English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
Cloudflare and Mdaemon
-
Thank you!
-
Hi Arron,
Thank you for your help. all seems to be working now. *knock on wood.
However, I did have one more question.
We currently have remember logon name by cookie and IP persistence turned off.
Reason was when Activesync connects, it changes IP address for some reason in mid session and I see errors in MDaemon log.
Something along the lines of invalid because connected IP is different. and session would disconnect.
This is causing a bit of issues as some of our users have multiple email accounts that they take care of.
They now could only have one session open at a time. Would there be any way to go around this and have multiple sessions at once?
Thank you.
-
For webmail, you should either remember names by cookie or require IP persistence. Remember names by cookie is the preferred method. If you do not have at least one enabled, your server is not secure.
For ActiveSync, authentication occurs for every request. It does not maintain a session in the same way that webmail does. The only thing close to a "session" is a PING or a SYNC WAIT, which are both methods for devices to tell the server to notify them when something changes.
If you want to login to multiple different webmail accounts at the same time, I'd suggest trying different browsers. For example, log into one account with Edge and a second account with Chrome. Another approach is to share 1 account with another so that you can login to 1 account and read the mail for both accounts.
-
Hey guys. A little late to the party. I went through something similar a few months agon on a new MD and CF deployment. As a general rule, CF is not supposed to be used on connections that are not human. Such as TCP services. You are just asking for headaches. Especially when CF goes down. And we know that can NEVER happen because it's the cloud right? ;). ActiveSync is unique in that it uses web ports. Two alternative solutions are, using a dedicated sub domain with no proxy like activesync.domain.com. Or, if you roll everything into one sub domain like mail.domain.com, consider using a security rule to exclude the URI path Aaron mentions above from the challenge. This way, you can challenge anyone hitting the root but not the specific path. Hope this helps.
Regards,
Drew
-
Thank you for the additional information Drew!
- 1
- 2 / 2
Please login to reply to this topic!
Search
Latest topics
Forum statistics
- Page views (24h):
- 422
- Page views (30d):
- 9,700
- Topics:
- 601
- Posts:
- 3,741
- Members:
- 747
