Hello there,
I have been trying to make the patch work for libwrap(TCP
Wrappers) posted on http://dovecot.org/patches
<http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could
not
get it work. Any help will be highly appreciated. After compiling and
running it I get error "Error: login_tcp_wrappers can't be used because
Dovecot wasn't built with libwrap"
Dovecot Version dovecot-1.1.5
OS CENTOS 5.1
Thankyou
Tahir Riaz
Assistant Director (Systems)
COMSATS Internet Services
COMSATS Headquarters Building
9, Shahrah-e-Jamhuriat, G-5/2
Islamabad.
> "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with libwrap"What does the configure script tell you about "tcpd.h usability" and "tcpd.h presence"? What does config.log say about them?
Btw, I've updated the patch for 1.1.6, see attached file.
-------------- next part --------------
--- configure.in.orig 2008-06-22 13:02:27.000000000 +0200
+++ configure.in 2008-07-23 15:05:00.000000000 +0200
@@ -61,6 +61,15 @@
notify=$withval,
notify=)
+AC_ARG_WITH(libwrap,
+[ --with-libwrap Build with libwrap, ie. TCP-wrappers (default)],
+ if test x$withval = xno; then
+ want_libwrap=no
+ else
+ want_libwrap=yes
+ fi,
+ want_libwrap=yes)
+
AC_ARG_WITH(linux-quota,
[ --with-linux-quota=n Linux quota version to use (default: system's)],
AC_DEFINE_UNQUOTED(_LINUX_QUOTA_VERSION, $withval,
@@ -1554,6 +1563,30 @@
fi
dnl **
+dnl ** TCP wrappers
+dnl **
+
+if test "$want_libwrap" = "yes"; then
+ AC_CHECK_HEADER(tcpd.h, [
+ old_LIBS=$LIBS
+ LIBS="$LIBS -lwrap"
+ AC_TRY_LINK([
+ #include <tcpd.h>
+ int allow_severity;
+ int deny_severity;
+ struct request_info request;
+ ], [
+ request_init(&request, 0);
+ ], [
+ AC_DEFINE(HAVE_LIBWRAP,, Define if you have libwrap)
+ LIBWRAP_LIBS=-lwrap
+ AC_SUBST(LIBWRAP_LIBS)
+ ])
+ LIBS=$old_LIBS
+ ])
+fi
+
+dnl **
dnl ** userdb and passdb checks
dnl **
--- dovecot-example.conf.orig 2008-07-07 18:57:31.000000000 +0200
+++ dovecot-example.conf 2008-07-07 18:57:31.000000000 +0200
@@ -171,6 +171,11 @@
# Greeting message for clients.
#login_greeting = Dovecot ready.
+# Use TCP wrappers for incoming connection access checks. This requires that
+# Dovecot was compiled with libwrap. Note that this setting requires
+# login_process_per_connection=yes.
+#login_tcp_wrappers = no
+
# Space-separated list of elements we want to log. The elements which have
# a non-empty variable value are joined together to form a comma-separated
# string.
--- src/imap-login/Makefile.am.orig 2008-06-12 08:45:10.000000000 +0200
+++ src/imap-login/Makefile.am 2008-07-07 18:57:31.000000000 +0200
@@ -13,7 +13,8 @@
../lib-imap/libimap.a \
../lib-auth/libauth.a \
../lib/liblib.a \
- $(SSL_LIBS)
+ $(SSL_LIBS) \
+ $(LIBWRAP_LIBS)
imap_login_SOURCES = \
client.c \
--- src/login-common/main.c.orig 2008-10-26 16:03:45.000000000 +0100
+++ src/login-common/main.c 2008-11-06 13:54:01.000000000 +0100
@@ -19,8 +19,16 @@
#include <unistd.h>
#include <syslog.h>
+#ifdef HAVE_LIBWRAP
+# include <tcpd.h>
+# include <syslog.h>
+int allow_severity = LOG_INFO;
+int deny_severity = LOG_WARNING;
+# include "str.h"
+#endif
+
bool disable_plaintext_auth, process_per_connection, greeting_capability;
-bool verbose_proctitle, verbose_ssl, verbose_auth, auth_debug;
+bool verbose_proctitle, verbose_ssl, verbose_auth, auth_debug, tcp_wrappers;
bool ssl_require_client_cert;
const char *greeting, *log_format;
const char *const *log_format_elements;
@@ -75,6 +83,45 @@
io_loop_stop(ioloop);
}
+static void access_check(int fd, const struct ip_addr *ip, bool ssl)
+{
+#ifdef HAVE_LIBWRAP
+ struct request_info req;
+ char *daemon;
+ string_t *process_name_ssl;
+
+ if (!tcp_wrappers)
+ return;
+ if (!process_per_connection)
+ i_fatal("Tried to use TCP wrapers with process_per_connection=no");
+
+ if (ssl) {
+ process_name_ssl = t_str_new(20);
+ str_append(process_name_ssl, process_name);
+ str_append(process_name_ssl, "-ssl");
+ daemon = str_c(process_name_ssl);
+ } else {
+ daemon = process_name;
+ }
+ request_init(&req,
+ RQ_FILE, fd,
+ RQ_CLIENT_ADDR, net_ip2addr(ip),
+ RQ_DAEMON, daemon,
+ 0);
+ fromhost(&req);
+
+ if (!hosts_access(&req)) {
+ i_error("Connection refused by tcp-wrappers: %s",
+ net_ip2addr(ip));
+ refuse(&req);
+ i_unreached();
+ }
+ if (ssl) {
+ str_free(&process_name_ssl);
+ }
+#endif
+}
+
static void login_accept(void *context)
{
int listen_fd = POINTER_CAST_TO(context, int);
@@ -89,6 +136,7 @@
i_error("accept() failed: %m");
return;
}
+ access_check(fd, &remote_ip, FALSE);
if (net_getsockname(fd, &local_ip, &local_port) < 0) {
memset(&local_ip, 0, sizeof(local_ip));
@@ -120,6 +168,7 @@
i_error("accept() failed: %m");
return;
}
+ access_check(fd, &remote_ip, TRUE);
if (net_getsockname(fd, &local_ip, &local_port) < 0) {
memset(&local_ip, 0, sizeof(local_ip));
@@ -319,6 +368,7 @@
verbose_auth = getenv("VERBOSE_AUTH") != NULL;
auth_debug = getenv("AUTH_DEBUG") != NULL;
ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL;
+ tcp_wrappers = getenv("TCP_WRAPPERS") != NULL;
greeting = getenv("GREETING");
if (greeting == NULL)
@@ -419,11 +469,12 @@
restrict_access_by_env() is called */
lib_init();
+ process_name = strrchr(argv[0], '/');
+ process_name = process_name == NULL ? argv[0] : process_name+1;
+
if (is_inetd) {
/* running from inetd. create master process before
dropping privileges. */
- process_name = strrchr(argv[0], '/');
- process_name = process_name == NULL ? argv[0] : process_name+1;
group_name = t_strcut(process_name, '-');
for (i = 1; i < argc; i++) {
--- src/master/login-process.c.orig 2008-06-12 23:38:01.000000000 +0200
+++ src/master/login-process.c 2008-07-07 19:51:45.000000000 +0200
@@ -573,6 +573,8 @@
env_put(t_strconcat("LOG_FORMAT=", set->login_log_format, NULL));
if (set->login_greeting_capability)
env_put("GREETING_CAPABILITY=1");
+ if (set->login_tcp_wrappers)
