I am trying to write a simple IMAP client, that connects to an IMAP server, which enforces STARTTLS.
When i execute the command STARTTLS, the server connection is dropped. The documentation for STARTTLS on the other hand is a bit thin to know exactly, what the problem is.
The anonymized commands:
1.9.2-p320-railsexpress :001 > require 'net/imap'
=> nil
1.9.2-p320-railsexpress :002 > imap = Net::IMAP.new('SOME_HOST', 143, false)
=> #<Net::IMAP:0x0000000ba43138 #mon_owner=nil, #mon_count=0, #mon_mutex=#<Mutex:0x0000000ba430e8>, #host="SOME_HOST", #port=143, #tag_prefix="RUBY", #tagno=0, #parser=#<Net::IMAP::ResponseParser:0x0000000ba42be8 #str="* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED] Dovecot ready.\r\n", #pos=110, #lex_state=:EXPR_BEG, #token=nil, #flag_symbols={}>, #sock=#<TCPSocket:fd 9>, #usessl=false, #responses={}, #tagged_responses={}, #response_handlers=[], #tagged_response_arrival=#<MonitorMixin::ConditionVariable:0x0000000ba42ad0 #monitor=#<Net::IMAP:0x0000000ba43138 ...>, #cond=#<ConditionVariable:0x0000000ba42aa8 #waiters=[], #waiters_mutex=#<Mutex:0x0000000ba42a58>>>, #continuation_request_arrival=#<MonitorMixin::ConditionVariable:0x0000000ba42a30 #monitor=#<Net::IMAP:0x0000000ba43138 ...>, #cond=#<ConditionVariable:0x0000000ba42a08 #waiters=[], #waiters_mutex=#<Mutex:0x0000000ba429b8>>>, #idle_done_cond=nil, #logout_command_tag=nil, #debug_output_bol=true, #exception=nil, #greeting=#<struct Net::IMAP::UntaggedResponse name="OK", data=#<struct Net::IMAP::ResponseText code=#<struct Net::IMAP::ResponseCode name="CAPABILITY", data="IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED">, text=" Dovecot ready.">, raw_data="* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED] Dovecot ready.\r\n">, #client_thread=#<Thread:0x007f416ed31420 run>, #receiver_thread=#<Thread:0x0000000ba41b58 run>>
1.9.2-p320-railsexpress :004 > imap.starttls
=> #<struct Net::IMAP::TaggedResponse tag="RUBY0001", name="OK", data=#<struct Net::IMAP::ResponseText code=nil, text="Begin TLS negotiation now.">, raw_data="RUBY0001 OK Begin TLS negotiation now.\r\n">
1.9.2-p320-railsexpress :006 > imap.disconnected?
=> true
I get the same behaviour in 2.0.0-p353-railsexpress.
Is this the correct behaviour and if so, how to correctly use ruby with an STARTTLS IMAP server?
thanks and regards!
Both client and server are working correctly up to the point where the client is supposed to start TLS negotiation. After that point the IMAP layer doesn't know what happens. You're going to enable TLS debug logging somewhere or sniff the network packets to make further progress.
Related
I am new in SOLR 8.11.2 and trying to enable SSL and authentication but when I follow the manual all start working but communication between nodes and shard is still in HTTP.
https://127.0.0.1:8981/solr/admin/collections?action=CLUSTERSTATUS&indent=on
{ "responseHeader":{ "status":0, "QTime":4}, "cluster":{ "collections":{ ".system":{ "pullReplicas":"0", "replicationFactor":"2", "shards":{"shard1":{ "range":"80000000-7fffffff", "state":"active", "replicas":{ "core_node3":{ "core":".system_shard1_replica_n1", "base_url":"http://solr3:8984/solr", "node_name":"solr3:8984_solr", "state":"active", "type":"NRT", "force_set_state":"false", "leader":"true"}, "core_node4":{ "core":".system_shard1_replica_n2", "base_url":"http://solr1:8984/solr", "node_name":"solr1:8984_solr", "state":"active", "type":"NRT", "force_set_state":"false"}}}}, "router":{"name":"compositeId"}, "maxShardsPerNode":"1", "autoAddReplicas":"false", "nrtReplicas":"2", "tlogReplicas":"0", "znodeVersion":6, "configName":".system"}}, "properties":{"urlScheme":"https"}, "live_nodes":["solr2:8984_solr", "solr1:8984_solr", "solr3:8984_solr"]}}
my environment settings:
SOLR_SSL_ENABLED: 'true'
SOLR_SSL_KEY_STORE: /etc/solr-ssl.keystore.jks
SOLR_SSL_KEY_STORE_PASSWORD: $SOLR_SECRET
SOLR_SSL_TRUST_STORE: /etc/solr-ssl.keystore.jks
SOLR_SSL_TRUST_STORE_PASSWORD: $SOLR_SECRET # Require clients to authenticate
SOLR_SSL_NEED_CLIENT_AUTH: 'false' # Enable clients to authenticate (but not require)
SOLR_SSL_WANT_CLIENT_AUTH: 'false' # Define Key Store type if necessary
SOLR_SSL_KEY_STORE_TYPE: JKS
SOLR_SSL_TRUST_STORE_TYPE: JKS SOLR_SSL_CHECK_PEER_NAME: 'false'
Do i miss anything?
