Firewall settings for Authenticated SMTP over SSL?

Similar Messages

• Error when trying to se smtp over ssl

  Hi all ,
  I have a webdynpro application that sends mail using smtp over ssl .
  Ihvae imported the ca certificate to trused ca key store , but when I run the application I get the following error :
  javax.mail.MessagingException: Exception reading response;
    nested exception is:
       javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  could you please help
  Regards ,
  Oren

  My apologies for jumping into this thread, but I'm having a similar problem. I placed a file into the webroot/vod folder for testing purposes, but I cannot play the file when I use it as a source for the HTML5 <video> tag. When I try to access the file directly, http://63.116.232.4/vod/AmericanFlag.mov I get the following error messages:
  Not Found The requested URL /vod/AmericanFlag.mov was not found on this server.Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h Server at 63.116.232.4 Port 80
  The sample file, however, plays through Safari with no problems. http://www.librarymedia.net/Flash3/HTML5.html

• How to export/save settings for Authentication?

  Hello all,
  what is the best way to export/save settings for Authentication and 'core settings' of authentication using ssoadm?
  I want to save all settings from:
  (Top Level Realm) -> Authentication [ in web gui console].
  Also all settings from 'All Core Settings'. Is there a way to do that from command line?
  Thank you

  Does the backed up copy of the iPhone's settings include the voicemail information? I'm wanting to do a "restore" on the iPhone, but want to find a way to keep the voicemails and not lose them

• Firewall settings for websites

  Hello All:
  Is there a way to set a Firewall setting/level for an individiual web site?
  We have a DSL service and use a Verizon Westell 7500 modem/router with four ports.  The Firewall setting had been on medium and the Firewall was turned off on the Mac Mini. With these settings we were unable to get into a web site.
  I went into the Westell control panel and lowered the Firewall level to the low setting, I also turned on the Firewall on the Mac Mini and now we are able to get into the same web site.
  The problem is - we are afraid that the low setting for the Firewall in the Westell might be dangerious to us for continous usage.
  So, I wanted to know if there is a way to set a  low Firewall setting just for the website we had trouble with and have a medium Firewall setting
  for are regular usage.
  Thanks for any input.

  An NAT router is what enables you to share a single Internet connection among two or more devices. That's what you have.
  It protects any network services you have running on your own network from being accessed from outside your network. You don't need a firewall for that, unless you have intentionally exposed services to the Internet.
  A firewall does nothing to protect you from malware, if that's what you're worried about. I suggest you turn it off.

• HT1810 firewall settings for apple tv

  What firewall settings do I need for airplay for Mac OS Mavericks?

  From the article linked below:
  Firewall security settings
  If you use the firewall, make sure the following firewall security options have been set to allow AirPlay Mirroring to work:
  Choose Apple menu () > System Preferences.
  Click Security & Privacy, and then click Firewall.
  Click the lock icon to unlock it if it's locked, then type an administrator name and password.
  Click Firewall Options.
  Uncheck (deselect) “Block all incoming connections” checkbox.
  Select (check) the “Automatically allow signed software to receive incoming connections” checkbox.
  AirPlay Mirroring - About

• Configuring IMAP - POP - SMTP over SSL

  Hi,
  I have configured SSL for webserver. I have copied same cert database (cert8.db and key3.db) in the config directory of messaging server. Changed the ownership of database to messaging server user. Password file is updated. I am able to see the certficate (./msgcert list-certs and ./msgcert show-cert cert1).
  SSL is enabled for IMAP and POP.
  # ./getconf | grep ssl
  service.imap.enablesslport = 1
  service.imap.sslcachesize = 0
  service.imap.sslport = 993
  service.imap.sslusessl = yes
  service.pop.enablesslport = 1
  service.pop.sslcachesize = 0
  service.pop.sslport = 995
  service.pop.sslusessl = yes
  I am not able to connect to 993 and 995 port.
  bash-3.00# telnet mail1 995
  Trying 10.77.33.135...
  telnet: Unable to connect to remote host: Connection refused
  bash-3.00# telnet mail1 993
  Trying 10.77.33.135...
  telnet: Unable to connect to remote host: Connection refused
  Am I missing any step? How do I use IMAP / POP over ssl?
  Thanks and Regards,
  Shashank

