Search Results

Search found 5390 results on 216 pages for 'ssl vpn'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 125/216 | < Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >

  • Linux port-based routing using iptables/ip route

    - by user42055
    I have the following setup: 192.168.0.4 192.168.0.6 192.168.0.1 +-----------+ +---------+ +----------+ |WORKSTATION|------| LINUX |------| GATEWAY | +-----------+ +---------+ +----------+ 192.168.150.10 | 192.168.150.9 +---------+ | VPN | +---------+ 192.168.150.1 WORKSTATION has a default route of 192.168.0.6 LINUX has a default route of 192.168.0.1 I am trying to use the gateway as the default route, but route port 80 traffic via the VPN. Based on what I read at http://www.linuxhorizon.ro/iproute2.html I have tried this: echo "1 VPN" >> /etc/iproute2/rt_tables sysctl net.ipv4.conf.eth0.rp_filter = 0 sysctl net.ipv4.conf.tun0.rp_filter = 0 sysctl net.ipv4.conf.all.rp_filter = 0 iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 80 -j MARK --set-mark 0x1 ip route add default via 192.168.150.9 dev tun0 table VPN ip rule add from all fwmark 0x1 table VPN When I run "tcpdump -i eth0 port 80" on LINUX, and open a webpage on WORKSTATION, I don't see the traffic go through LINUX at all. When I run a ping from WORKSTATION, I get this back from some packets: 92 bytes from 192.168.0.6: Redirect Host(New addr: 192.168.0.1) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 de91 0 0000 3f 01 4ed3 192.168.0.4 139.134.2.18 Is this why my routing is not working ? Do I need to put GATEWAY and LINUX on different subnets to prevent WORKSTATION being redirected to GATEWAY ? Do I need to use NAT at all, or can I do this with routing alone (which is what I want) ?

    Read the article

  • Configuring postfix with Gmail

    - by MultiformeIngegno
    This is what I did.. sudo apt-get install postfix This is my /etc/postfix/main.cf: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=no smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = tsXXX561.server.topcloud.it alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = relayhost = [smtp.gmail.com]:587 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = loopback-only default_transport = smtp relay_transport = smtp inet_protocols = all # SASL Settings smtp_use_tls=yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_CAfile = /etc/postfix/cacert.pem Then I created the file /etc/mailname with my hostname as content: tsXXX561.server.topcloud.it Then I created the file /etc/postfix/sasl_passwd: [smtp.gmail.com]:587 [email protected]:gmail_password Then sudo postmap /etc/postfix/sasl/passwd sudo cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem service postfix restart Still sends nothing... I'm on Ubuntu Server 12.04.

    Read the article

  • Lighttpd with FastCGI configuration running ViewVC - rewrite problems

    - by 0xC0000022L
    At the moment I am struggling with the configuration of lighttpd together with ViewVC. The configuration was ported from Apache 2.2.x, which is still running on the machine, serving the WebDAV/SVN stuff, being proxied through. Now, the problem I am having appears to be with the rewrite rules and I'm not really sure what I am missing here. Here's my configuration (slightly condensed to keep it concise): var.hgwebfcgi = "/var/www/vcs/bin/hgweb.fcgi" var.viewvcfcgi = "/var/www/vcs/bin/wsgi/viewvc.fcgi" var.viewvcstatic = "/var/www/vcs/templates/docroot" var.vcs_errorlog = "/var/log/lighttpd/error.log" var.vcs_accesslog = "/var/log/lighttpd/access.log" $HTTP["host"] =~ "domain.tld" { $SERVER["socket"] == ":443" { protocol = "https://" ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/ssl/..." ssl.ca-file = "/etc/lighttpd/ssl/..." ssl.use-sslv2 = "disable" setenv.add-environment = ( "HTTPS" => "on" ) url.rewrite-once += ("^/mercurial$" => "/mercurial/" ) url.rewrite-once += ("^/$" => "/viewvc.fcgi" ) alias.url += ( "/viewvc-static" => var.viewvcstatic ) alias.url += ( "/robots.txt" => var.robots ) alias.url += ( "/favicon.ico" => var.favicon ) alias.url += ( "/mercurial" => var.hgwebfcgi ) alias.url += ( "/viewvc.fcgi" => var.viewvcfcgi ) $HTTP["url"] =~ "^/mercurial" { fastcgi.server += ( ".fcgi" => ( ( "bin-path" => var.hgwebfcgi, "socket" => "/tmp/hgwebdir.sock", "min-procs" => 1, "max-procs" => 5 ) ) ) } else $HTTP["url"] =~ "^/viewvc\.fcgi" { fastcgi.server += ( ".fcgi" => ( ( "bin-path" => var.viewvcfcgi, "socket" => "/tmp/viewvc.sock", "min-procs" => 1, "max-procs" => 5 ) ) ) } expire.url = ( "/viewvc-static" => "access plus 60 days" ) server.errorlog = var.vcs_errorlog accesslog.filename = var.vcs_accesslog } } Now, when I access the domain.tld, I correctly see the index of the repositories. However, when I look at the links for each respective repository (or click them, for that matter), it's of the form https://domain.tld/viewvc.fcgi/reponame instead of the intended https://domain.tld/reponame. What do I have to change/add to achieve this? Do I have to "abuse" the index file mechanism somehow? Goal is to keep the /mercurial alias functional. So far I've tried sifting through the lighttpd book from Packt again, also through the lighttpd documentation, but found nothing that seemed to match the problem.