While I am trying to write into aerospike using ruby client I am getting the following exception:-
Aerospike::Exceptions::Aerospike: Unsupported Server Feature
Details:-
Aerospike version:- 4.3
Client: [Ruby] aerospike - 2.4.0
namespaces: NS1, NS2, NS3
Note: NS2 and NS3 have single-bin true data-in-index true
Code(which causes the exception):-
client = Aerospike::Client.new('aerospike:3000')
key = Aerospike::Key.new('NS2', 'set name', 'this is the key')
data = { 'record' => 1 }
client.put(key, data) # this line raises the exception
Aerospike::Exceptions::Aerospike: Unsupported Server Feature
The exception is not raised if I change NS2 in the key to NS1.
The "Unsupported Server Feature" error you are getting is because the Ruby client is sending the user key to the server by default, but the Aerospike server does not support storing the user key for the data-in-memory & single-bin setup. You should see an error message like this in your server logs:
Sep 13 2018 02:42:20 GMT: WARNING (rw): (rw_utils.c:153) {sbin} can't store key if data-in-memory & single-bin
You'll need to disable sending the key as part of the put request by setting the send_key write policy setting to false:
$ bundle exec irb
2.5.0 :001 > require 'aerospike'; include Aerospike;
=> Object
2.5.0 :002 > client = Client.new; key = Key.new('sbin', 'test', 'foo'); nil
=> nil
2.5.0 :003 > client.put(key, Bin.new('', 42), send_key: false)
=> nil
2.5.0 :004 > client.get(key).bins['']
=> 42
ES v2.4.1
SG-SSL v2.4.1.16
SG v2.4.1.6
CentOS 7.2
Im able to run Elasticsearch with Search-Guard-SSL. I generated the certs/keys via the example script from Search Guard. Here is the info on the kirk client cert that I generated
> openssl x509 -noout -subject -in kirk-signed.pem -text
subject= /C=US/L=Raleigh/O=client/OU=client/CN=kirk
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: DC=com, DC=example, O=Example Com Inc., OU=Example Com Inc. Signing CA, CN=Example Com Inc. Signing CA
Validity
Not Before: Oct 6 14:47:01 2016 GMT
Not After : Oct 6 14:47:01 2018 GMT
Subject: C=US, L=Raleigh, O=client, OU=client, CN=kirk
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
If I understand correctly, I need to have the following line in my elasticsearch.yml file, correct?
# Enable SSL via Search Guard SSL plugin
# Enable HTTPS
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: pw
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: pw
# Enable SSL between ES nodes
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: pw
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: pw
searchguard.ssl.transport.enforce_hostname_verification: false
# for Search Guard
searchguard.authcz.admin_dn:
- "cn=kirk, ou=client, o=client, l=Raleigh, c=US"
searchguard.cert.oid: '1.2.3.4.5.5'
But when I run sgadmin.sh, it just times out
> /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -cd /etc/elasticsearch/ -ks kirk-keystore.jks -ts truststore.jks -nhnv -kspass pw -tspass pw
Will connect to localhost:9300 ... done
Contacting elasticsearch cluster 'elasticsearch' and wait for YELLOW clusterstate ...
ERR: Timed out while waiting for a green or yellow cluster state.
And I see these in elasticsearch.log
[2016-10-06 15:17:41,354][DEBUG][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Arize] Node started, try to initialize it. Wait for at least yellow cluster state....