  for a simple ssl client, use openssl:
  openssl s_client -connect imap.gmail.com:993provides the following output:
  CONNECTED(00000003)
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
  verify error:num=20:unable to get local issuer certificate
  verify return:1
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
  verify error:num=27:certificate not trusted
  verify return:1
  depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
  verify error:num=21:unable to verify the first certificate
  verify return:1
  Certificate chain
  0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
     i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
  Server certificate
  -----BEGIN CERTIFICATE-----
  MIIDYzCCAsygAwIBAgIQCtN0WxFVbbMJoG3rDFxPezANBgkqhkiG9w0BAQUFADCB
  zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
  Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
  CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
  d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
  cnZlckB0aGF3dGUuY29tMB4XDTA4MDQyOTAwMTEwOVoXDTA5MDQyOTAwMTEwOVow
  aDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
  dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxFzAVBgNVBAMTDmltYXAu
  Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDFMvRc3adE9FQT
  U957F6ogQjmQRg6PGKSg79ECfMsDu/Rjrx2mFDmdScPLdHJxMgwfSrKGC/+R0OEf
  FLDCXsNng6lwrCGL1xQXwNF1mfbzQZTa01HkiGQKcv6e93jZ1FTLHTak1eja6SA+
  62IW+CSxyUGyue56quHza6zec2bhZQIDAQABo4GmMIGjMB0GA1UdJQQWMBQGCCsG
  AQUFBwMBBggrBgEFBQcDAjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLnRo
  YXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAyBggrBgEFBQcBAQQm
  MCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDAYDVR0TAQH/
  BAIwADANBgkqhkiG9w0BAQUFAAOBgQBycxu3lqcaaIly9avL8Xw80+SFeWVJCUdO
  A2n2Y12OcKYeYCXuMJiHREpg+u8rjnUoDccdt7bhYq3sdhYARxtD47VjsqdpxnN0
  9ERig/Dc0vRHGdBaxJX9OfDzpJjXdcTmMfN4xfbshJr6hlsfnQ5fzw1Fk7ya4PzD
  PaGdeSi00w==
  -----END CERTIFICATE-----
  subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com
  issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/[email protected]
  No client certificate CA names sent
  SSL handshake has read 1017 bytes and written 324 bytes
  New, TLSv1/SSLv3, Cipher is RC4-MD5
  Server public key is 1024 bit
  Compression: NONE
  Expansion: NONE
  SSL-Session:
      Protocol  : TLSv1
      Cipher    : RC4-MD5
      Session-ID: 86F8C5265F6EE4524797F2139851376D20D702BB9EFFB78C5CD35999DE3B4C7A
      Session-ID-ctx:
      Master-Key: EA5857BBF58622793961B6CFEE448D079E249AF36171532F40C46C2E3887E08ACFBAC823D2186231D228ECB726140718
      Key-Arg   : None
      Start Time: 1213099885
      Timeout   : 300 (sec)
      Verify return code: 21 (unable to verify the first certificate)
  ---It helps you figure out if you configured your servers correctly. It shows the cert chain sent by server, negotiated cipher suite, and whether any client-auth DNs were sent.

• LastLogonTimeStamp Attribute Not Updated for Computer Account Over SSL-VPN

  We like to use LastLogonTimeStamp (LLTS) to find stale computer accounts, disable them, and eventually delete time.  What we have found is that domain member computers that connect to the domain exclusively by SSL-VPN (for instance in the case of employees
  who work from their home office) do not update LLTS.  Consequently these computers frequently appear on stale computer reports.
  I suppose the required logon type is never used when connecting over SSL-VPN.  Therefore I would like to know if there is a way via a logon script or some other method that we can update this attribute.

