Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000886Endian FirewallApplication Level Proxiespublic2008-05-29 14:042013-02-22 14:30
Reporterandreseko 
Assigned Toluca-endian 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.2-rc1 
Target VersionfutureFixed in Version 
Summary0000886: POP3-SSL not WORK
DescriptionHi

I have an e-mail service running SSL secure connection with the default port 995. It turns out that whenever the active service of PROXY-POP3 he does not let enter my messages on my server. When you turn off everything returns to normal service.

    
what can be?
thanks
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0001267)
peter-endian (administrator)
2008-06-03 12:21

please read http://kb.endian.com/entry/25/ [^]
(0003306)
aender (reporter)
2009-11-17 10:26

The KB entry is only a solution for clients that are every time at green.

But if i have a notebook which is at green for working in the office and sometimes on the road or at home this solution is a no go. Why? Because every time the user is outside the office he has to change the settings at the mail client and change it back if he is back to the office.

So please make it possible to select POP3 and POP3 over SSL Ports (110, 995) for filtering in the gui.

Or can you post a workaround where we can change a config file for this?
(0003309)
peter-endian (administrator)
2009-11-17 17:10

ssl for the communication from client to transparent proxy is not implemented in p3scan, so that's simply not possible right now.

same problem however on using transparent smtp proxy with a configured smtp server which requires authentication
(0003310)
aender (reporter)
2009-11-17 17:16

OK.

Found a way to disable POP3 SSL (Port 995) in POP3 Proxy

Edit file /etc/firewall/proxies/p3scan.conf.tmpl.org and remark or delete the line with the rule for redirecting pop3s to p3scan.

So it should be possible to implement this in the gui to enable or disable port 995 or 110 at the pop3 proxy settings.
(0003311)
peter-endian (administrator)
2009-11-17 18:12
edited on: 2009-11-17 18:13

well, ok. disabling is possible.
pop3s is then however not passing at all through the pop proxy.

i mean, it goes directly then, without being proxied

(0003312)
aender (reporter)
2009-11-17 18:20

thats ok. so it would be a nice feature to select which ports/protocols would be filtered by the proxy.

however. "real" pop3s filtering is not possible in a correct way. in my opinion all manufactor who are telling that they can filter ssl traffic would do something like a man-in-the-middle-attack.
(0003502)
jasonwalls (reporter)
2009-12-02 14:28

+1

I'd also like the option to disable the proxy for SSL traffic only.
(0003819)
boccardi (reporter)
2010-02-19 10:04

Buongiorno, sarebbe possibile aggiungere il check da spuntare nella pagina del proxy POP3 per disabilitare la redirezione della porta 995 (pop3s) ?

Io utilizzo il pacchetto Stunnel per fare da proxy SMTPS IMAPS e POP3S e lo uso anche per collegarmi al nostro Endian dalla nostra Intranet.

Ecco un esempio della mia configurazione:

; Configurazione STUNNEL per Posta Certificata
;
; Esempio di configurazione IMAPS
;
; [imaps]
; accept = 10.11.39.11:6101
; delay = yes
; connect = mail.domain.com:993
;
; Protocol version (all, SSLv2, SSLv3, TLSv1)
;
;
; Global options

setuid = stunnel
setgid = stunnel
debug = 7
output = /var/log/stunnel.log
pid = /var/run/stunnel/stunnel.pid

; Server INFOCAMERE

[imaps]
client = yes
accept = 993
delay = yes
connect = mbox.cert.legalmail.it:993

[smtps]
client = yes
accept = 465
delay = yes
connect = sendm.cert.legalmail.it:465

[pop3s]
client = yes
accept = 995
delay = yes
connect = mbox.cert.legalmail.it:995

; Server EFW MASTER

[efw1]
client = yes
accept = 6112
delay = yes
connect = 10.11.39.254:10443
(0008385)
luca-endian (developer)
2013-02-22 14:27

yes the check has been added, it will be included in the next version.
(0008386)
luca-endian (developer)
2013-02-22 14:30

this is not actually a bug but how p3scan works, check the online documentation.

- Issue History
Date Modified Username Field Change
2008-05-29 14:04 andreseko New Issue
2008-06-03 12:21 peter-endian Status new => closed
2008-06-03 12:21 peter-endian Note Added: 0001267
2008-06-03 12:21 peter-endian Resolution open => no change required
2009-11-17 10:26 aender Note Added: 0003306
2009-11-17 10:26 aender Status closed => feedback
2009-11-17 10:26 aender Resolution no change required => reopened
2009-11-17 17:10 peter-endian Note Added: 0003309
2009-11-17 17:16 aender Note Added: 0003310
2009-11-17 18:12 peter-endian Note Added: 0003311
2009-11-17 18:13 peter-endian Note Edited: 0003311
2009-11-17 18:20 aender Note Added: 0003312
2009-12-02 14:28 jasonwalls Note Added: 0003502
2010-02-19 10:04 boccardi Note Added: 0003819
2010-03-24 11:47 ra-endian Severity block => minor
2010-09-23 17:52 peter-endian Status feedback => confirmed
2010-09-23 17:52 peter-endian Target Version => future
2013-02-22 14:27 luca-endian Note Added: 0008385
2013-02-22 14:30 luca-endian Note Added: 0008386
2013-02-22 14:30 luca-endian Status confirmed => closed
2013-02-22 14:30 luca-endian Assigned To => luca-endian
2013-02-22 14:30 luca-endian Resolution reopened => fixed

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker