-
Posts
25 -
Joined
-
Last visited
Posts posted by George A.
-
-
Hello,
It's not a server issue but how PHP has implemented the default way to handle a TLS connection: which is TLSv1.
Found something. As per php docs:
Before PHP 5.6.7 : STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_SSLv2_CLIENT|STREAM_CRYPTO_METHOD_SSLv3_CLIENT STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT PHP >= 5.6.7 STREAM_CRYPTO_METHOD_SSLv23_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT|STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT STREAM_CRYPTO_METHOD_TLS_CLIENT = STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT
From swiftmailer the file /vendors/swiftmailer/swiftmailer/lib/classes/Swift/Transport/StreamBuffer.php. I have commented out line 94 and added:
$crypto_m = STREAM_CRYPTO_METHOD_TLS_CLIENT; if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) { $crypto_m |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT; $crypto_m |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT; } return stream_socket_enable_crypto($this->_stream, true, $crypto_m);
But I still can't make TLSv1.2 work. What am I missing?
Kind regards,
George.
-
Hello,
I'm using Postfix with PFS (perfect forward secrecy) and enforcing TLSv1.2.
This comes as a shock if your thrown possibility is true.
Kind regards,
George.
-
Hello,
Don't bash me if I'm wrong: is your Swiftmailer not compatible with TLSv1.2?!
Kind regards,
George.
-
Hello,
This is from postfix with log level 3.
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: initializing the server-side TLS engine
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: connect from ***censored***[***censored***]
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: setting up TLS connection from ***censored***[***censored***]
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: ***censored***[***censored***]: TLS cipher list "aNULL:-aNULL:HIGH:@STRENGTH"
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: SSL_accept:before SSL initialization
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: read from 555C190F59F0 [555C192035E3] (5 bytes => -1 (0xFFFFFFFFFFFFFFFF))
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: read from 555C190F59F0 [555C192035E3] (5 bytes => 0 (0x0))
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: SSL_accept:error in before SSL initialization
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: SSL_accept error from ***censored***[***censored***]: lost connection
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: lost connection after STARTTLS from ***censored***[***censored***]
Sep 25 17:26:39 ***censored*** postfix/submission/smtpd[4558]: disconnect from ***censored***[***censored***] ehlo=1 starttls=0/1 commands=1/2This is the log showing a success e-mail delivery using SMTP TLS with other php applications:
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: initializing the server-side TLS engine
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: connect from ***censored***[***censored***]
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: setting up TLS connection from ***censored***[***censored***]
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: ***censored***[***censored***]: TLS cipher list "aNULL:-aNULL:HIGH:@STRENGTH"
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:before SSL initialization
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:before SSL initialization
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS read client hello
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write server hello
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write certificate
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write key exchange
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write server done
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write server done
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS read client key exchange
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS read change cipher spec
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS read finished
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: ***censored***[***censored***]: Issuing session ticket, key expiration: 1506352024
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write session ticket
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write change cipher spec
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: SSL_accept:SSLv3/TLS write finished
Sep 25 17:37:05 ***censored*** postfix/submission/smtpd[4824]: Anonymous TLS connection established from ***censored***[***censored***]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Sep 25 17:37:06 ***censored*** postfix/submission/smtpd[4824]: 1E1EC1605E3: client=***censored***[***censored***], sasl_method=PLAIN, sasl_username=***censored***
Sep 25 17:37:06 ***censored*** postfix/cleanup[4829]: 1E1EC1605E3: message-id=<0acc08fa8eced2bcdf9546ddb58093bb@***censored***>
Sep 25 17:37:06 ***censored*** postfix/qmgr[4821]: 1E1EC1605E3: from=<***censored***>, size=4899, nrcpt=1 (queue active)
Sep 25 17:37:06 ***censored*** postfix/submission/smtpd[4824]: disconnect from ***censored***[***censored***] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Sep 25 17:37:06 ***censored*** dovecot[559]: imap(***censored***): Logged out in=4603 out=499
Sep 25 17:37:06 ***censored*** postfix/virtual[4830]: 1E1EC1605E3: to=<***censored***>, relay=virtual, delay=0.21, delays=0.17/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Sep 25 17:37:06 ***censored*** postfix/qmgr[4821]: 1E1EC1605E3: removedI'm still not convinced it's a server-side issue. I have tried to find the blesta file that handles the email sending to see how is everything wrapped, but after going back the stream I bumped into an encrypted file.
The system environment is entirely built, customised and validated as working by myself.
Kind regards,
George.
