From gaf.linux at gmail.com Tue Aug 10 08:56:34 2021 From: gaf.linux at gmail.com (Jerry Feldman) Date: Tue, 10 Aug 2021 08:56:34 -0400 Subject: [Discuss] Boston Linux and Unix Annual Summer BBQ XXVI, Saturday, August 14, 2021 1:00 PM Message-ID: <925b5063-d784-e050-2826-f50cdab7a601@gmail.com> Boston Linux and Unix Annual Summer BBQ XXVI When: Saturday, August 14, 2021 from 12:00 pm to 5:00 pm Where: John and Shelley Chambers' home 33 Cedarwood Avenue, Waltham, MA. BYOF - Bring Your Own Food and drinks Boston Linux & Unix is holding its twenty-sixth annual summer BBQ on Saturday, August 14, beginning at 12:00 p.m. Everyone is welcome. Guests are encouraged to bring along something for the grill and the snack table. We're holding the barbecue at the same location as the past few years, John and Shelley Chambers' home at 33 Cedarwood Avenue, Waltham,MA. We strongly encourage attendees to be fully vaccinated and to wear masks. Weather forecast is scattered thunderstorms 80s, with a 40% chance of rain. Please refer to the BLU website (http://www.blu.org/cgi-bin/calendar/2019-bbq25) for further details and directions. -- Jerry Feldman Boston Linux and Unix http://www.blu.org PGP key id: 6F6BB6E7 PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1 3050 5715 B88D 6F6B B6E7 _______________________________________________ Announce mailing list Announce at lists.blu.org http://lists.blu.org/mailman/listinfo/announce From gaf.linux at gmail.com Thu Aug 12 09:40:31 2021 From: gaf.linux at gmail.com (Jerry Feldman) Date: Thu, 12 Aug 2021 09:40:31 -0400 Subject: [Discuss] Boston Linux VIRTUAL Meeting Wednesday, August 18, 2021 - Rocky Linux Message-ID: When:August 18, 2021 7:00PM EDT (6:30PM for Q&A) Topic: Rocky Linux Moderators: Brian Clemens and other Rocky Linux staff Location: Online: https://meet.jit.si/blu.org Live stream: https://youtu.be/fCRBjg4w-PY Summary: Overview of the official release of Rocky Linux Abstract: Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux (RHEL), now that CentOS has shifted direction. The first release of Rocky Linux is now available. Our guests provide an overview of the new release, and discuss both installing a new Rocky server and upgrading/migrating an existing CentOS server to Rocky. Rocky Linux Website : https://rockylinux.org/ For further information and directions please consult the BLU Web site: http://www.blu.org -- Jerry Feldman > Boston Linux and Unix http://www.blu.org PGP key id: 6F6BB6E7 PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1? 3050 5715 B88D 6F6 B B6E7 _______________________________________________ Announce mailing list Announce at lists.blu.org http://lists.blu.org/mailman/listinfo/announce From gaf.linux at gmail.com Fri Aug 13 12:35:39 2021 From: gaf.linux at gmail.com (Jerry Feldman) Date: Fri, 13 Aug 2021 12:35:39 -0400 Subject: [Discuss] Boston Linux and Unix Annual Summer BBQ XXVI reminder, tomorrow, Saturday, August 14, 2021 12:00 PM Message-ID: Boston Linux and Unix Annual Summer BBQ XXVI When: Saturday, August 14, 2021 from 12:00 pm to 5:00 pm Where: John and Shelley Chambers' home 33 Cedarwood Avenue, Waltham, MA. BYOF - Bring Your Own Food and drinks Boston Linux & Unix is holding its twenty-sixth annual summer BBQ on Saturday, August 14, beginning at 12:00 p.m. Everyone is welcome. Guests are encouraged to bring along something for the grill and the snack table. We're holding the barbecue at the same location as the past few years, John and Shelley Chambers' home at 33 Cedarwood Avenue, Waltham,MA. We strongly encourage attendees to be fully vaccinated and to wear masks. Weather forecast is scattered thunderstorms 80s, with a 40% chance of rain. For further information and directions please consult the BLU Web site: http://www.blu.org -- Jerry Feldman > Boston Linux and Unix http://www.blu.org PGP key id: 6F6BB6E7 PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1? 