Hello, This is to anyone who has setup and operates their own email server rather than relying on a cloud provider. If you do can you email me privately? I've got an email server that is being contrary. It runs Dovecot for Imap, Postfix for Smtp, apache as webserver, and roundcube as an email frontend. The short version is about two days ago about the same time as I put in the google two factor authentication plugin for roundcube the latest version of Chrome and just found out Firefox latest will no longer log in. I don't see anything in the logs it's as if there is no login atempts at all. The problem I am having with this and the contrary part of this is that IE11 works just fine, logs in great. It is quite prplexing. Please suggestions welcome. Thanks. Dave.
I believe it has to do w/lack of support for older versions of SSl. IE
supports them, most other browsers do not. Which authority did you
obtain a security certificate from?
On 4/11/20, David Mehler
Hello,
This is to anyone who has setup and operates their own email server rather than relying on a cloud provider. If you do can you email me privately?
I've got an email server that is being contrary. It runs Dovecot for Imap, Postfix for Smtp, apache as webserver, and roundcube as an email frontend. The short version is about two days ago about the same time as I put in the google two factor authentication plugin for roundcube the latest version of Chrome and just found out Firefox latest will no longer log in. I don't see anything in the logs it's as if there is no login atempts at all. The problem I am having with this and the contrary part of this is that IE11 works just fine, logs in great.
It is quite prplexing.
Please suggestions welcome. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Subscribe to a WordPress for Newbies Mailing List by sending a message to: wp4newbs-request@freelists.org with 'subscribe' in the Subject field OR by visiting the list page at http://www.freelists.org/list/wp4newbs & check out my sites at www.brighter-vision.com & www.mysitesbeenhacked.com
Hello,
Thanks, I hadn't gone there, as I said it is in my mind contrary, IE
shouldn't work, chrome and firefox should. I got my certificates from
letsencrypt.
Thanks.
Dave.
On 4/11/20, Jackie McBride
I believe it has to do w/lack of support for older versions of SSl. IE supports them, most other browsers do not. Which authority did you obtain a security certificate from?
On 4/11/20, David Mehler
wrote: Hello,
This is to anyone who has setup and operates their own email server rather than relying on a cloud provider. If you do can you email me privately?
I've got an email server that is being contrary. It runs Dovecot for Imap, Postfix for Smtp, apache as webserver, and roundcube as an email frontend. The short version is about two days ago about the same time as I put in the google two factor authentication plugin for roundcube the latest version of Chrome and just found out Firefox latest will no longer log in. I don't see anything in the logs it's as if there is no login atempts at all. The problem I am having with this and the contrary part of this is that IE11 works just fine, logs in great.
It is quite prplexing.
Please suggestions welcome. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Subscribe to a WordPress for Newbies Mailing List by sending a message to: wp4newbs-request@freelists.org with 'subscribe' in the Subject field OR by visiting the list page at http://www.freelists.org/list/wp4newbs & check out my sites at www.brighter-vision.com & www.mysitesbeenhacked.com _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
LetsEncrypt is fine. You should likely check your email config to
determine what versions of ssl it is currently supporting.
On 4/11/20, David Mehler
Hello,
Thanks, I hadn't gone there, as I said it is in my mind contrary, IE shouldn't work, chrome and firefox should. I got my certificates from letsencrypt.
Thanks. Dave.
On 4/11/20, Jackie McBride
wrote: I believe it has to do w/lack of support for older versions of SSl. IE supports them, most other browsers do not. Which authority did you obtain a security certificate from?
On 4/11/20, David Mehler
wrote: Hello,
This is to anyone who has setup and operates their own email server rather than relying on a cloud provider. If you do can you email me privately?
I've got an email server that is being contrary. It runs Dovecot for Imap, Postfix for Smtp, apache as webserver, and roundcube as an email frontend. The short version is about two days ago about the same time as I put in the google two factor authentication plugin for roundcube the latest version of Chrome and just found out Firefox latest will no longer log in. I don't see anything in the logs it's as if there is no login atempts at all. The problem I am having with this and the contrary part of this is that IE11 works just fine, logs in great.
