From orion at nwra.com Thu Mar 2 17:53:46 2023 From: orion at nwra.com (Orion Poplawski) Date: Thu, 2 Mar 2023 10:53:46 -0700 Subject: [ZendTo] FileLink Thunderbird Add-On References: Message-ID: Would anyone have interest in developing a Thunderbird FileLink Add-On for ZendTo? I think it might be quite useful. -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 https://www.nwra.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3847 bytes Desc: S/MIME Cryptographic Signature URL: From orion at nwra.com Thu Mar 2 17:59:10 2023 From: orion at nwra.com (Orion Poplawski) Date: Thu, 2 Mar 2023 10:59:10 -0700 Subject: [ZendTo] Installing Zendto on RHEL 9 with Security Profile In-Reply-To: References: Message-ID: On 1/3/23 12:09, Brad Beckenhauer via ZendTo wrote: > I build a test RHEL 9 server using the following Red Hat security profile: > > "Protection Profile for General Purpose Operating Systems" > This profile is part of Red Hat Enterprise Linux 9 Common Criteria Guidance > documenation for Target of Evaluation based on Protection Profile for > General Purpose Operating System (OSPP) version 4.2.1 and Functional > Package for SSH version 1.0 > > I was going to test using Zendto using this profile, but when attempting to > setup the yum repository: > > rpm --import https://zend.to/files/zendto.gpg.asc > > This error occurs: > warning: Signature not supported. ?Hash algorithm SHA1 not available. > error: https://zend.to/files/zendto.gpg.asc: key 1 import failed. > > $ /usr/bin/openssl ciphers -V > ? ? ? ? ? 0x13,0x02 - TLS_AES_256_GCM_SHA384 ? ? ? ? TLSv1.3 Kx=any ? ? > ?Au=any ? Enc=AESGCM(256) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0x13,0x01 - TLS_AES_128_GCM_SHA256 ? ? ? ? TLSv1.3 Kx=any ? ? > ?Au=any ? Enc=AESGCM(128) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 ?TLSv1.2 Kx=ECDH ? ? > Au=ECDSA Enc=AESGCM(256) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 ? ?TLSv1.2 Kx=ECDH ? ? > Au=RSA ? Enc=AESGCM(256) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0xC0,0x2B - ECDHE-ECDSA-AES128-GCM-SHA256 ?TLSv1.2 Kx=ECDH ? ? > Au=ECDSA Enc=AESGCM(128) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0xC0,0x2F - ECDHE-RSA-AES128-GCM-SHA256 ? ?TLSv1.2 Kx=ECDH ? ? > Au=RSA ? Enc=AESGCM(128) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0x00,0x9F - DHE-RSA-AES256-GCM-SHA384 ? ? ?TLSv1.2 Kx=DH ? ? ? > Au=RSA ? Enc=AESGCM(256) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0x00,0x9E - DHE-RSA-AES128-GCM-SHA256 ? ? ?TLSv1.2 Kx=DH ? ? ? > Au=RSA ? Enc=AESGCM(128) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0x00,0xA9 - PSK-AES256-GCM-SHA384 ? ? ? ? ?TLSv1.2 Kx=PSK ? ? > ?Au=PSK ? Enc=AESGCM(256) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0x00,0xA8 - PSK-AES128-GCM-SHA256 ? ? ? ? ?TLSv1.2 Kx=PSK ? ? > ?Au=PSK ? Enc=AESGCM(128) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0x00,0xAB - DHE-PSK-AES256-GCM-SHA384 ? ? ?TLSv1.2 Kx=DHEPSK ? > Au=PSK ? Enc=AESGCM(256) ? ? ? ? ? ?Mac=AEAD > ? ? ? ? ? 0x00,0xAA - DHE-PSK-AES128-GCM-SHA256 ? ? ?TLSv1.2 Kx=DHEPSK ? > Au=PSK ? Enc=AESGCM(128) ? ? ? ? ? ?Mac=AEAD > > So the protection profile eliminated the SHA1 algorithm. > > Is another cipher or option available that can be used to setup the yum > repository? ZendTo is going to need to produce a new GPG key with modern algorithms. -- Orion Poplawski IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 https://www.nwra.