    Read the article

  • Windows Server 2008 R2 - Can't connect RDP over the Internet

    - by Jonathan DeMarks
    I have two networks: Domain and Public, Domain is a VPN connection and Public is the local connection to the network. This is not a domain controller or a DNS/DHCP server. I can connect via RDP from the local network (192.168.1.), from the VPN network (10.1.2.), and from the VPN network over the internet. I cannot connect from the internet (anywhere besides where the server is VPN'd) Wireshark indicates that the server is getting packets, and the audit log is indicating that the packets are being dropped. Advanced Firewall has explicit options to allow RDP, and has no deny policies. I have also tried turning Firewall off completely to no avail. I'm really lost on this one.

    Read the article

  • Email client wont connect to SMTP Authentication server

    - by Jason
    Im having trouble installing SMTH Auth for my ubuntu email server. I have followed ubuntu own guide for SMTH AUT (https://help.ubuntu.com/14.04/serverguide/postfix.html). But my email client thunderbird is giving this error " lost connection to SMTP-client 127.0.0.1." I cant add new users to thundbird either because of this connection problem. Do i have to alter any setting on my Thunderbird perhaps since ? I did try to make thunderbird use SSL for imap as well but that neither works. I restarted postfix and dovecot to find errors but both run just fine. Prior to SMTP auth changes thunderbird could connect just fine to my server and send mails. This is my main.cf file in postfix. It looks just like the one on ubuntu guide above. readme_directory = no # TLS parameters #smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache myhostname = mail.mysite.com mydomain = mysite.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = $mydomain mydestination = mysite.com #relayhost = smtp.192.168.10.1.com mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.10.0/24 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all home_mailbox = Maildir/ mailbox_command = #SMTP AUTH smtpd_sasl_type = dovecot smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_tls_auth_only = no smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes This my dovecot configuration at 10-master.conf service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit } service pop3-login { inet_listener pop3 { #port = 110 } inet_listener pop3s { #port = 995 #ssl = yes } } service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = $default_vsz_limit # Max. number of IMAP processes (connections) #process_limit = 1024 } service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 } service auth { unix_listener auth-userdb { #mode = 0600 #user = #group = } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix } } service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } } I did add auth_mechanisms = plain login to 10-auth.conf as well.

    Read the article

  • Slash after domain in URL missing for Rails site

    - by joshee
    After redirecting users in a Rails app, for some reason the slash after the domain is missing. Generated URLs are invalid and I'm forced to manually correct them. The problem only occurs on a subdomain. On a different primary domain (same server), everything works ok. For example, after logging out, the site is directing to https://www.sub.domain.comlogin/ rather than https://www.sub.domain.com/login I suspect the issue has something to do with the vhost setup, but I'm not sure. Here are the broken and working vhosts: BROKEN SUBDOMAIN <VirtualHost *:80> ServerName www.sub.domain.com ServerAlias sub.domain.com Redirect permanent / https://www.sub.domain.com </VirtualHost> <VirtualHost *:443> ServerAdmin [email protected] ServerName www.sub.domain.com ServerAlias sub.domain.com RailsEnv production # SSL Engine Switch SSLEngine on # SSL Cipher Suite: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate SSLCertificateFile /path/to/server.crt # Server Private Key SSLCertificateKeyFile /path/to/server.key # Set header to indentify https requests for Mongrel RequestHeader set X_FORWARDED_PROTO "https" BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 DocumentRoot /home/usr/www/www.sub.domain.com/current/public/ <Directory "/home/usr/www/www.sub.domain.com/current/public"> AllowOverride all Allow from all Options -MultiViews </Directory> WORKING PRIMARY DOMAIN <VirtualHost *:80> ServerName www.diffdomain.com ServerAlias diffdomain.com Redirect permanent / https://www.diffdomain.com </VirtualHost> <VirtualHost *:443> ServerAdmin [email protected] ServerName www.diffdomain.com ServerAlias diffdomain.com ServerAlias *.diffdomain.com RailsEnv production # SSL Engine Switch SSLEngine on # SSL Cipher Suite: SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate SSLCertificateFile /path/to/server.crt # Server Private Key SSLCertificateKeyFile /path/to/server.key # Set header to indentify https requests for Mongrel RequestHeader set X_FORWARDED_PROTO "https" BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 DocumentRoot /home/usr/www/www.diffdomain.com/current/public/ <Directory "/home/usr/www/www.diffdomain.com/current/public"> AllowOverride all Allow from all Options -MultiViews </Directory> </VirtualHost> Please let me know if there's anything else I could provide that would help determine what's wrong here. UPDATE tried adding a trailing slash to the redirect command, but still no luck.

    Read the article

  • How to change the mail domain server so it's not displaying IP? Changing [email protected] to [email protected]

    - by Pavel
    Hi guys. I'm kinda a noob as a server admin so please bear with me. I've installed postfix mail server and everything is working fine but the 'from' box is displaying [email protected]. I want to set it up so it displays domainname.com instead of IP. I just hope you know what I mean. My main.cf in postfix folder looks like this: # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mail.thevinylfactory alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.thevinylfactory.com, thevinylfactory, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all Can anyone help me with this one? If you need any more details please let me know. Thanks in advance!

    Read the article

  • Use both OpenVPN & eth0 together

    - by shadyabhi
    I connect to a VPN using openVPN. Now, after the connection is established, all my traffic goes through tun0. My LAN gateway is 10.100.98.4... So, for apps to use my direct internet connnection I did sudo route add default gw 10.100.98.4 But, I cant use tun0 now. I know this because curl --interface tun0 google.com doesnt give me anything.. How do I go about using both connections simultaneously. How can I achieve that? ROUTING TABLES:- Without VPN running:- Destination Gateway Genmask Flags Metric Ref Use Iface 10.100.98.0 * 255.255.255.0 U 1 0 0 eth0 default 10.100.98.4 0.0.0.0 UG 0 0 0 eth0 With VPN:- Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.0.1 10.10.54.230 255.255.255.255 UGH 0 0 0 tun0 10.10.54.230 * 255.255.255.255 UH 0 0 0 tun0 free-vpn.torvpn 10.100.98.4 255.255.255.255 UGH 0 0 0 eth0 10.100.98.0 * 255.255.255.0 U 1 0 0 eth0 default 10.10.54.230 0.0.0.0 UG 0 0 0 tun0 After the route command- Destination Gateway Genmask Flags Metric Ref Use Iface 10.10.0.1 10.10.54.230 255.255.255.255 UGH 0 0 0 tun0 10.10.54.230 * 255.255.255.255 UH 0 0 0 tun0 free-vpn.torvpn 10.100.98.4 255.255.255.255 UGH 0 0 0 eth0 10.100.98.0 * 255.255.255.0 U 1 0 0 eth0 default 10.100.98.4 0.0.0.0 UG 0 0 0 eth0 default 10.10.54.230 0.0.0.0 UG 0 0 0 tun0

    Read the article

  • Conditional cPanel Forwarder

    - by Wireblue
    We have many clients on a cPanel server, some of which also have SSL certificates setup. Each year when the renewals are sent to webmaster@ their domain we would like a copy of those emails so we can install the SSL certifciate for them and issue invoices etc. So I'm wondering if there is a way we can selectively or conditionally forward certain emails if they match certain rules? (in cPanel) I'm thinking: If an email is sent to "webmaster@domain" and the subject contains "ssl", then forward to "[email protected]". Any ideas? Thanks in advance, Wireblue