It is quite prplexing.
Please suggestions welcome. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Subscribe to a WordPress for Newbies Mailing List by sending a message to: wp4newbs-request@freelists.org with 'subscribe' in the Subject field OR by visiting the list page at http://www.freelists.org/list/wp4newbs & check out my sites at www.brighter-vision.com & www.mysitesbeenhacked.com _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
-- Subscribe to a WordPress for Newbies Mailing List by sending a message to: wp4newbs-request@freelists.org with 'subscribe' in the Subject field OR by visiting the list page at http://www.freelists.org/list/wp4newbs & check out my sites at www.brighter-vision.com & www.mysitesbeenhacked.com
Hi,
Are you using this plugin:
https://plugins.roundcube.net/packages/alexandregz/twofactor_gauthenticator
I don't think its to do with SSL because technically the login can operate without SSL (the 2fa step is just an extra step and transport security isn't an issue). Having said that there may be a potential issue if your web server is directing you to a non-HTTPS link for a .JS file or similar, Chrome really hates this.
You could test this by turning off SSL and logging in with a test password to see if that works.
Are you sure the clock is synchronised on client and server devices as that is usually where trouble occurs. I take it on Chrome when logging in you just get access denied or are you not getting the Webmail session at all?
Andrew.
-----Original Message-----
From: David Mehler
Hello,
Thanks for your reply. I do have the 2factor authentication plugin
loaded but it is not configured for this user. I'm not getting a error
message it's not pulling up the inbox at all with chrome. I've
commented out the loading of this file and the issue has been
resolved. Something in it is preventing chrome and firefox from
working yet not IE11 which I found contrary.
Thanks.
Dave.
#
# httpd-security.conf:
# Security hardening settings
#
# Disable ETag
# FileETag None doesn't work in all cases.
<IfModule mod_headers.c>
Header unset ETag
</IfModule>
FileETag None
# Unset the server
Header unset Server
# Disable Trace http requests
TraceEnable off
# Set cookie with HttpOnly and Secure flag
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
# Prevent ClickJacking
# Deny outright
#Header always set X-Frame-Options DENY
# Roundcube needs this for displaying messages in tabs
#Header always set X-Frame-Options SAMEORIGIN
# Prevent Cross Site Scripting (XSS)
#Header set X-XSS-Protection "1; mode=block"
# Prevent Mime Types Security risks
# Enforce MIME types for script and style elements
Header always set X-Content-Type-Options nosniff
# Content-Security-Policy
#Header always set Content-Security-Policy "default-src 'self';
script-src 'self'; connect-src 'self'; img-src 'self'; style-src
'self'; frame-ancestors 'self'"
# Enable Content Security Policy (Level 2)
Header always set Content-Security-Policy "default-src 'none'; img-src
'self'; style-src 'self'; font-src 'self'; base-uri 'none';
frame-ancestors 'none'; form-action 'none'"
# Disable Referrer which isn't needed when you don't use authentication
#Header always set Referrer-Policy "no-referrer"
Header always set Referrer-Policy "strict-origin"
# Cross-domain-policy
Header set X-Permitted-Cross-Domain-Policies "none"
# Referer policy
#Header always set Referrer-Policy "strict-origin"
# expect-ct policy
Header always set Expect-CT 'enforce, max-age=43200'
# Enable HSTS
Header always set Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload" env=HTTPS
# unset the server powered by header
Header unset X-Powered-By
Header always unset X-Powered-By
# Disable HTTP 1.0 protocol
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/1.1$
RewriteRule .* - [F]
# For mod security
#<IfModule security3_module>
#Include /usr/local/etc/modsecurity/*.conf
# Load the base Owasp rules
#Include etc/modsecurity/owasp-modsecurity-crs/rules/*.conf
#</IfModule>
# mod_evasive
#<IfModule mod_evasive20.c>
#DOSHashTableSize 3097
#DOSPageCount 2
#DOSSiteCount 50
#DOSPageInterval 1
#DOSSiteInterval 1
#DOSBlockingPeriod 60
#DOSEmailNotify root@davemehler.com
#DOSWhitelist 127.0.0.1
#DOSSystemCommand '/sbin/pfctl -t evasive -T add %s'
