Hi Chris,
I tested now this option per vdomain and it doesn't work.
It allow login without ssl.
vdomain address="x.x.x.x" name="domain.tld"
ssl_require_login "*,!127.0.0.1"
I tried reload and restart.
Can you check?
Regards,
Darko Bazulj
On 12/17/2013 2:12 AM, surgemail-support wrote:
> You add to each domain (except the new one)
> ssl_require_login "*,!127.0.0.1"
> I suggest you do this in the ini file directly.
> ChrisP.
>
> Hi Chris,
> I have this version
> SurgeMail Version 6.5b-39, Built Nov 25 2013 10:43:43, Platform Windows
> Now I downloaded again and I see
> SurgeMail Version 6.5b-44, Built Dec 17 2013 09:21:17, Platform Windows
> I can find now ssl_require_login :)
> I clear g_ssl_require_login but not sure what I need to do now.
> Enter all domains in that field like
> domain1.tld,domain2.tld,domain3.tld.....
> I expected to see some check box per each vdomain.
> I have a lot of domains on system and not sure if this is practical
> and maybe there is some limit on field length.
> On this system non-ssl access is not allowed for client to
> send/receive mails.
> So basically I have to add all domains to ssl_require list except
> this one which I want to migrate.
> I wouldn't play with this if they have several accounts but they
> have almost 2000 accounts. They are university and I know it is not
> practical to do all changes in one step for them.
> Maybe you can add ssl_require_login_exclude option.
> Can you confirm/suggest what to do?
> Regards,
> Darko Bazulj
> On 12/17/2013 1:16 AM, surgemail-support wrote:
>
> Check you have the right build:
> surgemail -version
> SurgeMail Version 6.5b-44, Built Dec 17 2013 09:21:17, Platform
> Windows
> Then you remove the global setting and add the setting to each
> domain,
> you should definitely be able to find the setting by searching
> in the
> admin interface.
> ChrisP.
> Hi Chris,
> I copied new surgemail binary but I don't see ssl_require_login
> option per vdomain. I also tried to search withouth sucess.
> Or I just add that property in surgemail.ini and reload?
> What about g_ssl_require_login
> Do I clear that setting and add ssl_require_login for each vdomain
> except for one which I will migrate?
> And this parameter is per vdomain or per IP?
> Can you just clarify so I don't do mistake or wrong assumptions.
> Regards,
> Darko Bazulj
> On 12/16/2013 8:40 PM, surgemail-support wrote:
> HEre is a binary, use the new domain level setting
> ssl_require_login
> instead to do what you want.
> http://netwinsite.com/ftp/misc/v1.zip
> ChrisP.
> Hi,
> I'm on windows 2008 R2 SP1 x64.
> Regards,
> Darko Bazulj
> On 12/16/2013 2:22 AM, surgemail-support wrote:
> Ahh I understand your issue now. No sorry it doesn't have such a
> setting. Yes we can add one, what platform are you on.
> ChrisP.
> Hi,
> g_ssl_require_login - check source IP and I don't know from where
> all client will connect or from which ISP.
> I tried to exclude local surgemail IP on list but I got error as
> expected because source address is checked.
> After pass POP3 statement I get error
> pass PASSWORD
> -ERR SSL required for ip (213.191.158.158)
> quit
> +OK closing connection
> This is why I've idea to put domain on dedicated IP and somehow to
> disable g_ssl_require_login check on that IP during transition
> phase.
> If this feature doesn't exist is it possible to implement it?
> Regards,
> Darko Bazulj
> On 12/15/2013 8:15 PM, surgemail-support wrote:
> Just extend this setting (using numbers and wild cards... e.g.
> to add
> 10.1.2.* )
> g_ssl_require_login *,!127.0.0.1,!10.1.2.*
> ChrisP.
> Hi,
> I have several IPs on machine.
> Only SSL access is enabled for client access.
> g_ssl_require_login *,!127.0.0.1
> g_ssl_allow "*"
> g_ssl_allow_imap "*"
> g_ssl_require_web "TRUE"
> g_ssl_try_out "*"
> g_ssl_disable_sslv2 "TRUE"
> g_ssl_sha1_sign "TRUE"
> I have to move client with ~2000 users.
> For his domain I will setup dedicated IP.
> Can I somehow exclude that local IP from forcing/checking for SSL?
> I can't control source IPs from where they will be accessing this
> mail system.
> We need this for transition phase.
> Maybe I'm missing some option like
> g_ssl_exclude_local_ip
> Regards,
> Darko Bazulj
>
|