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3847 bytes Desc: S/MIME Cryptographic Signature URL: From zend.to at neilzone.co.uk Thu Mar 2 20:14:06 2023 From: zend.to at neilzone.co.uk (Neil Brown) Date: Thu, 2 Mar 2023 20:14:06 +0000 Subject: [ZendTo] FileLink Thunderbird Add-On In-Reply-To: References: Message-ID: On 23/03/02 10:53am, Orion Poplawski via ZendTo wrote: > Would anyone have interest in developing a Thunderbird FileLink Add-On for > ZendTo? I think it might be quite useful. I don't use Thunderbird, and I'm not sure how this would work in terms of zend.to's encryption, but I'd be happy to test it? Neil From klou at themusiclink.net Wed Mar 15 04:29:00 2023 From: klou at themusiclink.net (Kris Lou) Date: Tue, 14 Mar 2023 21:29:00 -0700 Subject: [ZendTo] Recaptcha not showing + China References: Message-ID: Is anybody currently having successful dropoffs to China? I have a dropoff that's missing the Recaptcha prompts. My ZendTo install sits behind an nginx reverse proxy (over https), and has the following line in /etc/httpd/conf.d/zendto-ssl.conf: Header set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net; connect-src 'self' 'unsafe-inline'; img-src data: *; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net" That was the previous fix, correct? Kris Lou klou at themusiclink.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From Massimo.Forni at turboden.it Wed Mar 15 07:35:11 2023 From: Massimo.Forni at turboden.it (Massimo Forni) Date: Wed, 15 Mar 2023 07:35:11 +0000 Subject: [ZendTo] Recaptcha not showing + China In-Reply-To: References: Message-ID: I have the same issue sometimes. I want to suggest an option to use Turnstile from Cloudflare https://www.cloudflare.com/products/turnstile/ With this in another app I have no issues with china bye ________________________________ From: ZendTo on behalf of Kris Lou via ZendTo Sent: Wednesday, March 15, 2023 05:29 To: ZendTo Users Cc: Kris Lou Subject: [ZendTo] Recaptcha not showing + China Is anybody currently having successful dropoffs to China? I have a dropoff that's missing the Recaptcha prompts. My ZendTo install sits behind an nginx reverse proxy (over https), and has the following line in /etc/httpd/conf.d/zendto-ssl.conf: Header set Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net; connect-src 'self' 'unsafe-inline'; img-src data: *; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net" That was the previous fix, correct? Kris Lou klou at themusiclink.net -- Massimo Forni ICT Manager Mobile: +393474110278 ________________________________ Turboden S.p.A. I via Cernaia 10 I 25124 Brescia I Italy t. +39 030 3552001 I f. +39 030 3552011 https://www.turboden.com Confidentiality notice: this message, together with its attachments, may contain strictly confidential and/or legally privileged information and it is destined solely to the intended addressee(s), who only may use it under his/their responsibility. Opinions, conclusions and other information contained in this message, that do not relate to the official business of this firm, shall be considered as not given or endorsed by it. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. Any use, disclosure, copying or distribution of the contents of this communication by a not-intended recipient or in violation of the purposes of this communication is strictly prohibited and may be unlawful. -- Massimo Forni - ICT Manager Turboden S.p.A. Turboden Turkey ORC Turbo Jenerat?r Sanayi Anonim ?irketi Registered Office: Barbaros Mahallesi Billur Sk. No. 23/8 ? ?ankaya / Ankara ? Turkey Headquarter: ?oraklar Mahallesi 5011 Sk. No:10/1 Alia?a/?zmir ? Turkey info at turboden.com.tr - www.turboden.com.tr ________________________________ Ticaret Sicil No: 382288 - Kavakl?dere V.D. 8690459813 Gizlilik Bildirim: Ekleriyle birlikte bu mesaj ?ok gizli bilgiler i?ermekte ve sadece yukar?da belirtilen al?c?ya (al?c?lara) bu bilgileri kendi sorumluluklar? alt?nda kullanmak ?zere y?nlendirilebilir. Bu mesaj? yetkisi olmad??? halde yanl??l?kla alan ya da okuyan ki?ilerin bu belgeleri saklama, kopyalama, yayma ya da yukar?da belirtilen al?c?