#</IfModule>
# Send the CORS header for images when browsers request it.
#
# https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_enabled_image
# https://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.htm...
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
Hi,
Are you using this plugin:
https://plugins.roundcube.net/packages/alexandregz/twofactor_gauthenticator
I don't think its to do with SSL because technically the login can operate without SSL (the 2fa step is just an extra step and transport security isn't an issue). Having said that there may be a potential issue if your web server is directing you to a non-HTTPS link for a .JS file or similar, Chrome really hates this.
You could test this by turning off SSL and logging in with a test password to see if that works.
Are you sure the clock is synchronised on client and server devices as that is usually where trouble occurs. I take it on Chrome when logging in you just get access denied or are you not getting the Webmail session at all?
Andrew.
-----Original Message----- From: David Mehler
Sent: 12 April 2020 03:23 To: blind-sysadmins Subject: [Blind-sysadmins] email server being contrary Hello,
This is to anyone who has setup and operates their own email server rather than relying on a cloud provider. If you do can you email me privately?
I've got an email server that is being contrary. It runs Dovecot for Imap, Postfix for Smtp, apache as webserver, and roundcube as an email frontend. The short version is about two days ago about the same time as I put in the google two factor authentication plugin for roundcube the latest version of Chrome and just found out Firefox latest will no longer log in. I don't see anything in the logs it's as if there is no login atempts at all. The problem I am having with this and the contrary part of this is that IE11 works just fine, logs in great.
It is quite prplexing.
Please suggestions welcome. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
Hi,
So its not the 2 factor auth plugin then but something in that security hardening file which does look as though its quite progressive in its settings. Where did that file come from, do you understand all the settings and why they have been set in that way?
If it were me I would try commenting out that file and uncommenting sections to see which is causing the trouble.
Andrew.
-----Original Message-----
From: David Mehler
Hi,
Are you using this plugin:
https://plugins.roundcube.net/packages/alexandregz/twofactor_gauthenti cator
I don't think its to do with SSL because technically the login can operate without SSL (the 2fa step is just an extra step and transport security isn't an issue). Having said that there may be a potential issue if your web server is directing you to a non-HTTPS link for a .JS file or similar, Chrome really hates this.
You could test this by turning off SSL and logging in with a test password to see if that works.
Are you sure the clock is synchronised on client and server devices as that is usually where trouble occurs. I take it on Chrome when logging in you just get access denied or are you not getting the Webmail session at all?
Andrew.
-----Original Message----- From: David Mehler
Sent: 12 April 2020 03:23 To: blind-sysadmins Subject: [Blind-sysadmins] email server being contrary Hello,
This is to anyone who has setup and operates their own email server rather than relying on a cloud provider. If you do can you email me privately?
I've got an email server that is being contrary. It runs Dovecot for Imap, Postfix for Smtp, apache as webserver, and roundcube as an email frontend. The short version is about two days ago about the same time as I put in the google two factor authentication plugin for roundcube the latest version of Chrome and just found out Firefox latest will no longer log in. I don't see anything in the logs it's as if there is no login atempts at all. The problem I am having with this and the contrary part of this is that IE11 works just fine, logs in great.
It is quite prplexing.
Please suggestions welcome. Thanks. Dave. _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org _______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
_______________________________________________ Blind-sysadmins mailing list -- blind-sysadmins@lists.hodgsonfamily.org To unsubscribe send an email to blind-sysadmins-leave@lists.hodgsonfamily.org
participants (3)
-
Andrew Hodgson
-
David Mehler
-
Jackie McBride