Search found 16 matches

by mibyge
2019-04-13 18:18
Forum: General discussions
Topic: Invalid CSRF token error when logging in to PHPWebAdmin
Replies: 5
Views: 501

Re: Invalid CSRF token error when logging in to PHPWebAdmin

The issue has been resolved after doing some investigating via Process Monitor. I found that an error was logged to the "php-errors.log" file with entries like below. [13-Apr-2019 18:00:35] PHP Warning: session_start(): open(D:\path\to\PHPsessions\sess_aojhpmm6ahe2qe0p3ker1u4j06, O_RDWR) failed: Per...
by mibyge
2019-04-10 22:25
Forum: General discussions
Topic: Invalid CSRF token error when logging in to PHPWebAdmin
Replies: 5
Views: 501

Re: Invalid CSRF token error when logging in to PHPWebAdmin

What webserver do you run phpWebAdmin from? Is this the same machine that runs hMailserver? I'm using IIS10 that comes with Windows Server 2016 and everything (web and mail) is on the same server. It used to work fine for a long time, but it stopped working at one point. I unfortunately don't know ...
by mibyge
2019-04-08 22:34
Forum: General discussions
Topic: Invalid CSRF token error when logging in to PHPWebAdmin
Replies: 5
Views: 501

Re: Invalid CSRF token error when logging in to PHPWebAdmin

mattg wrote:
2019-04-08 09:03
simply clear browser cache and try again (or with another browser).
Thank you for the suggestion, but allow me to quote myself :wink:

I've tried multiple browsers from multiple devices (including the server), but it's the same error every time.
by mibyge
2019-04-07 18:52
Forum: General discussions
Topic: Invalid CSRF token error when logging in to PHPWebAdmin
Replies: 5
Views: 501

Invalid CSRF token error when logging in to PHPWebAdmin

Hello. I've been unable to use PHPWebAdmin/hMailAdmin for a while now because I get an "Invalid CSRF token." error when I try to log in. I've tried multiple browsers from multiple devices (including the server), but it's the same error every time. I've verified that the "rooturl" value in the config...
by mibyge
2019-04-07 18:48
Forum: Development & alpha discussions
Topic: hMailServer web-interface redesign
Replies: 162
Views: 40000

Re: hMailServer web-interface redesign

coax wrote:
2019-04-06 11:27
In hMailAdmin we left all the core coding (including CSRF validation) same as PHPWebAdmin, so try to log in to PHPWebAdmin to see if you get the same error.
I get the same error with the default PHPWebAdmin.

I'll try asking the question in the general forum then.

Thanks.
by mibyge
2019-04-05 22:25
Forum: Development & alpha discussions
Topic: hMailServer web-interface redesign
Replies: 162
Views: 40000

Re: hMailServer web-interface redesign

coax wrote:
2019-04-03 20:22
Check rooturl in your config and make sure you're logging in from the same URL (double check for missing www or https in your URL where you try to log in).
They match. I've even tried to copy/paste the URL from the config file directly into the browser to be completely sure.
by mibyge
2019-04-03 19:18
Forum: Development & alpha discussions
Topic: hMailServer web-interface redesign
Replies: 162
Views: 40000

Re: hMailServer web-interface redesign

Hello. I've been using your fantastic redesign for a long time, but I've been unable to use it for a while now because I get an "Invalid CSRF token." error when I try to log in. I've tried multiple browsers from multiple devices (including the server), but it's the same error every time. I suspect t...
by mibyge
2018-07-19 21:27
Forum: General discussions
Topic: Understanding the SSL/TLS ciphers list
Replies: 11
Views: 3938

Re: Understanding the SSL/TLS ciphers list

Bits.PNG
Bits.PNG (6.02 KiB) Viewed 3867 times
hms cipher status.PNG
by mibyge
2018-07-19 21:26
Forum: General discussions
Topic: Understanding the SSL/TLS ciphers list
Replies: 11
Views: 3938

Re: Understanding the SSL/TLS ciphers list

Here's my stats from my relatively small mail server. This is just raw data without much formatting, so hope it makes sense :wink:

Overall.PNG
SSL version.PNG
SSL version.PNG (10.97 KiB) Viewed 3867 times
Cipher.PNG
by mibyge
2018-07-17 09:43
Forum: General discussions
Topic: Understanding the SSL/TLS ciphers list
Replies: 11
Views: 3938

Re: Understanding the SSL/TLS ciphers list

Here's my current cipher list - it should be the default one as I've never changed it. ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECD...
by mibyge
2018-07-16 17:42
Forum: General discussions
Topic: Understanding the SSL/TLS ciphers list
Replies: 11
Views: 3938

Understanding the SSL/TLS ciphers list

Hello. I was curious to know which SSL/TLS ciphers that are actually being used by my mail server as I had the idea, that I could remove the unused and unsafe ones to tighten security a bit. To do that, I've made my own PowerShell script that analyzes the hMailServer log files to gather some statist...
by mibyge
2018-03-23 19:44
Forum: Development & alpha discussions
Topic: hMailServer web-interface redesign
Replies: 162
Views: 40000

Re: hMailServer web-interface redesign

RvdH wrote:
2018-03-23 10:19
@mibyge
In your config.php change the $hmail_config['rooturl'] variable to include https://
Seems to work, thanks :)
by mibyge
2018-03-23 00:17
Forum: Development & alpha discussions
Topic: hMailServer web-interface redesign
Replies: 162
Views: 40000

Re: hMailServer web-interface redesign

Hi. I've just added HTTPS support to my hMailServer admin site, but there seems to be an issue with the login form. Could you perhaps have a look at the login page to deal with the following "complaint" from Google Chrome? ------------- Resources - non-secure form This page includes a form with a no...
by mibyge
2017-11-27 00:51
Forum: User-submitted tutorials
Topic: HOW TO: Ready-To-Go Backup and Cleardown script
Replies: 151
Views: 26542

Re: HOW TO: Ready-To-Go Backup and Cleardown script

Hi :) First of all, thanks a lot for the script. Looks great. I'm currently building a new server and intend to use this method for backup on the new server, so I wanted to test it a bit before using it in production. Based on my testing, I'd like to suggest the 2 following changes to the batch scri...
by mibyge
2017-01-29 23:49
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 2489

Re: ClamAV service fails periodically

The only thing I could suggest is strip back your definitions back to using the defaults and apply them one-by-one starting with just the default, test, then add Sane Defs (as recommended in my original post), test, and then add securiteinfo defs and test again. (FWIW I dont think you need securite...
by mibyge
2017-01-29 22:41
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 2489

ClamAV service fails periodically

Hello. I've set up ClamAV as a service as described in https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829 and it's generally speaking working quite well. However, I'm periodically seeing what seems to be ClamAV having an issue with loading the AV definitions. This results in the service fa...