04-19-2013
Ssl+compression+postfix/dovecot
Hello everybody.
For security reason, i need to disable compression on ssl/tls for postfix (2.6.6-2.2.el6_1) port 25 and 587(submission port) and dovecot (2.0.9-2.el6_1.1) for imaps and pops.
my server running centos 6.4 and openssl 1.0.0-25.el6_3.1.
I someone know how to do it?
Thanks for your help
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Can someone explain the difference between the two. Thanks (1 Reply)
Discussion started by: jerardfjay
1 Replies
2. UNIX for Dummies Questions & Answers
i have configured Squid proxy server in Fedora 8 with two network interfaces.
HTTP, HTTPS, FTP are working fine but we are unable to download mails using mail clients from mail server with POP3(ssl) and SMTP(ssl).
so please someone help us how to enable pop and smtp in Squid. (1 Reply)
Discussion started by: praneel2k
1 Replies
3. IP Networking
hi all.
Am using smtpd_recipient_restrictions & check_recipient_access in postfix.
The hash file looks like this:
emailaddress1 HOLD
emailaddress2 HOLD
The aim is to place email from these recipients in the hold directory,check them then reinject them back in postfix on some... (0 Replies)
Discussion started by: coolatt
0 Replies
4. UNIX for Dummies Questions & Answers
Hi guys
One of our clients have a problem with sending email to a certain domain. No matter what we try, the mails just dont get delivered.
What I did then, is created a new connector on their Exchange server, pointing all mail sent to their client at "domain1" to relay to our Postfix mail... (0 Replies)
Discussion started by: wbdevilliers
0 Replies
5. Web Development
I have interesting problem.
https:/host/some/x.cgi
- this script has run twice when I call this url
But
http:/host/some/x.cgi
work fine, only once.
Output is text/plain.
If I change output format to the Content-type text/html,
then both urls works fine - executed only once. (2 Replies)
Discussion started by: kshji
2 Replies
6. Red Hat
Hi,
I did setup one E-mail Server with postfix/dovecot/squirrelmail on CentOS 5.x and is working fine.
I did configure SMTP authentication (without TSL/SSL) so that users from outside can send emails via our email server with SMTP auth. One weird issue i'm getting is that it's working from... (1 Reply)
Discussion started by: prvnrk
1 Replies
7. UNIX and Linux Applications
I have a mailserver with postfix
i want to alias all mail for administrator@domain.fqdn
to root@domain.fqdn
I have the aliases configured,and i did newliases
but doesn't work.
How to did this?Postfix is configured for virtual domain on ad server. (2 Replies)
Discussion started by: Linusolaradm1
2 Replies
8. UNIX for Dummies Questions & Answers
Hello,
I have been trying to setup a email server here at home, for me and a few friends. Nothing fancy, just a super basic - but secure - email server.
I have been having trouble over the course of the past 2-3 weeks fumbling through various online tutorials. It shouldn't be SO hard =)
... (0 Replies)
Discussion started by: jalisco
0 Replies
9. UNIX for Dummies Questions & Answers
Long story short, I have everything working in my SOHO which would include Postfix,Dovecot(imap),Roundcube,bind and is ready to recieve email from the outside using this tutorial:
https://workaround.org/ispmail/wheezy
I also setup my internal DNS server using:
https://wiki.debian.org/Bind9... (2 Replies)
Discussion started by: metallica1973
2 Replies
10. Linux
Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website!
please advise if I missed any concept / configs... Thank you!
httpd.conf
<VirtualHost *:80>
ServerName www.my-site.com
ServerAdmin... (0 Replies)
Discussion started by: ashokvpp
0 Replies
LEARN ABOUT OSX
ssl_comp_add_compression_method
SSL_COMP_add_compression_method(3) OpenSSL SSL_COMP_add_compression_method(3)
NAME
SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods
SYNOPSIS
#include <openssl/ssl.h>
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
DESCRIPTION
SSL_COMP_add_compression_method() adds the compression method cm with the identifier id to the list of available compression methods. This
list is globally maintained for all SSL operations within this application. It cannot be set for specific SSL_CTX or SSL objects.
NOTES
The TLS standard (or SSLv3) allows the integration of compression methods into the communication. The TLS RFC does however not specify
compression methods or their corresponding identifiers, so there is currently no compatible way to integrate compression with unknown
peers. It is therefore currently not recommended to integrate compression into applications. Applications for non-public use may agree on
certain compression methods. Using different compression methods with the same identifier will lead to connection failure.
An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1) will unconditionally send the list of all compression methods
enabled with SSL_COMP_add_compression_method() to the server during the handshake. Unlike the mechanisms to set a cipher list, there is no
method available to restrict the list of compression method on a per connection basis.
An OpenSSL server will match the identifiers listed by a client against its own compression methods and will unconditionally activate
compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection
basis.
The OpenSSL library has the compression methods COMP_rle() and (when especially enabled during compilation) COMP_zlib() available.
WARNINGS
Once the identities of the compression methods for the TLS protocol have been standardized, the compression API will most likely be
changed. Using it in the current state is not recommended.
RETURN VALUES
SSL_COMP_add_compression_method() may return the following values:
0 The operation succeeded.
1 The operation failed. Check the error queue to find out the reason.
SEE ALSO
ssl(3)
50 2013-03-05 SSL_COMP_add_compression_method(3)