I tested now this option per vdomain and it doesn't work.
It allow login without ssl.
I tried reload and restart.
You add to each domain (except the new one)
ssl_require_login "*,!127.0.0.1"
I suggest you do this in the ini file directly.
ChrisP.
Hi Chris,
I have this version
SurgeMail Version 6.5b-39, Built Nov 25 2013 10:43:43, Platform Windows
Now I downloaded again and I see
SurgeMail Version 6.5b-44, Built Dec 17 2013 09:21:17, Platform Windows
I can find now ssl_require_login :)
I clear g_ssl_require_login but not sure what I need to do now.
Enter all domains in that field like
domain1.tld,domain2.tld,domain3.tld.....
I expected to see some check box per each vdomain.
I have a lot of domains on system and not sure if this is practical
and maybe there is some limit on field length.
On this system non-ssl access is not allowed for client to
send/receive mails.
So basically I have to add all domains to ssl_require list except
this one which I want to migrate.
I wouldn't play with this if they have several accounts but they
have almost 2000 accounts. They are university and I know it is not
practical to do all changes in one step for them.
Maybe you can add ssl_require_login_exclude option.
Can you confirm/suggest what to do?
Regards,
Darko Bazulj
On 12/17/2013 1:16 AM, surgemail-support wrote:
Check you have the right build:
surgemail -version
SurgeMail Version 6.5b-44, Built Dec 17 2013 09:21:17, Platform
Windows
Then you remove the global setting and add the setting to each
domain,
you should definitely be able to find the setting by searching
in the
admin interface.
ChrisP.
Hi Chris,
I copied new surgemail binary but I don't see ssl_require_login
option per vdomain. I also tried to search withouth sucess.
Or I just add that property in surgemail.ini and reload?
What about g_ssl_require_login
Do I clear that setting and add ssl_require_login for each vdomain
except for one which I will migrate?
And this parameter is per vdomain or per IP?
Can you just clarify so I don't do mistake or wrong assumptions.
Regards,
Darko Bazulj
On 12/16/2013 8:40 PM, surgemail-support wrote:
HEre is a binary, use the new domain level setting
ssl_require_login
instead to do what you want.
http://netwinsite.com/ftp/misc/v1.zip
ChrisP.
Hi,
I'm on windows 2008 R2 SP1 x64.
Regards,
Darko Bazulj
On 12/16/2013 2:22 AM, surgemail-support wrote:
Ahh I understand your issue now. No sorry it doesn't have such a
setting. Yes we can add one, what platform are you on.
ChrisP.
Hi,
g_ssl_require_login - check source IP and I don't know from where
all client will connect or from which ISP.
I tried to exclude local surgemail IP on list but I got error as
expected because source address is checked.
After pass POP3 statement I get error
pass PASSWORD
-ERR SSL required for ip (213.191.158.158)
quit
+OK closing connection
This is why I've idea to put domain on dedicated IP and somehow to
disable g_ssl_require_login check on that IP during transition
phase.
If this feature doesn't exist is it possible to implement it?
Regards,
Darko Bazulj
On 12/15/2013 8:15 PM, surgemail-support wrote:
Just extend this setting (using numbers and wild cards... e.g.
to add
10.1.2.* )
g_ssl_require_login *,!127.0.0.1,!10.1.2.*
ChrisP.
Hi,
I have several IPs on machine.
Only SSL access is enabled for client access.
g_ssl_require_login *,!127.0.0.1
g_ssl_allow "*"
g_ssl_allow_imap "*"
g_ssl_require_web "TRUE"
g_ssl_try_out "*"
g_ssl_disable_sslv2 "TRUE"
g_ssl_sha1_sign "TRUE"
I have to move client with ~2000 users.
For his domain I will setup dedicated IP.
Can I somehow exclude that local IP from forcing/checking for SSL?
I can't control source IPs from where they will be accessing this
mail system.
We need this for transition phase.
Maybe I'm missing some option like
g_ssl_exclude_local_ip
Regards,
Darko Bazulj
