Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

Beta Testers

Last post 1 hour, 17 minutes ago by Sellerie. 8 replies.
Sort Posts: Previous Next
  •  10-21-2019, 2:01

    Beta Testers

    Hi!


    is it possible to be added to a beta-tester list, to receive newer beta versions of Mercury as they come out?

    Also, I'm currently on "Mercury/32, v4.81.187, Nov 18 2018".  Has a newer beta than this been created?


    Thanks!

  •  10-28-2019, 7:14

    Re: Beta Testers

    In particular, I'm interested in a newer version of SSL, which will avoid the weak DES-CBC3 cipher, and SSLv3 on imaps.  Note that aside from that, the last beta Rolf provided seems to be working great.  No glitches at all.
  •  10-31-2019, 23:34

    • Rolf Lindby is not online. Last active: 2019-11-13, 23:24 Rolf Lindby
    • Top 10 Contributor
    • Joined on 05-08-2007
    • Stockholm, Sweden
    • SuperStar
    • Points 26,400
    • BetaTeam Moderator SystemAdministrator

    Re: Beta Testers

    There is no new beta in testing at the moment, so the version you have is the latest one. And it works fine here too!

     

  •  11-02-2019, 16:19

    Re: Beta Testers

    In case it's helpful, here is the vulnerability info from scanmyserver.com:

    Medium
    Sweet32 Birthday Attacks on 64-bit Block Ciphers in TLS and OpenVPN (DES-CBC3)
    SummaryThis test detects SSL ciphers DES-CBC3 supported by the remote service for encrypting communications.

    Weak Cipher DES-CBC3 found: (Cipher: EDH-RSA-DES-CBC3-SHA|SSLv3|Kx=DH|Au=RSA|Enc=3DES(168)|Mac=SHA1) (Cipher: DES-CBC3-SHA|SSLv3|Kx=RSA|Au=RSA|Enc=3DES(168)|Mac=SHA1) (Cipher: EDH-RSA-DES-CBC3-SHA|TLSv1|Kx=DH|Au=RSA|Enc=3DES(168)|Mac=SHA1) (Cipher: DES-CBC3-SHA|TLSv1|Kx=RSA|Au=RSA|Enc=3DES(168)|Mac=SHA1)
    Portimaps (993/tcp)SolutionSee solution found at: https://www.openssl.org/blog/blog/2016/08/24/sweet32/External sourceshttps://sweet32.info/CVECVE-2016-2183Test ID19146
    Deprecated SSL Protocol Usage
    SummaryThe remote service accepts connections encrypted using SSLv2 and/or SSLv3, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.

    SSLv3
    Portimaps (993/tcp)SolutionConsult the application's documentation to disable SSL 2.0 and SSL 3.0, and use TLS 1.0 or newer.External sourceshttp://www.schneier.com/paper-ssl.pdfTest ID9329
    Low
  •  11-08-2019, 6:23

    • Sellerie is not online. Last active: 2019/11/14, 19:53 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,215

    Re: Beta Testers

    Hmm. Either copying newer openssl files and hoping nothing breaks or anybody knows the config setting (found in mercury.ini only "SSL_Mode : 3"). The best solution in my case was using Stunnel.
  •  11-11-2019, 21:02

    Re: Beta Testers

    I've thought of using stunnel, but since it makes all of the connections in the log look like they're coming from the server itself, it breaks some log security processing that I have in place.  It really just needs to be updated.
  •  11-12-2019, 21:21

    • Sellerie is not online. Last active: 2019/11/14, 19:53 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,215

    Re: Beta Testers

    It really just needs to be updated....and that's the problem. There is a beta version since weeks (months, i dont know) but not for the public and this means either there are parts not ready for release or there is nobody that can do bugfixing in short times in case of something is found to be broken (bug and/or security problem).

    I really love the Mercury32 and also the Sambar server but maybe I have to think seriously about switching the OS, again. I have done this every year in the past and until now the decision was ever "change nothing".

  •  17 hours, 18 minutes ago

    Re: Beta Testers

    Unfortunately this issue is with the latest beta, but fortunately I *think* it will be an easy fix (assuming the changes between ssl libraries don't interfere too much).
  •  1 hour, 17 minutes ago

    • Sellerie is not online. Last active: 2019/11/14, 19:53 Sellerie
    • Top 75 Contributor
    • Joined on 04-10-2014
    • Member
    • Points 1,215

    Re: Beta Testers

    Depends on the installed version of SSL. Please read https://www.openssl.org/blog/blog/2018/09/11/release111/ 

View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page