1 Topic by kd7vea

  • kd7vea
  • Member
  • Offline
  • Registered: 2018-05-13
  • Posts: 6

Topic: can I disable all encryption on iredmail

Version 0.9.8
Centos 7
MySQL
Apache
non Pro

can iredmail be setup to run with no encryption?  I am running the mail server on an emergency Ham radio network and because of the ham radio regulations, encryption is illegal.  I want to be able to access the email account login page and other pages without HTTPS.  I also cannot send email if it is encrypted.  can this be done?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by selea

  • selea
  • selea
  • Member
  • Offline
  • Registered: 2017-06-02
  • Posts: 111

Re: can I disable all encryption on iredmail

kd7vea wrote:

Version 0.9.8
Centos 7
MySQL
Apache
non Pro

can iredmail be setup to run with no encryption?  I am running the mail server on an emergency Ham radio network and because of the ham radio regulations, encryption is illegal.  I want to be able to access the email account login page and other pages without HTTPS.  I also cannot send email if it is encrypted.  can this be done?

That can be done easily. Just change the Nginx config

3 Reply by kd7vea

  • kd7vea
  • Member
  • Offline
  • Registered: 2018-05-13
  • Posts: 6

Re: can I disable all encryption on iredmail

so this is part of the NGINX config file, the settings for TLS enabled servers are all commented out already. can you point me in the right direction here?   The default port is 80, but when I go to the webpage, I still get the HTTPS instead of HTTP.

# for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

4 Reply by sayso (edited by sayso 2018-05-17 02:32:59)

  • sayso
  • Member
  • Offline
  • Registered: 2018-03-03
  • Posts: 43

Re: can I disable all encryption on iredmail

Check the other configuration files. You want to disable the rewrite as well. The file on my installation is /etc/nginx/templates/redirect_to_https.tmpl 

# # Redirect webmail/SOGo/iredadmin to HTTPS
# location ~ ^/mail { rewrite ^ https://$host$request_uri?; }
# location ~ ^/mail/index.php$ { rewrite ^ https://$host/mail/; }
# location ~* ^/sogo { rewrite ^ https://$host/SOGo; }
# location ~ ^/iredadmin { rewrite ^ https://$host$request_uri?; }

Are you running the connection over radio? Because if not, you don't have to disable HTTPS... Problem with disabling it is you'll be passing sensitive passwords in clear text making it easy for anyone listening in to crack the site.

5 Reply by sayso

  • sayso
  • Member
  • Offline
  • Registered: 2018-03-03
  • Posts: 43

Re: can I disable all encryption on iredmail

For security purposes DON'T disable HTTPS. Have a look at this article... https://www.amateurradio.com/encryption … thats-not/

6 Reply by kd7vea

  • kd7vea
  • Member
  • Offline
  • Registered: 2018-05-13
  • Posts: 6

Re: can I disable all encryption on iredmail

sayso wrote:

For security purposes DON'T disable HTTPS. Have a look at this article... https://www.amateurradio.com/encryption … thats-not/

Yes, this will be broadcast carrying a Ham radio Callsign in the Packet on Ham radio frequencies.  I have seen other articles like the one you have posted, but that is the opinion of one person, and based on the network we are running, I don't want to be in any grey areas. 

as for the security concern, I understand the risks, but for someone to even gain access to the network, there are other steps, and equipment that needs to be set up to get on the network, and at that point, this is meant to be a means of sending non secure data easily across the network. Keeping the transmissions legal is the important part.  Many of us involved with High Speed Multi Media over Ham radio believe that FCC regulations will be rewrote at some point because of this new mode of communication, and Encryption will no longer be banned.  I do appreciate you looking out for me with this issue, but I will stick with disabling encryption to be sure it is all legal for the time being. I will also mention that this Email server is only on the Ham radio wireless network, and will never see the internet.

7 Reply by kd7vea

  • kd7vea
  • Member
  • Offline
  • Registered: 2018-05-13
  • Posts: 6

Re: can I disable all encryption on iredmail

I have commented out all lines in the redirect file, but my browser still takes me to "https", where else should I be looking.  after I get that, is it just a matter of when setting up clients, I need to use ports 25 and 143 instead of 465 and 993? thanks for the help in advance.

# Redirect webmail/SOGo/iredadmin to HTTPS
# location ~ ^/mail { rewrite ^ https://$host$request_uri?; }
# location ~ ^/mail/index.php$ { rewrite ^ https://$host/mail/; }
# location ~* ^/sogo { rewrite ^ https://$host/SOGo; }
# location ~ ^/iredadmin { rewrite ^ https://$host$request_uri?; }

8 Reply by sayso

  • sayso
  • Member
  • Offline
  • Registered: 2018-03-03
  • Posts: 43

Re: can I disable all encryption on iredmail

Ok. so never on the Internet? I guess I'll let you pass but I still don't recommend it...  smile

I missed that you are running apache. my bad.  so the redirects are a bit different. IF RH7 is like RH6 then look for Redirect rules in /etc/httpd/conf.d ...

If you're an old school DOS guy like me you might find it helpful to run "yum install mc" to get a norton commander clone. cd /etc/httpd then run mc at the prompt and start looking through all the files for redirects