    Read the article

  • Different subnets routing with just one layer 3 switch

    - by GustavoFSx
    Our current network looks like this: Location 1: 2 Layer 2 switches | subnet 192.168.1.0/24 | Firewall for our VPN Location 2: 1 Layer 2 switch | subnet 192.168.3.0/24 | Firewall for our VPN Location 3: 1 Layer 2 switch | subnet 192.168.5.0/24 | Firewall for our VPN We just got a direct fiber connection between location 1 and 2, we also got a new HP V1910 24G layer 3 switch. I tried to follow the instructions on this site, but I can't get it to work. I think our network should look like this: Location 1: HP Switch FIBER to L2 | subnet 192.168.1.0/24 | Firewall for our VPN Location 2: 1 Layer 2 switch | subnet 192.168.3.0/24 | FIBER to L1 Location 3: 1 Layer 2 switch | subnet 192.168.5.0/24 | Firewall for our VPN So, how can I get routing working on our location 2? It's old gateway was a firewall device on ip 192.168.3.1. I'm thinking on creating a VLAN Interface on 192.168.3.1 on the switch for the Location 2. But how will I handle that on the HP switch that has a direct fiber connection with that switch? Please help, I'm not very good with networking.

    Read the article

  • redirecting HTTPS requests to http in lighttpd

    - by chochim
    I have a lighttpd server running which has an SSL certificate installed. I would, due to certain reasons, like to forward all https: //www. requests to http: //www. My lighttpd code looks like as follows: $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/path/to/pem/file" ssl.ca-file = "/path/to/ca/file" HTTP["host"] =~ "^www\.(.*)$" { url.redirect = ("^/(.*)" => "http://www.%1$1") } } Can you please point out the problem here. Another thing, what is the difference between %1 and $1 ?

    Read the article

  • configure domino web server to use internet site document?

    - by kasper_341
    internet site configurations view has - security options - Accept SSL site certificates: default is NO Accept expired SSL certificates: default is Yes question: how does this effect server behaviour ? e.g. if i change the default behaviour -Accept SSL site certificates to yes then what effect will it have on server ? i hope the questions is clear enough, if not please let me know i will rephrase it. thanks

    Read the article

  • redirect wildcard subdomains to https (nginx)

    - by whatWhat
    I've got a wildcard ssl certification and I'm trying to redirect all non-ssl traffic to ssl. Currently I'm using the following for redirection the non-subdomainded url which is working fine. server { listen 80; server_name mydomain.com; #Rewrite all nonssl requests to ssl. rewrite ^ https://$server_name$request_uri? permanent; } when I do the same thing for *.mydomain.com it logically redirects to https://%2A.mydomain.com/ How do you redirect all subdomains to their https equivalent?

    Read the article

  • openvpn and selective routing

    - by mx2323
    hi everyone, whats the best way to configure openvpn clients to go selectively go about using an openvpn connection? i want to setup a vpn server for friends in china, but i dont want them to use it for everything, just so they can access sites like youtube, facebook, cnn, etc. while they are in china through the vpn (these are blocked). it would be nice if the vpn was a backup, so for instance if they are trying to go to facebook (which is blocked), it would go through the vpn connection once finding that the normal connection does not work. this would save a lot of bandwidth cost actually, and give them a better browsing experience. is this a iptable route thing? or a dns server that i push to my clients?

    Read the article

  • How do I configure postfix starttls

    - by Michael Temeschinko
    I need to install postfix on my webserver couse I need to use sendmail for my website. I only need to send mail not recieve or relay. send with starttls (port 587) via relay smtp.strato.de here is what happens Jul 15 00:02:38 negrita postfix/smtp[7120]: Host offered STARTTLS: [smtp.strato.de] Jul 15 00:02:38 negrita postfix/smtp[7120]: C717A181252: to=<[email protected]>, relay=smtp.strato.de[81.169.145.133]:587, delay=0.31, delays=0.09/0/0.16/0.04, dsn=5.7.0, status=bounced (host smtp.strato.de[81.169.145.133] said: 530 5.7.0 Bitte konfigurieren Sie ihr E-Mailprogramm fuer Authentifizierung am SMTP Server, wie auf www.strato.de/email-hilfe beschrieben. - Please configure your mail client for using SMTP Server Authentication (in reply to MAIL FROM command)) Jul 15 00:02:38 negrita postfix/cleanup[7118]: 29F5F181254: message-id=<20120714220238.29F5F181254@negrita> Jul 15 00:02:38 negrita postfix/qmgr[7102]: 29F5F181254: from=<>, size=2548, nrcpt=1 (queue active) Jul 15 00:02:38 negrita postfix/bounce[7121]: C717A181252: sender non-delivery notification: 29F5F181254 Jul 15 00:02:38 negrita postfix/qmgr[7102]: C717A181252: removed Jul 15 00:02:39 negrita postfix/local[7122]: 29F5F181254: to=<michael@negrita>, relay=local, delay=1.1, delays=0.04/0/0/1.1, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION") Jul 15 00:02:39 negrita postfix/qmgr[7102]: 29F5F181254: removed Jul 15 08:05:18 negrita postfix/master[1083]: daemon started -- version 2.9.1, configuration /etc/postfix Jul 15 08:05:29 negrita postfix/master[1083]: reload -- version 2.9.1, configuration /etc/postfix and my config michael@negrita:~$ postconf -n biff = no config_directory = /etc/postfix delay_warning_time = 4h home_mailbox = /home/michael/Maildir/ html_directory = /usr/share/doc/postfix/html inet_interfaces = localhost mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 mydomain = example.com myhostname = negrita mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 notify_classes = resource, software, protocol readme_directory = /usr/share/doc/postfix recipient_delimiter = + relayhost = [smtp.strato.de]:587 smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd smtp_tls_enforce_peername = no smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes soft_bounce = yes the user and password is ok couse I can send mail with my thunderbird thanks in advance mike