3050 5715 B88D 6F6 B B6E7 _______________________________________________ Announce mailing list Announce at lists.blu.org http://lists.blu.org/mailman/listinfo/announce From david at thekramers.net Sat Aug 14 12:44:41 2021 From: david at thekramers.net (David Kramer) Date: Sat, 14 Aug 2021 12:44:41 -0400 Subject: [Discuss] Boston Linux and Unix Annual Summer BBQ XXVI reminder, tomorrow, Saturday, August 14, 2021 12:00 PM In-Reply-To: References: Message-ID: <61f46c19-6001-1ad5-5456-598e989af80c@thekramers.net> Starting to drizzle just a bit. Not sure if it will develop into more. I'm leaving now anyway and we'll see On 8/13/21 12:35 PM, Jerry Feldman wrote: > Boston Linux and Unix Annual Summer BBQ XXVI > When: Saturday, August 14, 2021 from 12:00 pm to 5:00 pm > > Where: John and Shelley Chambers' home > 33 Cedarwood Avenue, Waltham, MA. > BYOF - Bring Your Own Food and drinks > > > Boston Linux & Unix is holding its twenty-sixth annual summer BBQ on > Saturday, August 14, beginning at 12:00 p.m. Everyone is welcome. > Guests are encouraged to bring along something for the grill and the > snack table. We're holding the barbecue at the same location as the past > few years, John and Shelley Chambers' home at 33 Cedarwood Avenue, > Waltham,MA. > > We strongly encourage attendees to be fully vaccinated and to wear masks. > > Weather forecast is scattered thunderstorms 80s, with a 40% chance of > rain. > > For further information and directions please consult the BLU Web site: > http://www.blu.org > > -- > Jerry Feldman > > Boston Linux and Unix http://www.blu.org > PGP key id: 6F6BB6E7 > PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1? 3050 5715 B88D 6F6 > B B6E7 > > > > > > > > > > _______________________________________________ > Announce mailing list > Announce at lists.blu.org > http://lists.blu.org/mailman/listinfo/announce > _______________________________________________ > Discuss mailing list > Discuss at lists.blu.org > http://lists.blu.org/mailman/listinfo/discuss From gaf.linux at gmail.com Tue Aug 17 08:38:58 2021 From: gaf.linux at gmail.com (Jerry Feldman) Date: Tue, 17 Aug 2021 08:38:58 -0400 Subject: [Discuss] Boston Linux VIRTUAL Meeting reminder, tomorrow Wednesday, August 18, 2021 - Rocky Linux Message-ID: <81b5291d-dd85-e552-c6b2-0c874f61c01a@gmail.com> When: August 18, 2021 7:00PM EDT (6:30PM for Q&A) Topic: Rocky Linux Moderators: Brian Clemens and other Rocky Linux staff Location: Online: https://meet.jit.si/blu.org Live stream: https://youtu.be/fCRBjg4w-PY Summary: Overview of the official release of Rocky Linux Abstract: Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux (RHEL), now that CentOS has shifted direction. The first release of Rocky Linux is now available. Our guests provide an overview of the new release, and discuss both installing a new Rocky server and upgrading/migrating an existing CentOS server to Rocky. Rocky Linux Website : https://rockylinux.org/ For further information and directions please consult the BLU Web site: http://www.blu.org -- Jerry Feldman > Boston Linux and Unix http://www.blu.org PGP key id: 6F6BB6E7 PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1? 3050 5715 B88D 6F6 B B6E7 _______________________________________________ Announce mailing list Announce at lists.blu.org http://lists.blu.org/mailman/listinfo/announce From gaf.linux at gmail.com Tue Aug 24 10:33:16 2021 From: gaf.linux at gmail.com (Jerry Feldman) Date: Tue, 24 Aug 2021 10:33:16 -0400 Subject: [Discuss] Tongs from BLU BBQ Message-ID: Hi guys, someone left a set of tongs at the blu BBQ. If you want them back let me know and I'll coordinate with Shelley. -- -- Jerry Feldman Boston Linux and Unix PGP key id: 6F6BB6E7 Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1 3050 5715 B88D 6F6B B6E7 From richard.pieri at gmail.com Fri Aug 27 17:03:41 2021 From: richard.pieri at gmail.com (Rich Pieri) Date: Fri, 27 Aug 2021 17:03:41 -0400 Subject: [Discuss] SSL problems with imapfilter after upgrade to Debian 11 Message-ID: <6129532d.1c69fb81.ff7ce.e069@mx.google.com> Server is behind firewall. It gets SSL certificates from letsencrypt. Dovecot is configured to use these certs. imapfilter had been working perfectly for a long time. Since upgrading to Debian 11 earlier this