the default smtp port the server uses because my ISP blocks port 25 and i need the email to work in outlook. this morning i could receive email, but not send it. so i did some research and thought that i needed to edit the master.cf file in /etc/postfix/ by commenting out this line: smtp inet n - n - - smtpd -oand replace it with587 inet n - n - - smtpd (587 being the port i want to use)somewhere along the lines postfix server stopped running and now i cannot get it to start.if i try using SSH it crashes immediately and if i restart it in simple control panel nothing happens
I recently moved over user from an old box running postfix(v 2.0.16) over to rhel 6 running postfix (v mail_version = 2.6.6). ive tried to make sure all the files are of correct permissions and that the main.cf file is configured corectly. However there is something wrong as when i run postfix: service postfix server i get no error but when checking the status:service postfix status i get: master dead but pid file exists Looking into /var/log/mailog i find this line being the issue:
I was trying to write a graph plotting program with c++. I need to convert the infix expression from user to postfix expression for quick evaluation. However, the evaluation of postfix is kind of interpreted, and thus kind of slow for evaluating huge number of values. Say if I plot an implicit function the penalty is quite huge. Is there a way that I can compile the infix expression from my running graph plotting application for high speed evaluation.
I have isntalled a server with Centos 5.2 OS, now I would like to switch from the default sendmail to postfix doing a yum install postfix I've noticed there is already available an rpm version for the OS but I would like to compile my own 2.5 version, I've noticed compiling from source does not allow me to use the mail switcher to tell to the system I'm gonna use Postfix instead of Sendmail as the default MTA while this is possible when I use the "official" rpm version of the package. Now my question is this, would this be a problem? There is some specific procedure/best practice I should follow? Or once compiled and configured Postfix I can safely disable/uninstall sendmail?
I am using Slackware64 13.37 and every once and awhile I will get a notification that the kernel is disabling IRQ #16. When this happens it feels like I lose 3D acceleration. KDE becomes very sluggish and lags like crazy. Even when I type into text boxes they lag. The only way to fix it temporarily is to reboot, but then it will happen again in a few days.
I just installed the netbook remix 10.10 on my laptop. I have been using Unity and I would much rather prefer a standard GNOME desktop. I know there was a way to change the netbook interface to a standard GNOME one on the 8.04 remix. Anyone know if there's a way to do it in 10.10?
I have a directory in which the files are stored. the users must be able to only read or add files to the directory. the users must not delete the files under the directory. how can i do this? is it possible to disable the rm command?
I upgraded a working Ubuntu system that I'd previously configured to accept tcp connections for the X server, which it's magically gone and added back in again. I can't now figure out how to disable it.
I've edited /etc/gdm/gdm.schemas and changed DisallowTCP to false. I've edited /etc/X11/xinit/xserverrc and removed the nolisten tcp line, but it still comes up with it.
The System->Administration->Login Screen has no option for security (pretty sure that's how I fixed it last time).
When I plug in a removable device, KDE automounts it, but I prefer to do this manually (also perhaps not liking the idea that any user could plug a device in and have it mounted). I've searched around and looked at KDE -> System Settings -> Removable Devices, and "Enable automatic mounting of removable devices" is already unchecked
I've run into this problem this week. The other night a power supply failed on a different system and appears to have surged the UPS which it and some other computers were plugged in to. One computer was fine, but the RAID server that is used for backups ended up with a bad disk and this "Disabling IRQ #169" message now shows up during boot, right after starting udev and setting the hostname. The system then sits there for 3-5 minutes before repeating a scroll of "/etc/rc.d/rc.sysinit: line 966: /bin/usleep: Input/output error"
I have booted with linux recovery from the CentOS DVD in order to replace the drive that was damaged. I rebuilt the raid array and all the data seems to be fine. There is another message though after "Red Hat nash version 5.1....." no raid disks and with names: "isw_bf jihdchhi_Hostname" failed to stat() /dev/mapper/isw_bf jihdchhi_Hostname
I was considering doing a complete reinstall of CentOS but if there is another solution I would much appreciate it, is it perhaps an issue with Grub not being able to find the updated array? As it is, it is impossible to boot the system except for using a live CD to do it.
Let me quickly state that I am returning to Debian after quite a long break. I am trying to relearn some things. I suppose I'm somewhat old school. As in I originally installed from rawright, back in the days when you had to do practically everything by hand. I was quite happy with config and make. I actually learned a ton back then, as I started out knowing nothing. I guess I can learn to catch up with the modern linux world.
Anyway here is my question? In the old days if I wanted something not to be mounted I would simply comment out the entry in /etc/fstab. I notice that my USB drive is mounted but does not appear in the fstab. It is in mtab, and lsusb does show it.
If I wanted to secure a system, but not totally remove usb support from the kernel, how would I prevent the automounting of USB drives? What are the configuration files that govern their operation?
I just installed the new Fedora 11 and have used earlier versions in the past a few times before. I am trying to figure out if there is anyway to automatically allow root access to everything once an administrator logs in as admin. I am extremely tired of having to type in my password EVERY single time I want to do something. Especially having to use the terminal for something as simple as copying a file from one directory to another.
I replaced my gnome with openbox some time ago, some of the gnome utilities still boots at at the start and I love and use most of them. Still few of them are causing problems, how can I selectively disable from autostarting?Also which utility takes care of mouse speed? I keeps resetting my settings?PS; I did some research and fooled around with xinit files, tried to grep them out of the init stuff, no result...
it tried to test the autologin mechanism, now i have to decided to go back to normal login on fc14 under gnome, but the login screen doesn't appear any longer.The autologin was activated with accounts-login and disabled by removing the twolines below
I'm an inordinate amount of trouble getting F15 to run without NetworkManager. If I boot with the NetworkManager service enabled, my NIC presents as expected at /dev/eth0 (I'm using biosdevname=0). However, when I stop the NetworkManager service, /dev/eth0 disappears from the filesystem.If I boot without NetworkManager enabled, /dev/eth0 is never created. Reviewing dmesg, udev is loading an ethernet driver.