    Read the article

  • OCS 2007 Access Edge Server Certificate issue

    - by BWCA
    We are currently building additional OCS 2007 R2 Access Edge Servers to handle additional capacity.  We ran into a SSL certificate issue when we were setting up the servers. Before running the steps to Deploy an Edge Server, we successfully imported our SSL certificate that we use for external access on all of the new servers.  After successfully completing the first three Deploy Edge Server steps one one of the new servers, we started working on Step 4: Configure Certificates for the Edge Server.  After selecting Assign an existing certificate from the common tasks list and clicking Next to select a certificate, there were no certificates listed as shown below.   The first thing we did was to use the Certificates mmc snap-in to review the SSL certificate information.  We noticed in the General tab that Windows does not have enough information to verify this certificate and in the Certification Path that the issuer of this certificate could not be found for the SSL certificate that we imported successfully earlier.     While troubleshooting, we learned that we could not access the URL for the certificate’s CRL to download the CRL file due to restrictive firewall rules between the new OCS 2007 R2 Access Edge Servers and the Internet. After modifying the firewall rules, we were able to download the CRL file and when we reran Step 4 to assign an existing certificate, the certificate was listed.

    Read the article

  • HTTPS To http redirect issue. How to overcome?

    - by Akshay
    Have already seen suggests on how to rewrite https to http. currently using this technique : RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301] RewriteRule ^(.*)$ http ://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] Problem : I am currently on hostgator VPS and have found Google indexing my HTTPS pages. Weird for me as never bought an SSL. My site is a blog only. When spoke to Google forums, ( https://productforums.google.com/forum/#!msg/webmasters/2Hz46t44nwk/7voZWudFtAQJ ), they say I should redirect https to http. Now when I have redirected this using the above method, I am still getting SSL warning in browsers. And found that Google is still indexing my new pages with https. I feel as I do not have an SSL, adding a redirect in https doesn't work. So if Google indexes my https page, then I should go and buy SSL, and tell there to redirect https to http. Why would I do that? Please help me, reduced the traffic by nearly 30% because of this. Have even told search engines to go to this file (disallows everything) if they are on https. Options +FollowSymlinks RewriteCond %{SERVER_PORT} ^443$ RewriteRule ^robots.txt$ robots_ssl.txt

    Read the article

  • Alternative to google map api, so that I can use it on a HTTPS/SSL encrypted website.