-
Hello,
10 hours ago, timnboys said:what mail server are you running?
as I use zimbra ose as my mail server stack and don't have any problems currently with blesta & tls smtp encryption.
I'm using postfix with enforced TLS connection on submission.
10 hours ago, gosuhost said:No issue here either, must be something on your server side
If it was a server side issue then all other websites would have the same problem, but it's not the case.
Kind regards,
George.
-
Hello,
I'm testing the latest Blesta version 4.1. I have configured the SMTP login details but when I'm sending a test e-mail the error is as follows:
Sep 24 20:25:03 ***** postfix/submission/smtpd[22156]: connect from *****[*****]
Sep 24 20:25:03 ***** postfix/submission/smtpd[22156]: SSL_accept error from *****[*****]: lost connection
Sep 24 20:25:03 ***** postfix/submission/smtpd[22156]: lost connection after STARTTLS from *****[*****]Which means the application is not establishing a proper TLS connection, even tough in SMTP Settings the SMTP Security is set to "TLS".
What's the solution to make TLS work?
Kind regards,
George.
-
Hello,
This is ridiculous. Where's that "we are different than WHMCS" attitude...
Kind regards,
George.
-
Hello,
Any news from devs about my request?
Kind regards,
George.
-
-
Hello,
PHP 7.1.x is supported by ioncube loaders since 02.08.2017 version 10.0.0. (https://www.ioncube.com/loaders.php)
Thank you for your answers but it's not the case.
-
Hello,
My server is setup with PHP 7.1.x and using the latest ioncube loaders (10.0). I have tried to perform a new installation but installer crashes:
1. Without uploading the contents of the "hotfix-php7" folder:
[06-Aug-2017 09:34:05 UTC] PHP Fatal error: The file /***/public_html/app/models/license.php was encoded by the ionCube Encoder for PHP 5.4 and cannot run under PHP 7.1.
Please ask the provider of the script to provide a version encoded with the ionCube Encoder for PHP 7.1. in Unknown on line 02. After uploading the contents of the "hotfix-php7" folder
[06-Aug-2017 09:36:04 UTC] PHP Fatal error: The file /***/public_html/app/models/license.php encoded as type [1/56] cannot be decoded by this version of the ionCube Loader.
in Unknown on line 0Kind regards,
George.
-
Hello,
Yes, I can run it and if the invoice customization or the "Deliver Invoices" cron is disabled it does not throw any error at all but the usual text: Validating license etc.
-
Hello,
If I disable the cron in the Automation section then it doesn't run at all (invoices don't get delivered) when I manually execute the cron.
Here is what I have in /etc/crontab
*/5 * * * * root /***censored***/php-cli5 -q /***censored***/public_html/index.php cron > /dev/null 2>&1
-
14 hours ago, Paul said:
Do you have the GD extension in your PHP?
Yes.
14 hours ago, Paul said:Does the logo and/or background image appear when trying to open an existing invoice?
Yes.
But still the cron fails to deliver invoices via email when the invoice customization is set.
If I remove the customization everything goes back to normal and invoices are delivered using email.
-
Hello,
The structure is /tmp/uploads/invoices/1/inv_logo.png and inv_bg.png
Both images have 3kb each.
-
Hello,
Both are .png images Mike.
-
-
Hello,
If I disable the logo and background from invoice customization then all invoices are delivered.
Any solutions to keep the customization and have the invoices delivered?
-
Hello,
This is the error I'm seeing in console when running cron manually:
<strong>TCPDF ERROR: </strong>[Image] No such file or directory in
I'm using Blesta 3.6.2 version.
-
You hacked your own website lol
-
Hello,
Looking forward to test Blesta v4.
I have only one question: will the extensions coded for Blesta v3 stiil work for v4 too?
Kind regards,
George.
-
Hello,
I wish to create a module that can do this:
A client orders a dedicated server and if he purchases a server setup product then I input his ssh login details in the admin area.
After I input his ssh root login details inside the server it is executed a bash script (after it gets to the clients server via wget) that would setup mysql, postfix, dovecot, nginx, csf, sphinx etc.
Basically what needs to have a server in order to host some sites.
I am not a cpanel fan because I do not like interfaces and I feel safer to work via command line.
But it is time consuming to setup every server and instead I wish to automate this procedure.
Basically what I need to know is how can I code this module to link the admin area of blesta to a clients server so I can run this script.
Kind regards,
George.
-
Hello,
Is it ok to remove the footer script version details (Installed Version 3.x.x) to discourage any "good intended" people out there?
Or is it just visible in the admin area?
Kind regards,
George.
-
SMTP issues - Blesta 4.1
in Support
Posted
I have also tried that, but it's not working.