  That is normal as you connect to VPN using locally cached credentials for the user and the computer accounts.
  My recommendation to track these computers is to have an agent that periodically report the computer status (Example: Using Microsoft Intune) or have a scheduled task that will run a script when the user is connected to VPN and register the computer name
  as active in a file that is hosted in a share.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• LAN side firewall settings for Direct Access (Windows Server 2012 R2) in DMZ?

  I am currently planning to set up our first Direct Access server (Windows Server 2012 R2). I will be in our firewall DMZ and we will be using the IP-HTTPS listener.
  For the Internet facing rule only TCP 443 inbound/outbound is sufficient but for the LAN facing rules (not talking about the Windows server firewall) what would be the recommended firewall rules for a Direct Access server? Is there a best practice guideline
  to follow for this? Appreciate any advice or comments. Thank you.

  Hi Barkley
  Please see this Technet Link which will backup your requirements - https://technet.microsoft.com/en-gb/library/jj574101.aspx
  Section Reads - 
  When using additional firewalls, apply the following internal network firewall exceptions for Remote Access traffic:
  ISATAP—Protocol 41 inbound and outbound
  TCP/UDP for all IPv4/IPv6 traffic
  Also another link from http://www.ironnetworks.com/blog/directaccess-network-deployment-scenarios#.VO3tfvmsVrU
  "I have had a number of conversations with security administrators and network architects who have expressed a desire to place the DirectAccess server between two firewalls (firewall sandwich) in order to explicitly control access from the DirectAccess
  server to the internal corporate network. While at first this may sound like a sensible solution, it is often quite problematic and, in my opinion, does little to improve the overall security of the solution. Restricting network access from the DirectAccess
  server to the internal LAN requires so many ports to be opened on the inside firewall that the benefit of having the firewall is greatly diminished. Placing the DirectAccess server’s internal network interface on the LAN unrestricted is the best configuration
  in terms of supportability and provides the best user experience."
  Kindest Regards
  John Davies
  Thank for your reply and information John. I find it somewhat disappointing that Microsoft does not provide much more in the way of documentation and information regarding this topic. I required more information to show to our security team so they will allow
  us to have the internal facing NIC not have more restrictive rules in place as it is a security concern.

• Firewall Settings for Crystal Reports

  In the SAP Solutions Installation and Administration Guide the fire wall settings which are described are based on the SAP Gateway service listening port and the SAP Dispatcher service listening port.
  Both the port are opened but there is still the database popup asking for the username/password when the report is refreshed used with a SAP account within Infoview.
  If this report is tested on an environment without a firewall there is no database popup.
  So my question is if it is enough to only open both the SAP ports in the firewall or do we also need additional ports for different BO services like the Crystal Report processing services.
  Thanks,
  Jan

  Hello Keith,
  You are asking an Enterprise configuration issue, not a data connectivity issue. You really should post your question to the Business Objects forums.
  Enterprise can be configured to work with firewalls. Ports can be set on the various servers using command line switches, etc. I believe firewall configuration is covered in the BOE XIR2 Admin guide, or possibly one of the appendicies. Here's a link to the BOE XIR2 Admin guide:
  [BusinessObjects Enterprise XI Release 2 Administrator's Guide|http://help.sap.com/businessobject/product_guides/boexir2/en/xir2_bip_Admin_en.pdf]
  If you need additional assistance you should consider opening a support case.
  I hope this helps!
  Sincerely,
  Dan Kelleher

• Minimum NAT/firewall settings for iChat audio/video to work?

