Article delegate-en/3418 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A3397@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: pop3 and pop3s proxy with filtered access
24 Jul 2006 16:37:26 GMT Nikolaus Filus <pgmgqbdyi-hugik5q3jnxr.ml@ml.delegate.org>


Hello,

Yutaka Sato wrote:
> Hi,
> 
> In message <_A3379@delegate-en.ML_> on 07/11/06(23:23:42)
> you Nikolaus Filus <pgmgqbdyi-hugik5q3jnxr.ml@ml.delegate.org> wrote:
>  |In order to circumvent the limitations of a PIX firewall I need to redirect some
>  | pop3 connections through delegate. How to configure it as an account-filtered
>  |pop3 and pop3s proxy?
> 
> What does "account-filtered proxy" do for example?

The pix firewall doesn't allow to access the internet from the VPN and it also
doesn't support redirecting all traffic to dst_port XXX to a proxy. For this I
started to experiment with delegate as a transparent proxy.


1. I manipulate DNS to return the delegate host instead of the real mail servers.
2. I want delegate to tranparently forward the configured servers and users to
the real servers. As the users shall be able to use the VPN without any changes
to their system when within the VPN, I must emulate the behaviour of the real
servers.
 - use username pattern "account-*%S" for server pop.myserver.de/account-*
 - allow plain pop3 and pop3s

How to do this?

>  |I tried the following with alterations with delegated 9.2.2
> 
> Is this configuration working as you expected?

No, I tracked it down to

delegated -vvv -P995 STLS=mitm/ssl RELIABLE="localhost" PERMIT="*:*:localhost" 	
	SERVER="pop3s"  MOUNT="* pop3s://pop.kundenserver.de:995/*"

and in a test with thunderbird to localhost:995 using pop3 with ssl, I can
sucessfully talk to delegate, which afterwards sends a TCP-handshake to the real
server, sslway gets SIGPIPE and immidiately a FIN-ACK, so no data is exchanged
between delegated proxy and real server.

So who has pop3s working?

07/24 18:32:08.80 [30476] 2+0: -- Fork(FSV): 30474 -> 30476
07/24 18:32:08.80 [30476] 2+0: TCP_NODELAY[8] 10 -> 18
07/24 18:32:08.80 [30476] 2+0: TCP_NODELAY[15] 10 -> 18
07/24 18:32:08.80 [30476] 2+0: ### [0] client-cert.pem 0
07/24 18:32:08.80 [30476] 2+0: ### [1] /root/client-cert.pem 0
07/24 18:32:08.81 [30476] 2+0: ### [2]
/var/spool/delegate-nobody/lib/client-cert.pem 0
07/24 18:32:08.81 [30476] 2+0: ### [3] /usr/local/sbin/client-cert.pem 0
07/24 18:32:08.81 [30476] 2+0: ### [4]
/var/spool/delegate-nobody/etc/client-cert.pem 0
07/24 18:32:08.81 [30474] 2+0: willSTLS_SV: ServerFlags=603B0
07/24 18:32:08.81 [30474] 2+0: POP S-D: SW07/24 18:32:08.81 [30474] 2+0:
willSTLS_SV: ServerFlags=603B0
07/24 18:32:08.81 [30474] 2+0:
dirfopen(/var/spool/delegate-nobody/act/clients/20/127.0.0.1:localhost,r+):
83242c0 [8]
07/24 18:32:08.81 [30474] 2+0: disconnected [18] -@[127.0.0.1]localhost:45487
(0.087s)(0)
07/24 18:32:08.81 [30475] 2+0: PollIns.POLLHUP (15) errno=0
07/24 18:32:08.81 [30475] 2+0: PollIns.POLLHUP (15) errno=0
07/24 18:32:08.82 [30476] 2+0: ## SSLway ## 0.011633 connected/accepted
07/24 18:32:08.82 [30476] 2+0: abort: caught SIGPIPE
07/24 18:32:08.85 [30449] 2+0: AcceptByMain: start polling(15000)[10]...
07/24 18:32:08.92 [30474] 2+0: CFI process [30475] done (1/2 AFT-1)
07/24 18:32:08.92 [30474] 2+0: CFI process [30476] done (2/2 AFT-1)
07/24 18:32:23.85 [30449] 2+0: AcceptByMain: TIMEOUT(children=1, timeout=15)
07/24 18:32:23.85 [30449] 2+0: (0) process [30474] dead

delegated is version updated to 9.2.3


Any ideas?!

Thanks in advance.
Nikolaus


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V