    - by Zeeshan Rang
    I did find a solution for this on Google map api page, and I made the following changes as mentioned in it. 1.Use Google Maps API for Flash version 1.9a or later. 2.Add the following to your Flash application before the map is instantiated: Security.allowInsecureDomain("maps.googleapis.com"); Ref:http://code.google.com/apis/maps/faq.html#flash_ssl My code looks like this, after the changes: <mx:TitleWindow verticalAlign="middle" horizontalAlign="center" xmlns:mx="http://www.adobe.com/2006/mxml" xmlns:maps="com.google.maps.*" width="1000" height="600" layout="absolute" backgroundAlpha="0" borderAlpha="0" borderThickness="0" showCloseButton="true" close="PopUpManager.removePopUp(this);"> <mx:VBox width="70%" height="100%" > <maps:Map id="map" key="ABQIAAAA0L1JEoR6rWjh-BBQnLMtMBSVuZ5VlaqlIqiYPFMK_I5M2UTmHhSq_BJxLHiYcTDW9RxSF6HewNY7uA" mapevent_mapready="onMapReady(event)" width="100%" height="100%" /> </mx:VBox> <mx:Script> <![CDATA[ //import flashx.textLayout.formats.Direction; import mx.effects.AddItemAction; //import flashx.textLayout.factory.TruncationOptions; import mx.controls.Alert; import mx.managers.PopUpManager; import mx.rpc.events.ResultEvent; import com.adobe.serialization.json.JSON; import flash.events.Event; import com.google.maps.*; import com.google.maps.overlays.*; import com.google.maps.services.*; import com.google.maps.controls.ZoomControl; import com.google.maps.controls.PositionControl; import com.google.maps.controls.MapTypeControl; import com.google.maps.services.ClientGeocoderOptions; import com.google.maps.LatLng; import com.google.maps.Map; import com.google.maps.MapEvent; import com.google.maps.MapMouseEvent; import com.google.maps.MapType; import com.google.maps.services.ClientGeocoder; import com.google.maps.services.GeocodingEvent; import com.google.maps.overlays.Marker; import com.google.maps.overlays.MarkerOptions; import com.google.maps.InfoWindowOptions; private function onMapReady(event:MapEvent):void { Security.allowInsecureDomain("maps.googleapis.com"); map.setCenter(new LatLng(41.651505,-72.094455), 13, MapType.NORMAL_MAP_TYPE); map.addControl(new ZoomControl()); map.addControl(new PositionControl()); map.addControl(new MapTypeControl()); map.enableScrollWheelZoom(); map.enableContinuousZoom(); } ]]> </mx:Script> </mx:TitleWindow> But i still get the following error using this: The requested URL /mapsapi/publicapi?file=flashapi&url=https%3A%2F%2Fvirtual.c7beta.com%2Findex_cloud.swf&key=ABQIAAAA0L1JEoR6rWjh-BBQnLMtMBTW_Qkp6J0z76Etz3qzo8Hg3HdUQhSnD6lqp53NB0UrBmg5Xm2DlazWqA&v=1.18&flc=xt was not found on this server. Any suggestions to what am I doing wrong here, what should i do to make this work. Regards zee

    Read the article

  • Silverlight, WCF service, integrated security AND ssl/https not possible?

    - by Flores
    I have this setup that works perfectly when using http. A silverlight 3 client .net 4 WCF service hosted in IIS with basicHttpBinding and using integrated security on the site When setting https to required on the website the setup stops working. Using the wcftestclient on the uri I get the message: The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'. The remote server returned an error: (401) Unauthorized. Maybe this makes sense because the wcftestclient does not pass credentials? in the web.config the security mode for the service binding is set is set to 'Transport'. The silverlight client is created like this: BasicHttpBinding basicHttpBinding = new BasicHttpBinding(); basicHttpBinding.Security.Mode = BasicHttpSecurityMode.Transport; var serviceClient = new ImportServiceClient(basicHttpBinding, serviceAddress); The service address is ofcourse starting with https:// And the silverlight client reports this error: The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via Remember, swithing it back to http (and setting security mode to 'TransportCredentialOnly' makes everything working again. Is the setup I want even supported? If so, how should it be configured?

    Read the article

  • mysql database that can be accessed over a vpn?

    - by user225269
    I have 2 computers. Both with w7 as os. I have installed wampserver on one of them. I have mysql database on wampserver. Then I have made a vb.net program to connect to mysql database. I have put the program on both computers. What I want to do is for those two programs to see the same database that is on one computer. For them to be able to add, delete, update that 1 database. How do I do that? How do I network the mysql database? Do I also have to install wampserver on the other computer? What do I do? Please enlighten me.

    Read the article

  • How do I ignore an "invalid" SSL certificate in Objective-C?

    - by ipwnstuff
    Currently I have: NSArray* array = [NSArray arrayWithObjects:@"auth.login",@"username",@"password", nil]; NSData* packed_array = [array messagePack]; NSURL* url = [NSURL URLWithString:@"https://192.168.1.149:3790/api/1.0"]; NSMutableURLRequest* request = [NSMutableURLRequest requestWithURL:url]; [request setHTTPMethod:@"POST"]; [request setValue:@"RPC Server" forHTTPHeaderField:@"Host"]; [request setValue:@"binary/message-pack" forHTTPHeaderField:@"Content-Type"]; [request setValue:[NSString stringWithFormat:@"%d",[packed_array length]] forHTTPHeaderField:@"Content-Length"]; [request setHTTPBody:packed_array]; NSURLResponse *response; NSError *error; responseData = [NSMutableData dataWithData:[NSURLConnection sendSynchronousRequest:request returningResponse:&response error:&error]]; NSLog(@"response data: %@",[responseData messagePackParse]); NSLog(@"error: %@",error); - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace { NSLog(@"called canAuthenticateAgainstProtectionSpace"); return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]; } - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { NSLog(@"called didReceiveAuthenticationChallenge"); [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; } Which returns "Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid"…" How should I be implementing the answer from this question?

