[zorp-hu] pop3s, imaps, smtps

Tamas Barina tamas at barina.hu
2012. Aug. 28., K, 00:07:17 CEST


Sziasztok,

Elakadtam a pop3s, imaps, smtps beallitasokkal.
Ha 
- nincs zorp kozotte tokeletesen mukodik
- ha ssl nelkul hasznalom zorppal, tokeletesen mukodik

A relevans ssl beallitasaim (ezt a https alapjan keszitettem, ami
tokeletesen mukodik):

class Pop3sMail(Pop3):
     def config(self):
        Pop3.config(self)
        self.ssl.client_key_file = "/etc/ssl/sites/mail.valami.hu.key"
        self.ssl.client_cert_file = "/etc/ssl/sites/mail.valami.hu_ca.crt"
        self.ssl.client_ssl_method = SSL_METHOD_SSLV3
        self.ssl.server_ssl_method = SSL_METHOD_SSLV3
        self.ssl.client_connection_security = SSL_FORCE_SSL
        self.ssl.server_connection_security = SSL_FORCE_SSL
        self.ssl.client_disable_proto_sslv2 = TRUE
        self.ssl.server_disable_proto_sslv2 = TRUE
        self.ssl.client_ssl_cipher = SSL_CIPHERS_HIGH
        self.ssl.server_ssl_cipher = SSL_CIPHERS_HIGH
        self.ssl.client_verify_type = SSL_VERIFY_NONE
        self.ssl.server_verify_type = SSL_VERIFY_REQUIRED_UNTRUSTED
        self.ssl.client_need_ssl = TRUE
        self.ssl.server_need_ssl = TRUE
        self.ssl.client_verify_depth = 3
        self.ssl.server_verify_depth = 3

class ImapsMail(Imap):
     def config(self):
        Imap.config(self)
        self.ssl.client_key_file = "/etc/ssl/sites/mail.valami.hu.key"
        self.ssl.client_cert_file = "/etc/ssl/sites/mail.valami.hu_ca.crt"
        self.ssl.client_ssl_method = SSL_METHOD_SSLV3
        self.ssl.server_ssl_method = SSL_METHOD_SSLV3
        self.ssl.client_connection_security = SSL_FORCE_SSL
        self.ssl.server_connection_security = SSL_FORCE_SSL
        self.ssl.client_disable_proto_sslv2 = TRUE
        self.ssl.server_disable_proto_sslv2 = TRUE
        self.ssl.client_ssl_cipher = SSL_CIPHERS_HIGH
        self.ssl.server_ssl_cipher = SSL_CIPHERS_HIGH
        self.ssl.client_verify_type = SSL_VERIFY_NONE
        self.ssl.server_verify_type = SSL_VERIFY_REQUIRED_UNTRUSTED
        self.ssl.client_need_ssl = TRUE
        self.ssl.server_need_ssl = TRUE
        self.ssl.client_verify_depth = 3
        self.ssl.server_verify_depth = 3

class SmtpsMail(Smtp):
     def config(self):
        Smtp.config(self)
        self.ssl.client_key_file = "/etc/ssl/sites/mail.valami.hu.key"
        self.ssl.client_cert_file = "/etc/ssl/sites/mail.valami.hu_ca.crt"
        self.ssl.client_ssl_method = SSL_METHOD_SSLV3
        self.ssl.server_ssl_method = SSL_METHOD_SSLV3
        self.ssl.client_connection_security = SSL_FORCE_SSL
        self.ssl.server_connection_security = SSL_FORCE_SSL
        self.ssl.client_disable_proto_sslv2 = TRUE
        self.ssl.server_disable_proto_sslv2 = TRUE
        self.ssl.client_ssl_cipher = SSL_CIPHERS_HIGH
        self.ssl.server_ssl_cipher = SSL_CIPHERS_HIGH
        self.ssl.client_verify_type = SSL_VERIFY_NONE
        self.ssl.server_verify_type = SSL_VERIFY_REQUIRED_UNTRUSTED
        self.ssl.client_need_ssl = TRUE
        self.ssl.server_need_ssl = TRUE
        self.ssl.client_verify_depth = 3
        self.ssl.server_verify_depth = 3

Mit rontok el?

zorpctl version
Zorp 3.9.2
Revision:
ssh+git://coroner@git.balabit//var/scm/git/zorp/zorp-core--mainline--4.0#mas
ter#c52537337d6add922cdb65a04767d8a74b2eef12
Compile-Date: Jan  4 2012 13:57:32
Config-Date: 2012/01/04
Trace: off
Debug: off
IPOptions: off
IPFilter-Tproxy: off
Netfilter-Tproxy: on
Linux22-Tproxy: off

libzorpll 3.9.1.0
Revision:
Compile-Date: Feb 27 2012 21:33:36
Trace: off
MemTrace: off
Caps: on
Debug: off
StackDump: off

Tamas Barina 




További információk a(z) zorp-hu levelezőlistáról