[2016-10-06 15:17:41,523][DEBUG][com.floragunn.searchguard.configuration.SearchGuardIndexSearcherWrapperModule] FLS/DLS not enabled
[2016-10-06 15:17:41,667][DEBUG][com.floragunn.searchguard.configuration.SearchGuardIndexSearcherWrapperModule] FLS/DLS not enabled
[2016-10-06 15:17:41,698][DEBUG][com.floragunn.searchguard.configuration.SearchGuardIndexSearcherWrapperModule] FLS/DLS not enabled
[2016-10-06 15:17:41,728][DEBUG][com.floragunn.searchguard.configuration.SearchGuardIndexSearcherWrapperModule] FLS/DLS not enabled
[2016-10-06 15:17:42,099][DEBUG][com.floragunn.searchguard.configuration.SearchGuardIndexSearcherWrapperModule] FLS/DLS not enabled
[2016-10-06 15:18:11,746][WARN ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Arize] index 'searchguard' not healthy yet, we try again ... (Reason: timeout)
[2016-10-06 15:18:44,747][WARN ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Arize] index 'searchguard' not healthy yet, we try again ... (Reason: timeout)
[2016-10-06 15:19:17,749][WARN ][com.floragunn.searchguard.action.configupdate.TransportConfigUpdateAction] [Arize] index 'searchguard' not healthy yet, we try again ... (Reason: timeout)
What am I missing?
We have an interesting problem related to Exim. We use Magento.
Emails are being sent by our server to customers and we have the send copy by separate or bcc in backend. We use Google apps MX.
But the email never arrives. If the email is sent to a different email address or domain then it arrives. And if it is the same account:
sent from: info#domain.com
to: customer#house.com
bcc: info#domain.com
the emails don't arrive # info#domain.com
Question: what can this be? I have the idea that exim is not sending the email with info#domain.com to the Google apps MX server for sending
ps. I already read this, but that is OK and not the problem http://inchoo.net/ecommerce/magento/fight-spam-emails/comment-page-1/#comment-53370
Major thanks
UPDATE ADDED MAILLOG
2013-07-23 19:55:29 1V1go5-00034h-8G <= domain#domain.com U=domain
P=local S=10216 T="Uw bestelling is vandaag verzonden" from
for rgoossSNIPPED#gmail.com contact#domain.com
2013-07-23 19:55:29 1V1go5-00034h-8G => contact#domain.com
F= R=lookuphost T=remote_smtp S=10281
H=ASPMX.L.GOOGLE.com [2a00:1450:4013:c01::1a] X=TLSv1:RC4-SHA:128
C="250 2.0.0 OK 1374602129 r42si29746715eep.2 - gsmtp" 2013-07-23
19:55:30 1V1go5-00034h-8G => rgoossSNIPPED#gmail.com
F= R=lookuphost T=remote_smtp S=10281
H=gmail-smtp-in.l.google.com [2a00:1450:4013:c01::1a]
X=TLSv1:RC4-SHA:128 C="250 2.0.0 OK 1374602130 x6si29680305eew.317 -
gsmtp" 2013-07-23 19:55:30 1V1go5-00034h-8G Completed
2013-07-24 10:29:09 1V1uRZ-0005yg-PX <= domain#domain.com U=domain
P=local S=10056 T="Uw bestelling is geplaatst en wordt verwerkt" from
for SNIPPED#loyenslo-eff.com
contact#domain.com 2013-07-24 10:29:10 1V1uRZ-0005yg-PX =>
contact#domain.com F= R=lookuphost T=remote_smtp
S=10120 H=ASPMX.L.GOOGLE.com [2a00:1450:4013:c00::1b]
X=TLSv1:RC4-SHA:128 C="250 2.0.0 OK 1374654550 z6si31979271eel.292 -
gsmtp" 2013-07-24 10:29:10 1V1uRZ-0005yg-PX =>
SNIPPED#loyenslo-eff.com F= R=lookuphost
T=remote_smtp S=10120 H=mail.loyenslo-eff.com [62.132.204.200] C="250
ok: Message 36327691 accepted" 2013-07-24 10:29:10 1V1uRZ-0005yg-PX
Completed
And I updated some settings. This is what I am seeing:
2013-07-29 14:40:11 1V3mkF-0004vN-Jf <= info#mywebstore.com U=shirts350 P=local S=11736 T="Uw bestelling is geplaatst en wordt verwerkt" from <info#mywebstore.com> for info#mywebstore.com
2013-07-29 14:40:12 1V3mkF-0004vN-Jf => info#mywebstore.com F=<info#mywebstore.com> R=lookuphost T=remote_smtp S=11810 H=ASPMX.L.GOOGLE.com [2a00:1450:4013:c01::1a] X=TLSv1:RC4-SHA:128 C="250 2.0.0 OK 1375101612 3si5304843eej.103 - gsmtp"
2013-07-29 14:40:12 1V3mkF-0004vN-Jf Completed
2013-07-29 14:40:12 1V3mkG-0004vS-1k <= info#mywebstore.com U=shirts350 P=local S=11740 T="Uw bestelling is geplaatst en wordt verwerkt" from <info#mywebstore.com> for mytestemail#gmail.com
2013-07-29 14:40:12 1V3mkG-0004vS-1k => mytestemail#gmail.com F=<info#mywebstore.com> R=lookuphost T=remote_smtp S=11814 H=gmail-smtp-in.l.google.com [2a00:1450:4013:c00::1b] X=TLSv1:RC4-SHA:128 C="250 2.0.0 OK 1375101612 e5si53052514eeg.102 - gsmtp"
