Hi Chris,

I tested now this option per vdomain and it doesn't work.
It allow login without ssl.

vdomain address="x.x.x.x" name="domain.tld"
	ssl_require_login "*,!127.0.0.1"

I tried reload and restart.

Can you check?

Regards,
Darko Bazulj

On 12/17/2013 2:12 AM, surgemail-support wrote:
> You add to each domain (except the new one)
>      ssl_require_login "*,!127.0.0.1"
> I suggest you do this in the ini file directly.
>          ChrisP.
>
>     Hi Chris,
>     I have this version
>     SurgeMail Version 6.5b-39, Built Nov 25 2013 10:43:43, Platform Windows
>     Now I downloaded again and I see
>     SurgeMail Version 6.5b-44, Built Dec 17 2013 09:21:17, Platform Windows
>     I can find now ssl_require_login :)
>     I clear g_ssl_require_login but not sure what I need to do now.
>     Enter all domains in that field like
>     domain1.tld,domain2.tld,domain3.tld.....
>     I expected to see some check box per each vdomain.
>     I have a lot of domains on system and not sure if this is practical
>     and maybe there is some limit on field length.
>     On this system non-ssl access is not allowed for client to
>     send/receive mails.
>     So basically I have to add all domains to ssl_require list except
>     this one which I want to migrate.
>     I wouldn't play with this if they have several accounts but they
>     have almost 2000 accounts. They are university and I know it is not
>     practical to do all changes in one step for them.
>     Maybe you can add ssl_require_login_exclude option.
>     Can you confirm/suggest what to do?
>     Regards,
>     Darko Bazulj
>     On 12/17/2013 1:16 AM, surgemail-support wrote:
>
>         Check you have the right build:
>         surgemail -version
>         SurgeMail Version 6.5b-44, Built Dec 17 2013 09:21:17, Platform
>         Windows
>         Then you remove the global setting and add the setting to each
>         domain,
>         you should definitely be able to find the setting by searching
>         in the
>         admin interface.
>         ChrisP.
>         Hi Chris,
>         I copied new surgemail binary but I don't see ssl_require_login
>         option per vdomain. I also tried to search withouth sucess.
>         Or I just add that property in surgemail.ini and reload?
>         What about g_ssl_require_login
>         Do I clear that setting and add ssl_require_login for each vdomain
>         except for one which I will migrate?
>         And this parameter is per vdomain or per IP?
>         Can you just clarify so I don't do mistake or wrong assumptions.
>         Regards,
>         Darko Bazulj
>         On 12/16/2013 8:40 PM, surgemail-support wrote:
>         HEre is a binary, use the new domain level setting
>         ssl_require_login
>         instead to do what you want.
>         http://netwinsite.com/ftp/misc/v1.zip
>         ChrisP.
>         Hi,
>         I'm on windows 2008 R2 SP1 x64.
>         Regards,
>         Darko Bazulj
>         On 12/16/2013 2:22 AM, surgemail-support wrote:
>         Ahh I understand your issue now. No sorry it doesn't have such a
>         setting. Yes we can add one, what platform are you on.
>         ChrisP.
>         Hi,
>         g_ssl_require_login - check source IP and I don't know from where
>         all client will connect or from which ISP.
>         I tried to exclude local surgemail IP on list but I got error as
>         expected because source address is checked.
>         After pass POP3 statement I get error
>         pass PASSWORD
>         -ERR SSL required for ip (213.191.158.158)
>         quit
>         +OK closing connection
>         This is why I've idea to put domain on dedicated IP and somehow to
>         disable g_ssl_require_login check on that IP during transition
>         phase.
>         If this feature doesn't exist is it possible to implement it?
>         Regards,
>         Darko Bazulj
>         On 12/15/2013 8:15 PM, surgemail-support wrote:
>         Just extend this setting (using numbers and wild cards... e.g.
>         to add
>         10.1.2.* )
>         g_ssl_require_login *,!127.0.0.1,!10.1.2.*
>         ChrisP.
>         Hi,
>         I have several IPs on machine.
>         Only SSL access is enabled for client access.
>         g_ssl_require_login *,!127.0.0.1
>         g_ssl_allow "*"
>         g_ssl_allow_imap "*"
>         g_ssl_require_web "TRUE"
>         g_ssl_try_out "*"
>         g_ssl_disable_sslv2 "TRUE"
>         g_ssl_sha1_sign "TRUE"
>         I have to move client with ~2000 users.
>         For his domain I will setup dedicated IP.
>         Can I somehow exclude that local IP from forcing/checking for SSL?
>         I can't control source IPs from where they will be accessing this
>         mail system.
>         We need this for transition phase.
>         Maybe I'm missing some option like
>         g_ssl_exclude_local_ip
>         Regards,
>         Darko Bazulj
>