Hello, Yutaka Sato wrote: > Hi, > > In message <_A3379@delegate-en.ML_> on 07/11/06(23:23:42) > you Nikolaus Filus <pgmgqbdyi-mykgh45azblw.ml@delegate.org> wrote: > |In order to circumvent the limitations of a PIX firewall I need to redirect some > | pop3 connections through delegate. How to configure it as an account-filtered > |pop3 and pop3s proxy? > > What does "account-filtered proxy" do for example? The pix firewall doesn't allow to access the internet from the VPN and it also doesn't support redirecting all traffic to dst_port XXX to a proxy. For this I started to experiment with delegate as a transparent proxy. 1. I manipulate DNS to return the delegate host instead of the real mail servers. 2. I want delegate to tranparently forward the configured servers and users to the real servers. As the users shall be able to use the VPN without any changes to their system when within the VPN, I must emulate the behaviour of the real servers. - use username pattern "account-*%S" for server pop.myserver.de/account-* - allow plain pop3 and pop3s How to do this? > |I tried the following with alterations with delegated 9.2.2 > > Is this configuration working as you expected? No, I tracked it down to delegated -vvv -P995 STLS=mitm/ssl RELIABLE="localhost" PERMIT="*:*:localhost" SERVER="pop3s" MOUNT="* pop3s://pop.kundenserver.de:995/*" and in a test with thunderbird to localhost:995 using pop3 with ssl, I can sucessfully talk to delegate, which afterwards sends a TCP-handshake to the real server, sslway gets SIGPIPE and immidiately a FIN-ACK, so no data is exchanged between delegated proxy and real server. So who has pop3s working? 07/24 18:32:08.80 [30476] 2+0: -- Fork(FSV): 30474 -> 30476 07/24 18:32:08.80 [30476] 2+0: TCP_NODELAY[8] 10 -> 18 07/24 18:32:08.80 [30476] 2+0: TCP_NODELAY[15] 10 -> 18 07/24 18:32:08.80 [30476] 2+0: ### [0] client-cert.pem 0 07/24 18:32:08.80 [30476] 2+0: ### [1] /root/client-cert.pem 0 07/24 18:32:08.81 [30476] 2+0: ### [2] /var/spool/delegate-nobody/lib/client-cert.pem 0 07/24 18:32:08.81 [30476] 2+0: ### [3] /usr/local/sbin/client-cert.pem 0 07/24 18:32:08.81 [30476] 2+0: ### [4] /var/spool/delegate-nobody/etc/client-cert.pem 0 07/24 18:32:08.81 [30474] 2+0: willSTLS_SV: ServerFlags=603B0 07/24 18:32:08.81 [30474] 2+0: POP S-D: SW07/24 18:32:08.81 [30474] 2+0: willSTLS_SV: ServerFlags=603B0 07/24 18:32:08.81 [30474] 2+0: dirfopen(/var/spool/delegate-nobody/act/clients/20/127.0.0.1:localhost,r+): 83242c0 [8] 07/24 18:32:08.81 [30474] 2+0: disconnected [18] -@[127.0.0.1]localhost:45487 (0.087s)(0) 07/24 18:32:08.81 [30475] 2+0: PollIns.POLLHUP (15) errno=0 07/24 18:32:08.81 [30475] 2+0: PollIns.POLLHUP (15) errno=0 07/24 18:32:08.82 [30476] 2+0: ## SSLway ## 0.011633 connected/accepted 07/24 18:32:08.82 [30476] 2+0: abort: caught SIGPIPE 07/24 18:32:08.85 [30449] 2+0: AcceptByMain: start polling(15000)[10]... 07/24 18:32:08.92 [30474] 2+0: CFI process [30475] done (1/2 AFT-1) 07/24 18:32:08.92 [30474] 2+0: CFI process [30476] done (2/2 AFT-1) 07/24 18:32:23.85 [30449] 2+0: AcceptByMain: TIMEOUT(children=1, timeout=15) 07/24 18:32:23.85 [30449] 2+0: (0) process [30474] dead delegated is version updated to 9.2.3 Any ideas?! Thanks in advance. Nikolaus
V