  I've read the docs on teh ports and firewall issues but it is still unclear to me.
  I have
  1. An OS X Server 10.5.2 connected to the internet behind a router with NAT and running a firewall. NAT and of course the firewall are under my control. I've opened up the iChat Server SSL port (5223) on the OS X Server's firewall. I've put a 5223 redirect on the router to my OS X Server system. iChat is configured on this system and several users have permission to use iChat. The NAT table on the router is restricted, only ports I want to serve (e.g. 25, 22, 5223) are redirected to my server, the rest of incoming connections are blocked at the NAT (safer that way).
  2. An OS X 10.5.2 client behind a NAT setup in another part of the world.
  3. An OS X 10.5.2 client behind a NAT setup in another part of the world.
  Both clients I can manage the firewall of the client, but I cannot manage anything on the router.
  WIth this set up on both systems users have successfully connected to my OS X Server's iChat server using SSL. Text chat works. So I can assume that iChat Server works, that the permissions and login is OK, that SSL is OK.
  But neither audio not video works. I cannot establish an audio or video connection because the connection fails. The iChat connection log says
  2008-02-21 20:49:53 +0100: user@fqdn2: Error -8 (Did not receive a response from 0x18c09b30.)
  there is nothing in appfirewall.log on the client.
  The clients should work OK behind NAT. But my guess is that the server needs more than what I am giving it. However, I have been unable to find out what a minimum set of NAT redirects and firewall ports open is that would enable me to let these two clients do voice chat via my OS X Server at that other location.
  Any tip for information on how to set up the server side minimally and safely would be welcome.
  Thanks,
  G

  Hi,
  Several things.
  1) iChat server does in fact use an SSL Login on port 5223 (Tiger does not do the SSL but is still on the same port.
  This does not allow the other data on port 5220 that the Jabber side of iChat needs.
  Apple Doc http://docs.info.apple.com/article.html?artnum=93208 see item 6
  2) It also ignores the fact iChat uses a completely different set of ports to the A/V Chat
  So an AIM Login is port 5190 in those mentioned in item 6
  port 5297, 5298 and 5353 are the Bonjour ones.
  That leaves 5060, 5678, 16384-16403 for A/V chats in Tiger
  5678, 16393-16402 in Leopard
  The pics and Table are for Panther and Tiger. See the Table at the bottom http://www.ralphjohns.co.uk/pantherports.html
  The changes from Tiger to Leopard in the port Usage for A/V chats is documented here http://docs.info.apple.com/article.html?artnum=306688 (Hence the none use of port 5060 and the smaller groupfor the actual A/V Chats)
  3) Check out the two server forums for Leopard > iChat Server http://discussions.apple.com/forum.jspa?forumID=1235
  And Tiger/OS X Server 10.4 > Collaboration Services http://discussions.apple.com/forum.jspa?forumID=700 as they maybe other issues that I am not aware of on the Server side.
  So Leopard Jabber/iChat Server needs 14 ports
  5220, 5222, 5223 on TCP and
  5678, 16393-16402 on UDP
  Tiger needs the A/V ports to include 5060 and extend the group to 20 ports (16384-16403)
  I hope this helps.
  8:44 PM Sunday; February 24, 2008

• Can't get the proxy authentication work over SSL from weblogic 8.1

  I'm trying to make a HTTPS connection through proxy server, and I get a 407 proxy authentication exception. I can succesfully connect from a stand-alone program, but I can't do it from a web application deployed on weblogic 8.1.
  I implemented weblogic.common.ProxyAuthenticator, and here's my implementation methods-
  public void init(String host, int port, String auth,
  String loginPrompt) {
  public String[] getLoginAndPassword() {
  String[] login = new String[2];
  login[0] = "test";
  login[1] = "test123";
  return login;
  And, in my code where I make the connection, I'm setting the following-
  System.setProperty(
  "weblogic.net.proxyAuthenticatorClassName",
  "test.client.MyProxyAuthenticator");
  Can anyone help, what the problem could be? I provided dummy implementation for init() method and I'm not sure what to provide there.
  Thanks in advance<pre></pre>

  I moved the system property setting into startWeblogic.sh (using -D...) and it works.

