I have setup centos7 server with virtualmin installed. I am using postfix as MTA but it shows that my outgoing (smtp) server is not encrypted. How to encrypt my outgoing smtp server running on port 587?
hostname: host.crystalsoft.com.np
Related
I tried setting up the outgoing server with the following credentials:
SMTP Server : smtp.office365.com, SMTP Port : 25, Connection Security :TLS (STARTTLS), Username : ***, Password : ***
The Test connection is successful, but my outgoing mail is failed with the following message:
Mail delivery failed via SMTP server 'smtp.office365.com'.
SMTPDataError: 554
5.2.252 SendAsDenied
Any clue will be helpful..
Try to set right configurations for outgoing SMTP server based on Google guides.
The outgoing SMTP server, smtp.gmail.com, supports TLS. If your client
begins with plain text, before issuing the STARTTLS command, use port
465 (for SSL), or port 587 (for TLS).
I am using HAProxy as a TCP load balancer in front of a series of Apache Pulsar Proxy. I am trying to enable SSL/TLS encryption for my connection to Apache Pulsar cluster. For testing I am using a let's encrypt cert. Unfortunately, when I am trying to connect to the admin REST API of the Apache Pulsar broker through the HAProxy host, I am met with a warning about a insecure connection or connection refused.
Currently my HAProxy config for an SSL connection on port 8443 looks like this:
listen https_frontend
bind :8443 ssl crt /etc/letsencrypt/live/my_url/haproxy_cert.pem
mode tcp
option tcplog
balance roundrobin
server proxy1 10.0.0.X:8443 check maxconn 10000
server proxy2 10.0.0.X:8443 check maxconn 10000
server proxy3 10.0.0.X:8443 check maxconn 10000
server proxy4 10.0.0.X:8443 check maxconn 10000
Do the Apache Pulsar proxies and brokers need their own certs as well?
Thanks!
It looks like you are forwarding a SSL/TLS port on HAProxy to the SSL/TLS port on the Pulsar proxy/broker (8443), assuming you are using the default port for that on the Pulsar proxy/broker. If you don't want to have to configure certificates on Pulsar proxy/broker for SSL/TLS, you should configure HAProxy to send to the plain-text port on the Pulsar proxy/broker (80).
I implemented a server with two deploy of different services(Apache and OpenFire).
And I want to implement https for my server, so my question is.
How to implement the SSL certificate on my server with two different application working with different ports?
I was looking about how to create a NAT network but I'm not sure if this is the best way to do it.
Apache is an HTTP Server and for SSL by default HTTP Servers use 443 port.
However, Openfire in an XMPP Server and you can enable TLS in it which will by default use 5222 port. And for Openfire's admin application, HTTPS will be on 9091 port by default.
So you can have both servers on same machine with SSL enabled.
I am running a FreeSWITCH server on a public domain. I am able to make call from my browser(WebRTC with sipjs) to the FreeSWITCH server from a direct Internet connection.
I am testing it on a Firewall that allows only TCP on port 443. I am running a separate TURN server. I am trying to connect from my browser by specifying TURN server with credentials. I am unable to make it work. PeerConnection is getting closed.
FreeSWTICH server is NOT behind Firewall
Client(browser) is behind Firewall
TURN server is available
Is there any configuration I have to do either in FreeSWITCH server or in the client end(javascript) to make it work?
You need to open UDP ports, cause signalling will go via WSS and media via UDP ports:
mod_sofia to serve SIP signaling via WSS and media via SRTP/DTLS.
https://www.packtpub.com/books/content/configuring-freeswitch-webrtc
Yes, you can use a TURN server. You will have to configure it to listen on port 443 with TCP, because by default a TURN server listens on port 3478.
However, if the Firewall checks for a TLS connection (i.e. for HTTPS), you will have to configure the TURN server as a TURNS (TURN over TLS).
I have created a test environment. I have one ldap client, ldap listener (as a ldap proxy) and a ldap server. Ldap client sends ldap requests to ldap proxy on port 389 (SSL). Ldap proxy decodes the ldap requests and forwards them to the ldap server on port 389. And the proxy forwards the reply of the ldap server to ldap client successfully.
I created SSL certificate on ldap server. And this time I tested that ldap client sends ldap requests to ldap proxy on port 389 (SSL). Ldap proxy forwarded requests to the ldap server on port 636. And the proxy forwards the reply of the ldap server to ldap client successfully.
But there is a problem when I try to use SSL on both sides. I mean
ldap client (port 636) -> ldap proxy (port 636) -> ldap server (port
636)
My client throws an exception
javax.net.ssl.SSLHandshakeException: Remote host closed connection
during handshake
I am using unboundid ldap sdk and LdapDebugger example as a ldap proxy. How can I configure ldaplistener to accept SSL encrypted requests(port 636)?
thanks in advance...
If you're using the ldap-debugger tool provided with the LDAP SDK, it currently only supports SSL for communicating with the backend server, but not when communicating with a client. That is, the "--useSSL" option applies only for communication between the LDAP debugger and the backend directory server, and not between the client and the LDAP debugger. However, because this is potentially a very useful feature, I have just committed a set of changes that add this capability, so if you check out and build the latest version of the LDAP SDK, you will find that the ldap-debugger tool has a new "--listenUsingSSL" argument that controls this.
Note that regardless of whether you're using the ldap-debugger tool or you have created your own listener via Java code, you need to ensure that you have a Java keystore that contains the SSL certificate that will be presented to clients. If the LDAP server you're using is Java-based (e.g., the in-memory directory server provided with the LDAP SDK), then you probably already have this. Otherwise, you'll need to create one. If you're just doing this for testing purposes, a self-signed certificate should be just fine (as long as the client trusts it, or is configured to blindly trust all certificates).