Profile Details

Toggle Sidebar
Recent updates
  • Hi Peter,
    I have a couple of questions. I've been logged into Netify for about 30 min, and I am seeing the following in the logs:I think it only started once I logged in.

    Also, more relevant to the thread, I am seeing a load of BitTorrent on my 9 year-old's iPad. He does not have a BitTorrent client installed, but he is constantly streaming from YouTube or watching BBC iPlayer. I just saw him and it he is currently watching iPlayer. Do you know if the iPlayer uses bittorrent? I didn't think it did.

  • Nick Howitt
    Nick Howitt replied to a discussion, smtp temporary lookup failure

    I am just about at the end of what I can do. The only thing I notice is your transport.db does not match your transport file. In the webconfig, please change the Mail Forwarding section. If it is empty, please add something then remove it. If it is not empty, please change it then change it back. Also is there anything active in the virtual file? Something like this should show it:I don't think you'll find anything as I think it is the original packaged file.

  • clamav-0.101.5 avaialble for testing

    This package is a a CVE fix but has one other great improvement - announcement.

    The big improvement is in the time it takes to load the virus database. We have been struggling for a while with start up times which forced us to increase the startup timeout a couple of times right up to 300s as clamd was not starting up in the default 90s, especially on slower systems.
    On my Microserver (AMD Opteron(tm) X3216 APU), clamd was taking 2m30s to start. Now it is taking under 40s. On my server (Intel(R) Core(TM) i3-4130) it was taking 1m10s and this has now reduced to under 30s.

    I would like to get this into the community as soon as possible. To update please run:

  • What was it scanning? The web server or webconfig or both.

    Let us consider what this means. The webserver accepts port 80 (unencrypted) and port 443 (encrypted). Your browser negotiates with the server an acceptable certificate. I believe it tries to negotiate an acceptable minimum. If someone connects to your site with a browser incapable ot TLS 1.1, do you want to turn him away (if you redirect http to https) or are you happy for him to continue at his risk? Or would you want him to revert to http so go totally unencrypted.

    The same thing goes for the webconfig, but it is https on port 81 only.

    You are welcome to change the parameters. For the Webserver, you'd really need to find the code which wretes the flex-443.conf file and modify that as well.

    Googling some more and it looks like I have the wrong parameter. The correct on seems to be SSLProtocol


    This may give you all the file locations of the relevant code:
    And:

    I am, therefore, curious as to where the scanner found the failure. It is possible that the default website can use SSLv3 because of "/etc/httpd/conf.d/ssl.conf:SSLProtocol all -SSLv2", but not SSLv2. Try changing that line. If you do, the webconfig should not overwrite it.

  • Nick Howitt
    Nick Howitt replied to a discussion, smtp temporary lookup failure

    That looks OK, I think. They are using the same search_base and it ties up with LDAP.

    I am really struggling. What is the output to:Please put your results between code tags (the piece of paper icon with a <> on it)

  • It depends on where you mean. In the webconfig the file is /usr/clearos/sandbox/etc/httpd/conf.d/framework.conf and the SSLCipherSuite parameter. In the web server it is possibly /etc/httpd/conf.d/flex-443.conf but that gets overwritten each time you make a flexshare website change. Also look at /etc/httpd/conf.d/ssl.conf. In postfix it is probably in /etc/postfix/main.cf. Be wary of changing postfix as you might find that you block some people from sending you e-mail if their MTA can only do low grade encryption. If they can only do low grade, they may fall back to no encryption, but surely something is better than nothing? Or you could change postfix to insist on encrypted e-mails but then you may block e-mails from senders who can't match your encryption requirements.

  • Nick Howitt
    Nick Howitt replied to a discussion, Community Report - 2019-11-18

    Probably it can be used directly as it is only bug fixes. Unfortunately we have hit some serious delays to releasing anything like this.

    Thanks for the heads up anyway.

  • Nick Howitt
    Nick Howitt replied to a discussion, smtp temporary lookup failure

    What do you get from:And what are the contents of /etc/postfix/imap-aliases.cf and /etc/postfix/imap-groups.cf?

  • Nick Howitt
    Nick Howitt replied to a discussion, smtp temporary lookup failure

    How much of your config did you copy in from your old system? If you copied in things like /etc/postfix/imap-aliases.cf and /etc/postfix/imap-groups.cf, with a new installation, your ldap parameters may have changed. Also did you copy in your /etc/postfix/sasl_passwd and /etc/postfix/sasl_passwd.db?

  • Nick Howitt
    Nick Howitt replied to a discussion, Connection Refused by Server

    Hmm. This is not very helpful as I have just downloaded Filezilla and I get:So, right now I am a bit short of ideas.

    Can the user access the share through Windows Filesharing?