• Firewall settings for Crystal Enterprise

  I have recently started working from home and have found that I cannot access the Enterprise report repository via my locally installed version of Crystal Reports XI r2. The application starts up fine but when I try to open a report from the Enterprise location I put in my logon details but after a few minutes I get an error 'Transport error: comunication failure'.
  My network team have looked into it and say that this is happening because the ports that Crystal is trying to use are seemingly randomly assigned and they cannot define a rule for me to allow access.
  Is there any way for me to define which port(s) Crystal will connect via so that networks can open a hole in the firewall for me?

  Hello Keith,
  You are asking an Enterprise configuration issue, not a data connectivity issue. You really should post your question to the Business Objects forums.
  Enterprise can be configured to work with firewalls. Ports can be set on the various servers using command line switches, etc. I believe firewall configuration is covered in the BOE XIR2 Admin guide, or possibly one of the appendicies. Here's a link to the BOE XIR2 Admin guide:
  [BusinessObjects Enterprise XI Release 2 Administrator's Guide|http://help.sap.com/businessobject/product_guides/boexir2/en/xir2_bip_Admin_en.pdf]
  If you need additional assistance you should consider opening a support case.
  I hope this helps!
  Sincerely,
  Dan Kelleher

• How do i configure an srw224p IGMP settings for an HMDI over IP pair?

  Hi, I have a minimal understanding of IGMP but am told I need to configure it properly when putting an HDMI over IP transceivers on my network. We have two SRW224P switches with 2 Gbit ports each, connected via fiber through fiber GBICs, one slot on each (ports 25). The other gigabit ports (ports 26) we have plugged in an HDMI transmitter and receiver pair.
  IGMP is enabled on both switches, but in just a default configuration. We are experiencing problems with network and VOIP phones on these switches when the transceivers are connected. Wavering sound quality and intermittent network failures across the board. 
  How do I isolate the multicast packet broadcasting obviously causing the trouble from the transceivers? i.e.: how do I isolate the port 26 traffic from the rest of the network. I'm told I need to use IGMP which I know little about.
  Any help would be greatly appreciated.
  THanks
  -Mike

  Hi, I have a minimal understanding of IGMP but am told I need to configure it properly when putting an HDMI over IP transceivers on my network. We have two SRW224P switches with 2 Gbit ports each, connected via fiber through fiber GBICs, one slot on each (ports 25). The other gigabit ports (ports 26) we have plugged in an HDMI transmitter and receiver pair.
  IGMP is enabled on both switches, but in just a default configuration. We are experiencing problems with network and VOIP phones on these switches when the transceivers are connected. Wavering sound quality and intermittent network failures across the board. 
  How do I isolate the multicast packet broadcasting obviously causing the trouble from the transceivers? i.e.: how do I isolate the port 26 traffic from the rest of the network. I'm told I need to use IGMP which I know little about.
  Any help would be greatly appreciated.
  THanks
  -Mike

• Authenticated SMTP/SSL over port 465

  Does Oracle E-mail support authenticated SMTP over SSL on port 465? - E

  Yes,
  both TLS and SSL are possible with 10.1.1. Tried myself. A little bit tweaking essmi's accordingly, applying certificates, and adjusting listener.ora for LISTENER_ES.
  Note: essmi only.
  - Torsten

• Change pop & smtp settings for mozilla/firefox Free Outlook Express

  4 weeks ago I installed a new WXP (2002) program/system. I then moved my browser to Firefox/Mozilla. When asked to input data for Outlook Express (in the service pack 2 for WXP) I gave them the wrong settings for pop & smtp input and output.
  How can I correct these settings to make Outlook Express useful?

  Please update to Firefox 21 [[Update Firefox to the latest version]]
  Outlook Express isn't developed by Mozilla, we can't provide support for it.