    Read the article

  • How to Configure/Install HotSpotShield?

    - by user7044
    How to Configure/Install HotSpotShield under Ubuntu 11.04; Are there any other OpenSource VPN thru which we can see sites like www.hulu.com which are restricted outside of USA especially thru ubuntu 11.04+. Let me put this way, I wanted surf web securely by having dedicated secure VPN and I want keep the server at a centralized place. I usually travel in and out of USA; Currently I would like to try out home grown solution or open source service. Refer (The below sites says about installation and configuration) http://www.kalvster.com/tools/vpn-ubuntu-hotspot-shield.html http://www.youtube.com/watch?v=Njp--ZOEUfA

    Read the article

  • Problem setting up Master-Master Replication in MySQL

    - by Andrew
    I am attempting to setup Master-Master Replication on two MySQL database servers. I have followed the steps in this guide, but it fails in the middle of Step 4 with SHOW MASTER STATUS; It simply returns an empty set. I get the same 3 errors in both servers' logs. MySQL errors on SQL1: [ERROR] Failed to open the relay log './sql1-relay-bin.000001' (relay_log_pos 4) [ERROR] Could not find target log during relay log initialization [ERROR] Failed to initialize the master info structure MySQL Errors on SQL2: [ERROR] Failed to open the relay log './sql2-relay-bin.000001' (relay_log_pos 4) [ERROR] Could not find target log during relay log initialization [ERROR] Failed to initialize the master info structure The errors make no sense because I'm not referencing those files in any of my configurations. I'm using Ubuntu Server 10.04 x64 and my configuration files are copied below. I don't know where to go from here or how to troubleshoot this. Please help. Thanks. /etc/mysql/my.cnf on SQL1: # # The MySQL database server configuration file. # # You can copy this to one of: # - "/etc/mysql/my.cnf" to set global options, # - "~/.my.cnf" to set user-specific options. # # One can use all long options that the program supports. # Run program with --help to get a list of available options and with # --print-defaults to see which it would actually understand and use. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html # This will be passed to all mysql clients # It has been reported that passwords should be enclosed with ticks/quotes # escpecially if they contain "#" chars... # Remember to edit /etc/mysql/debian.cnf when changing the socket location. [client] port = 3306 socket = /var/run/mysqld/mysqld.sock # Here is entries for some specific programs # The following values assume you have at least 32M ram # This was formally known as [safe_mysqld]. Both versions are currently parsed. [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] # # * Basic Settings # # # * IMPORTANT # If you make changes to these settings and your system uses apparmor, you may # also need to also adjust /etc/apparmor.d/usr.sbin.mysqld. # user = mysql socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = <SQL1's IP> # # * Fine Tuning # key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover = BACKUP #max_connections = 100 #table_cache = 64 #thread_concurrency = 10 # # * Query Cache Configuration # query_cache_limit = 1M query_cache_size = 16M # # * Logging and Replication # # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. # As of 5.1 you can enable the log at runtime! #general_log_file = /var/log/mysql/mysql.log #general_log = 1 log_error = /var/log/mysql/error.log # Here you can see queries with especially long duration #log_slow_queries = /var/log/mysql/mysql-slow.log #long_query_time = 2 #log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. server-id = 1 replicate-same-server-id = 0 auto-increment-increment = 2 auto-increment-offset = 1 master-host = <SQL2's IP> master-user = slave_user master-password = "slave_password" master-connect-retry = 60 replicate-do-db = db1 log-bin= /var/log/mysql/mysql-bin.log binlog-do-db = db1 binlog-ignore-db = mysql relay-log = /var/lib/mysql/slave-relay.log relay-log-index = /var/lib/mysql/slave-relay-log.index expire_logs_days = 10 max_binlog_size = 500M # # * InnoDB # # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! # # * Security Features # # Read the manual, too, if you want chroot! # chroot = /var/lib/mysql/ # # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". # # ssl-ca=/etc/mysql/cacert.pem # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem [mysqldump] quick quote-names max_allowed_packet = 16M [mysql] #no-auto-rehash # faster start of mysql but no tab completition [isamchk] key_buffer = 16M # # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/ /etc/mysql/my.cnf on SQL2: # # The MySQL database server configuration file. # # You can copy this to one of: # - "/etc/mysql/my.cnf" to set global options, # - "~/.my.cnf" to set user-specific options. # # One can use all long options that the program supports. # Run program with --help to get a list of available options and with # --print-defaults to see which it would actually understand and use. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html # This will be passed to all mysql clients # It has been reported that passwords should be enclosed with ticks/quotes # escpecially if they contain "#" chars... # Remember to edit /etc/mysql/debian.cnf when changing the socket location. [client] port = 3306 socket = /var/run/mysqld/mysqld.sock # Here is entries for some specific programs # The following values assume you have at least 32M ram # This was formally known as [safe_mysqld]. Both versions are currently parsed. [mysqld_safe] socket = /var/run/mysqld/mysqld.sock nice = 0 [mysqld] # # * Basic Settings # # # * IMPORTANT # If you make changes to these settings and your system uses apparmor, you may # also need to also adjust /etc/apparmor.d/usr.sbin.mysqld. # user = mysql socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = <SQL2's IP> # # * Fine Tuning # key_buffer = 16M max_allowed_packet = 16M thread_stack = 192K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover = BACKUP #max_connections = 100 #table_cache = 64 #thread_concurrency = 10 # # * Query Cache Configuration # query_cache_limit = 1M query_cache_size = 16M # # * Logging and Replication # # Both location gets rotated by the cronjob. # Be aware that this log type is a performance killer. # As of 5.1 you can enable the log at runtime! #general_log_file = /var/log/mysql/mysql.log #general_log = 1 log_error = /var/log/mysql/error.log # Here you can see queries with especially long duration #log_slow_queries = /var/log/mysql/mysql-slow.log #long_query_time = 2 #log-queries-not-using-indexes # # The following can be used as easy to replay backup logs or for replication. # note: if you are setting up a replication slave, see README.Debian about # other settings you may need to change. server-id = 2 replicate-same-server-id = 0 auto-increment-increment = 2 auto-increment-offset = 2 master-host = <SQL1's IP> master-user = slave_user master-password = "slave_password" master-connect-retry = 60 replicate-do-db = db1 log-bin= /var/log/mysql/mysql-bin.log binlog-do-db = db1 binlog-ignore-db = mysql relay-log = /var/lib/mysql/slave-relay.log relay-log-index = /var/lib/mysql/slave-relay-log.index expire_logs_days = 10 max_binlog_size = 500M # # * InnoDB # # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. # Read the manual for more InnoDB related options. There are many! # # * Security Features # # Read the manual, too, if you want chroot! # chroot = /var/lib/mysql/ # # For generating SSL certificates I recommend the OpenSSL GUI "tinyca". # # ssl-ca=/etc/mysql/cacert.pem # ssl-cert=/etc/mysql/server-cert.pem # ssl-key=/etc/mysql/server-key.pem [mysqldump] quick quote-names max_allowed_packet = 16M [mysql] #no-auto-rehash # faster start of mysql but no tab completition [isamchk] key_buffer = 16M # # * IMPORTANT: Additional settings that can override those from this file! # The files must end with '.cnf', otherwise they'll be ignored. # !includedir /etc/mysql/conf.d/

    Read the article

  • Exception on SslStream.AuthenticateAsClient (The message was badly formatted)

    - by Noms
    I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder. Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library from an asp.net page or asmx web service I get the following exception. A call to SSPI failed, see inner exception. The message received was unexpected or badly formatted. This is my code: X509Certificate cert = new X509Certificate(certificateLocation, certificatePassword); X509CertificateCollection certCollection = new X509CertificateCollection(new X509Certificate[1] { cert }); // OPEN the new SSL Stream SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); ssl.AuthenticateAsClient(ipAddress, certCollection, SslProtocols.Default, false); ssl.AuthenticateAsClient is where the error gets thrown. This is driving me nuts. If the console application can connect fine, there must be some problem with asp.net network layer security that is failing the authentication... not sure, perhaps need to add something or some sort of security policy in the web.config. Also just to point out that i can connect fine on my local development machine both with console and website. Anyone has got any ideas?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 121 122 123 124 125 126 127 128 129 130 131 132  | Next Page >