2013-07-29 14:40:12 1V3mkG-0004vS-1k Completed
I changed the exim.conf file but this is not The solution. Email from and to The Same domain. And from and to The Same email ard not sent
As I understand it:
The code below looks at local_domains to see of the email is for here, or the outside world. As our email is not handled by the local mail server, but rather google local domains should also be routed via smtp
this line excludes local domains from smtp
domains = ! +local_domains
so we uncommented it
thx
# This router routes to remote hosts over SMTP using a DNS lookup. Any domain
# that resolves to an IP address on the loopback interface (127.0.0.0/8) is
# treated as if it had no DNS entry.
lookuphost:
driver = dnslookup
# domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more
I've run into this same problem and this is how I solved it. Instead of changing lookuphost like the other answer, I added another router
In the routers section of my exim conf after the lookuphost router, I added
routetogoogle:
driver = manualroute
route_list = mydomain.com
transport = remote_smtp
This manually forces anything going to mydomain.com to use the remote_smtp transport which will look up the correct MX records. Subtle difference from changing lookuphost - but this will allow you to still deliver mail locally for other domains if needed.
I have a magento running in an EC2 instance and for email hosting I am using bluehost, I solve this by setting "Set Return Path" to Yes in System->Configuration->Advanced->System->Mail Sending Settings
I have a yaml file that stores the OAuth::AccessToken value returned by authenticating with the oauth gem. I read this file in to save myself authenticating each time.
:access_token: !ruby/object:OAuth::AccessToken
token: 0fXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
secret: eXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
consumer: !ruby/object:OAuth::Consumer
key: 2aXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
secret: 181XXXXXXXXXXXXXXXXXXXXX
options:
:signature_method: HMAC-SHA1
:request_token_path: /oauth/request_token/
:authorize_path: /oauth/authorize
:access_token_path: /oauth/access_token/
:proxy:
:scheme: :header
:http_method: :get
:oauth_version: '1.0'
:site: http://api.mendeley.com
http_method: :get
http: !ruby/object:Net::HTTP
address: api.mendeley.com
port: 80
curr_http_version: '1.1'
no_keepalive_server: false
close_on_empty_response: false
socket:
started: false
open_timeout: 30
read_timeout: 30
continue_timeout:
debug_output:
use_ssl: false
ssl_context:
enable_post_connection_check: true
compression:
sspi_enabled: false
ssl_version:
key:
cert:
ca_file: /etc/ssl/certs/ca-certificates.crt
ca_path:
cert_store:
ciphers:
verify_mode: 1
verify_callback:
verify_depth: 5
ssl_timeout:
params:
:oauth_token: 0fXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
oauth_token: 0XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
:oauth_token_secret: efXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
oauth_token_secret: eXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
When I read this file in using the yaml gem, everything works fine. But I'm using Jekyll and have to read this in with safe_yaml gem, and even though the yaml appears to correctly dictate the class, when I do:
auth_contents = YAML::load(File.open("auth.yaml"))
$access_token = auth_contents[":access_token"]
I get $access_token back as a hash; the class declaration is lost. This means that of course I cannot apply methods like $access_token.get, etc. How can I work around this? Any way to persuade ruby to recognize the correct class?
First of all: Make sure that you actually want to load in the class. It appears to me like you control the YAML file, but if it for some reason is loaded from somewhere you don't trust, you probably want to manually deserialize the hash.
That said, you can whitelist trusted types with safe_yaml:
SafeYAML.whitelist!(OAuth::AccessToken, OAuth::Consumer, Net::HTTP)