(lar) d???ndaki ki?ilere da??tmas? kesinlikle yasakt?r. Confidentiality notice: this message, together with its attachments, contains strictly confidential information and is destined only to the addressee(s) identified above who only may use it under his/their responsibility. anyone who receives this message by mistake or reads it without entitlement is forewarned that keeping, copying, disseminating or distributing this message to persons other than the addressee(s) is strictly forbidden [Environment Logo] Bu yaz?n?n ??kt?s?n? almadan ?nce l?tfen ?evreyi d???n?n. Please consider the environment before printing this email -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jules at Zend.To Wed Mar 15 11:32:19 2023 From: Jules at Zend.To (Jules) Date: Wed, 15 Mar 2023 11:32:19 +0000 Subject: [ZendTo] Recaptcha not showing + China In-Reply-To: References: Message-ID: Ooh, I like the look of this from an initial read of the blurb! On 15/03/2023 07:35, Massimo Forni via ZendTo wrote: > I have the same issue sometimes. > I want to suggest an option to use Turnstile from Cloudflare > https://www.cloudflare.com/products/turnstile/ > With this in another app I have no issues with china > > bye > ------------------------------------------------------------------------ > *From:* ZendTo on behalf of Kris Lou via > ZendTo > *Sent:* Wednesday, March 15, 2023 05:29 > *To:* ZendTo Users > *Cc:* Kris Lou > *Subject:* [ZendTo] Recaptcha not showing + China > Is anybody currently having successful dropoffs to China? I have a > dropoff that's missing the Recaptcha prompts. > > My ZendTo install sits behind an nginx reverse proxy (over https), and > has the following line in /etc/httpd/conf.d/zendto-ssl.conf: > > ? Header set Content-Security-Policy "default-src 'none'; script-src > 'self' 'unsafe-inline' https://www.google.com > > https://www.gstatic.com > > https://www.recaptcha.net > ; > connect-src 'self' 'unsafe-inline'; img-src data: *; font-src 'self' > 'unsafe-inline' https://fonts.googleapis.com > > https://fonts.gstatic.com > ; > style-src 'self' 'unsafe-inline' https://fonts.googleapis.com > ; > frame-src 'self' 'unsafe-inline' https://www.google.com > > https://www.gstatic.com > > https://www.recaptcha.net > " > > That was the previous fix, correct? > > > Kris Lou > klou at themusiclink.net > > > -- > > *Massimo Forni* > ICT Manager > > Mobile: +393474110278 > > ------------------------------------------------------------------------ > > *Turboden S.p.A.* *I* via Cernaia 10 *I* 25124 Brescia *I* Italy > t. +39 030 3552001 *I* f. +39 030 3552011 > https://www.turboden.com > > > *Confidentiality notice*: this message, together with its attachments, > may contain strictly confidential and/or legally privileged > information and it is destined solely to the intended addressee(s), > who only may use it under his/their responsibility. Opinions, > conclusions and other information contained in this message, that do > not relate to the official business of this firm, shall be considered > as not given or endorsed by it. If you have received this > communication in error, please notify us immediately by responding to > this email and then delete it from your system. Any use, disclosure, > copying or distribution of the contents of this communication by a > not-intended recipient or in violation of the purposes of this > communication is strictly prohibited and may be unlawful. > > -- > > *Massimo Forni* - ICT Manager > Turboden S.p.A. > > > Turboden Turkey ORC Turbo > Jenerat?r Sanayi Anonim ?irketi > Registered Office: Barbaros Mahallesi Billur Sk. No. 23/8 ? ?ankaya / > Ankara ? Turkey > Headquarter: ?oraklar Mahallesi 5011 Sk. No:10/1 Alia?a/?zmir ? Turkey > info at turboden.com.tr - www.turboden.com.tr > ------------------------------------------------------------------------ > Ticaret Sicil No: 382288 - Kavakl?dere V.D. 8690459813 > > *Gizlilik Bildirim:* Ekleriyle birlikte bu mesaj ?ok gizli bilgiler > i?ermekte ve sadece yukar?da belirtilen al?c?ya (al?c?lara) bu > bilgileri kendi sorumluluklar? alt?nda kullanmak ?zere > y?nlendirilebilir. Bu mesaj? yetkisi olmad??? halde yanl??l?kla alan > ya da okuyan ki?ilerin bu belgeleri saklama, kopyalama, yayma ya da > yukar?da belirtilen al?c?(lar) d???ndaki ki?ilere da??tmas? kesinlikle > yasakt?r. > *Confidentiality notice:*this message, together with its attachments, > contains strictly confidential information and is destined only to the > addressee(s) identified above who only may use it under his/their > responsibility. anyone who receives this message by mistake or reads > it without entitlement is forewarned that keeping, copying, > disseminating or distributing this message to persons other than the > addressee(s) is strictly forbidden > > Environment Logo Bu yaz?n?n ??kt?s?n? almadan ?nce l?tfen ?evreyi > d???n?n. Please consider the environment before printing this email > > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'It's okay to live without all the answers' - Charlie Eppes, 2011 www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From klou at themusiclink.net Thu Mar 16 00:12:22 2023 From: klou at themusiclink.net (Kris Lou) Date: Wed, 15 Mar 2023 17:12:22 -0700 Subject: [ZendTo] Recaptcha not showing + China In-Reply-To: References: Message-ID: Looking into this a little further (also to play around with Turnstile), I'm noticing the following: # grep -R siteverify * ReCaptcha/ReCaptcha.php: * Calls the reCAPTCHA siteverify API to verify whether the user passes ReCaptcha/RequestMethod/CurlPost.php: const SITE_VERIFY_URL = ' https://www.recaptcha.net/recaptcha/api/siteverify'; ReCaptcha/RequestMethod/Post.php: const SITE_VERIFY_URL = ' https://www.google.com/recaptcha/api/siteverify'; ReCaptcha/RequestMethod/SocketPost.php: const SITE_VERIFY_PATH = '/recaptcha/api/siteverify'; Are Post.php and SocketPost.php supposed to reference the google.com path, or the recaptcha.net URLs? -------------- next part -------------- An HTML attachment was scrubbed... URL: From jules at zend.to Fri Mar 17 10:21:51 2023 From: jules at zend.to (jules at zend.to) Date: Fri, 17 Mar 2023 10:21:51 +0000 Subject: [ZendTo] Recaptcha not showing + China In-Reply-To: References: <90e83bbc-bd36-bca1-3d56-71f580c29d8f@Zend.To> Message-ID: Kris, The method I use is CurlPost. So the erroneous URL in Post.php doesn't get used anyway. Cheers, Jules. On 16/03/2023 00:12, Kris Lou via ZendTo wrote: > Looking into this a little further (also to play around with > Turnstile), I'm noticing the following: > > # grep -R siteverify * > ReCaptcha/ReCaptcha.php: ? ? * Calls the reCAPTCHA siteverify API to > verify whether the user passes > ReCaptcha/RequestMethod/CurlPost.php: ? ?const SITE_VERIFY_URL = > 'https://www.recaptcha.net/recaptcha/api/siteverify'; > ReCaptcha/RequestMethod/Post.php: ? ?const SITE_VERIFY_URL = > 'https://www.google.com/recaptcha/api/siteverify'; > ReCaptcha/RequestMethod/SocketPost.php: ? ?const SITE_VERIFY_PATH = > '/recaptcha/api/siteverify'; > > Are Post.php and SocketPost.php supposed to reference the google.com > path, or the recaptcha.net > URLs? > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'It's okay to live without all the answers' - Charlie Eppes, 2011 www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From klou at themusiclink.net Tue Mar 21 21:23:20 2023 From: klou at themusiclink.net (Kris Lou) Date: Tue, 21 Mar 2023 14:23:20 -0700 Subject: [ZendTo] Recaptcha not showing + China In-Reply-To: References: <90e83bbc-bd36-bca1-3d56-71f580c29d8f@Zend.To> Message-ID: With the CloudFlare Turnstile Site Key (as recaptchaPublicKey), Secret Key (as recaptchaPrivateKey) and using "?compat=recaptcha", the following seems to work. /opt/zendto/templates/header.tpl 43,44c43,44 < grecaptcha.render('google-recaptcha', { < 'sitekey' : '{$recaptchaSiteKey}' --- > grecaptcha.render('cf-turnstile', { > 'sitekey' : '{$recaptchaSiteKey}' 51c51,52 < --- > > 53c54,55 < --- > > /opt/zendto/templates/pickupcheck.tpl 29c29,30 <
--- > >
/opt/zendto/templates/verify.tpl 155c155,156 <
--- > >
/opt/zendto/www/ReCaptcha/RequestMethod/CurlPost.php 43,44c43,44 < const SITE_VERIFY_URL = ' https://www.recaptcha.net/recaptcha/api/siteverify'; < --- > // const SITE_VERIFY_URL = ' https://www.recaptcha.net/recaptcha/api/siteverify'; > const SITE_VERIFY_URL = ' https://challenges.cloudflare.com/turnstile/v0/siteverify'; Kris Lou klou at themusiclink.net On Fri, Mar 17, 2023 at 3:21?AM wrote: > Kris, > > The method I use is CurlPost. So the erroneous URL in Post.php doesn't get > used anyway. > > Cheers, > Jules. > > On 16/03/2023 00:12, Kris Lou via ZendTo wrote: > > Looking into this a little further (also to play around with Turnstile), > I'm noticing the following: > > # grep -R siteverify * > ReCaptcha/ReCaptcha.php: * Calls the reCAPTCHA siteverify API to > verify whether the user passes > ReCaptcha/RequestMethod/CurlPost.php: const SITE_VERIFY_URL = ' > https://www.recaptcha.net/recaptcha/api/siteverify'; > ReCaptcha/RequestMethod/Post.php: const SITE_VERIFY_URL = ' > https://www.google.com/recaptcha/api/siteverify'; > ReCaptcha/RequestMethod/SocketPost.php: const SITE_VERIFY_PATH = > '/recaptcha/api/siteverify'; > > Are Post.php and SocketPost.php supposed to reference the google.com > path, or the recaptcha.net URLs? > > _______________________________________________ > ZendTo mailing listZendTo at zend.tohttp://jul.es/mailman/listinfo/zendto > > > Jules > > -- > Julian Field MEng CEng CITP MBCS MIEEE MACM > > 'It's okay to live without all the answers' - Charlie Eppes, 2011 > www.Zend.To > Twitter: @JulesFM > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ssilva at sgvwater.com Tue Mar 28 00:43:52 2023 From: ssilva at sgvwater.com (Scott Silva) Date: Mon, 27 Mar 2023 23:43:52 +0000 Subject: [ZendTo] Rocky Linux 9 install References: <42b19bf9165d4ea993ce84632d5c44e4@sgvwater.com> Message-ID: How thoroughly tested is the installer on Rocky Linux 9? I get a bunch of errors saying the opt/zendto directories are not there and they weren't... Tried cloning the files from the existing system I am trying to migrate and I stlll get errors... -- Scott Silva Network Administrator San Gabriel Valley Water Company Fontana Water Company 15966 Arrow Blvd. Fontana CA 92335 www.sgvwater.com