week I get these errors: $ imapfilter Enter password for xxx at xxx.xxx: imapfilter: initiating SSL connection to xxx.xxx; error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed imapfilter: login request to xxx at xxx.xxx failed My hopefully short term workaround is to disable SSL entirely with imapfilter behind my firewall but this is not a good solution. Anyone have any ideas what Debian broke this time? -- Rich Pieri From me at mattgillen.net Sat Aug 28 01:54:15 2021 From: me at mattgillen.net (Matthew Gillen) Date: Sat, 28 Aug 2021 01:54:15 -0400 Subject: [Discuss] SSL problems with imapfilter after upgrade to Debian 11 In-Reply-To: <6129532d.1c69fb81.ff7ce.e069@mx.google.com> References: <6129532d.1c69fb81.ff7ce.e069@mx.google.com> Message-ID: On 8/27/2021 5:03 PM, Rich Pieri wrote: > Server is behind firewall. It gets SSL certificates from letsencrypt. > Dovecot is configured to use these certs. imapfilter had been working > perfectly for a long time. Since upgrading to Debian 11 earlier this > week I get these errors: > > $ imapfilter > Enter password for xxx at xxx.xxx: > imapfilter: initiating SSL connection to xxx.xxx; error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed > imapfilter: login request to xxx at xxx.xxx failed > > My hopefully short term workaround is to disable SSL entirely with > imapfilter behind my firewall but this is not a good solution. > > Anyone have any ideas what Debian broke this time? > Openssl s_client is your friend. I'm not familiar with imapfilter, but the question is whether it does STARTTLS. If no, then openssl s_client -connect hostname:port will tell you a fair bit about what the server is presenting to clients. (check the expiration on the cert; LetsEncrypt is only valid for 90 days; maybe your auto-renew is broken?) If it does STARTTLS (start with a normal TCP connection, then transition to TLS), then you need to specify the protocol; looks like IMAP in this case: openssl s_client -connect hostname:port -starttls imap Hope that helps, Matt From richard.pieri at gmail.com Sat Aug 28 10:21:26 2021 From: richard.pieri at gmail.com (Rich Pieri) Date: Sat, 28 Aug 2021 10:21:26 -0400 Subject: [Discuss] SSL problems with imapfilter after upgrade to Debian 11 In-Reply-To: References: <6129532d.1c69fb81.ff7ce.e069@mx.google.com> Message-ID: <612a4667.1c69fb81.9e5a3.1f66@mx.google.com> On Sat, 28 Aug 2021 01:54:15 -0400 Matthew Gillen wrote: > will tell you a fair bit about what the server is presenting to > clients. (check the expiration on the cert; LetsEncrypt is only valid > for 90 days; maybe your auto-renew is broken?) SSL is working correctly. Auto-renew is working correctly. Not switching to STARTTLS. My other IMAP clients work just fine, it's only imapfilter. https://github.com/lefcha/imapfilter And... I finally figured it out. Debian's most recent incarnations of imapfilter or OpenSSL are being too strict about hostname matches and bombing out and not providing useful error messages. But I also found a better workaround: tell imapfilter not to cache the server certificate (options.certificates in the config file). Why this works? Dunnow, but it does. -- Rich Pieri From me at mattgillen.net Sat Aug 28 16:09:35 2021 From: me at mattgillen.net (Matthew Gillen) Date: Sat, 28 Aug 2021 16:09:35 -0400 Subject: [Discuss] SSL problems with imapfilter after upgrade to Debian 11 In-Reply-To: <612a4667.1c69fb81.9e5a3.1f66@mx.google.com> References: <6129532d.1c69fb81.ff7ce.e069@mx.google.com> <612a4667.1c69fb81.9e5a3.1f66@mx.google.com> Message-ID: <482e9329-2f81-08e4-0a48-da485722bca4@mattgillen.net> On 8/28/2021 10:21 AM, Rich Pieri wrote: > On Sat, 28 Aug 2021 01:54:15 -0400 > Matthew Gillen wrote: > >> will tell you a fair bit about what the server is presenting to >> clients. (check the expiration on the cert; LetsEncrypt is only valid >> for 90 days; maybe your auto-renew is broken?) > > SSL is working correctly. Auto-renew is working correctly. Not > switching to STARTTLS. My other IMAP clients work just fine, it's only > imapfilter. > > https://github.com/lefcha/imapfilter > > And... I finally figured it out. Debian's most recent incarnations of > imapfilter or OpenSSL are being too strict about hostname matches and > bombing out and not providing useful error messages. > > But I also found a better workaround: tell imapfilter not to cache the > server certificate (options.certificates in the config file). Why this > works? Dunnow, but it does. That seems like a very odd thing to do. The server certificate is provided as part of the TLS handshake, every single time you connect. There is no point in caching it for performance reasons. Maybe they are trying to do a poor-man's certificate pinning, and their implementation is bad? That's the only thing I can think of that would make storing the server cert useful in any way. Matt From richard.pieri at gmail.com Sun Aug 29 16:30:16 2021 From: richard.pieri at gmail.com (Rich Pieri) Date: Sun, 29 Aug 2021 16:30:16 -0400 Subject: [Discuss] SSL problems with imapfilter after upgrade to Debian 11 In-Reply-To: <482e9329-2f81-08e4-0a48-da485722bca4@mattgillen.net> References: <6129532d.1c69fb81.ff7ce.e069@mx.google.com> <612a4667.1c69fb81.9e5a3.1f66@mx.google.com> <482e9329-2f81-08e4-0a48-da485722bca4@mattgillen.net> Message-ID: <612bee58.1c69fb81.994b4.109d@mx.google.com> On Sat, 28 Aug 2021 16:09:35 -0400 Matthew Gillen wrote: > That seems like a very odd thing to do. The server certificate is > provided as part of the TLS handshake, every single time you connect. > There is no point in caching it for performance reasons. Maybe they > are trying to do a poor-man's certificate pinning, and their > implementation is bad? That's the only thing I can think of that > would make storing the server cert useful in any way. Apparently so: certificates When this option is enabled, the server certificate can be accepted and stored, in order to validate the authenticity of the server in future connections. This variable takes a boolean as a value. Default is ?true?. -- Rich Pieri From richard.pieri at gmail.com Sun Aug 29 18:31:44 2021 From: richard.pieri at gmail.com (Rich Pieri) Date: Sun, 29 Aug 2021 18:31:44 -0400 Subject: [Discuss] SSL problems with imapfilter after upgrade to Debian 11 In-Reply-To: <20210829221721.GA6204@csail.mit.edu> References: <6129532d.1c69fb81.ff7ce.e069@mx.google.com> <612a4667.1c69fb81.9e5a3.1f66@mx.google.com> <482e9329-2f81-08e4-0a48-da485722bca4@mattgillen.net> <612bee58.1c69fb81.994b4.109d@mx.google.com> <20210829221721.GA6204@csail.mit.edu> Message-ID: <612c0ad1.1c69fb81.c89aa.1835@mx.google.com> On Sun, 29 Aug 2021 18:17:21 -0400 Gregory Galperin wrote: > if that were rejecting your cert, maybe it thinks it has a difft cert > already stored for that server? (is it localhost/127.0.0.1 or fqdn?) > or permissions on the file/dir where it caches certs? -t truststore The path to the system's SSL CA TrustStore directory or file. SSL connections will be validated using the CA cer- tificates found in this directory or file, and when this is not possible the local $HOME/.imapfilter/certificates file will be used. The default CA directory is /etc/ssl/certs/, and the default CA file is /etc/ssl/cert.pem. There is no /etc/ssl/cert.pem nor is there a certificates file in ~/.imapfilter so I don't know what it's doing. /etc/ssl/certs/ is readable. -- Rich Pieri From gaf.linux at gmail.com Tue Aug 31 16:30:31 2021 From: gaf.linux at gmail.com (Jerry Feldman) Date: Tue, 31 Aug 2021 16:30:31 -0400 Subject: [Discuss] ZDNet: That Linux lawsuit: 20 years later, SCO vs IBM may finally be ending Message-ID: Not ending yet. And Xinuos has a lawsuit going. Since the bought the SCO assets and IP out of a bankruptcy court they probably don't have standing. There were some colorful people back during the original lawsuit. ZDNet: That Linux lawsuit: 20 years later, SCO vs IBM may finally be ending. https://www.zdnet.com/article/after-almost-20-years-the-sco-vs-ibm-lawsuit-may-finally-be-ending/ -- Jerry Feldman Boston Linux and Unix http://www.blu.org PGP key id: 6F6BB6E7 PGP Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1 3050 5715 B88D 6F6 B B6E7