+ env_put("TCP_WRAPPERS=1");
if (group->mail_process_type == PROCESS_TYPE_IMAP) {
env_put(t_strconcat("CAPABILITY_STRING=",
--- src/master/master-settings.c.orig 2008-06-21 15:09:16.000000000 +0200
+++ src/master/master-settings.c 2008-07-07 20:28:37.000000000 +0200
@@ -208,6 +208,7 @@
MEMBER(login_process_per_connection) TRUE,
MEMBER(login_chroot) TRUE,
MEMBER(login_greeting_capability) FALSE,
+ MEMBER(login_tcp_wrappers) FALSE,
MEMBER(login_process_size) 64,
MEMBER(login_processes_count) 3,
@@ -479,6 +480,7 @@
fix_base_path(auth->parent->defaults, &s->master.path);
fix_base_path(auth->parent->defaults, &s->client.path);
}
+
return TRUE;
}
@@ -861,6 +863,20 @@
return FALSE;
}
#endif
+
+ if (!set->login_process_per_connection &&
set->login_tcp_wrappers) {
+ i_error("login_process_per_connection=no can't be used with "
+ "login_tcp_wrappers=yes");
+ return FALSE;
+ }
+#ifndef HAVE_LIBWRAP
+ if (set->login_tcp_wrappers) {
+ i_error("login_tcp_wrappers can't be used because "
+ "Dovecot wasn't built with libwrap");
+ return FALSE;
+ }
+#endif
+
return TRUE;
}
--- src/master/master-settings-defs.c.orig 2008-07-07 20:06:11.000000000 +0200
+++ src/master/master-settings-defs.c 2008-07-07 19:55:08.000000000 +0200
@@ -46,6 +46,7 @@
DEF_BOOL(login_process_per_connection),
DEF_BOOL(login_chroot),
DEF_BOOL(login_greeting_capability),
+ DEF_BOOL(login_tcp_wrappers),
DEF_INT(login_process_size),
DEF_INT(login_processes_count),
--- src/master/master-settings.h.orig 2008-06-12 08:45:10.000000000 +0200
+++ src/master/master-settings.h 2008-07-07 18:57:31.000000000 +0200
@@ -60,6 +60,7 @@
bool login_process_per_connection;
bool login_chroot;
bool login_greeting_capability;
+ bool login_tcp_wrappers;
unsigned int login_process_size;
unsigned int login_processes_count;
--- src/pop3-login/Makefile.am.orig 2008-06-12 08:45:10.000000000 +0200
+++ src/pop3-login/Makefile.am 2008-07-07 18:57:31.000000000 +0200
@@ -11,7 +11,8 @@
../login-common/liblogin-common.a \
../lib-auth/libauth.a \
../lib/liblib.a \
- $(SSL_LIBS)
+ $(SSL_LIBS) \
+ $(LIBWRAP_LIBS)
pop3_login_SOURCES = \
client.c \
> After compiling and running itJust to make sure: You did run autoconf/automake/autoheader before configuring?
Hello, Again the same issue. The patch is not working again. There are no signs of tcpd.h in config.log. Do I have to make changes in configure script also. I am not a pogrammer so I follwed the step by step instructions on editing the described file. Are some other steps required ? configure is used with following parameters ./configure --prefix=/userdata/usr/local/dovecot-1.1.6 --with-libwrap --with-zlib --with-storages=maildir,mbox,raw Thankyou Tahir Riaz Assistant Director (Systems) COMSATS Internet Services COMSATS Headquarters Building 9, Shahrah-e-Jamhuriat, G-5/2 Islamabad. -----Original Message----- From: dovecot-bounces+tahir.riaz=comsats.net.pk at dovecot.org [mailto:dovecot-bounces+tahir.riaz=comsats.net.pk at dovecot.org] On Behalf Of dovecot-request at dovecot.org Sent: Friday, November 07, 2008 4:48 PM To: dovecot at dovecot.org Subject: dovecot Digest, Vol 67, Issue 19 Send dovecot mailing list submissions to dovecot at dovecot.org To subscribe or unsubscribe via the World Wide Web, visit http://dovecot.org/cgi-bin/mailman/listinfo/dovecot or, via email, send a message with subject or body 'help' to dovecot-request at dovecot.org You can reach the person managing the list at dovecot-owner at dovecot.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dovecot digest..." Today's Topics: 1. Re: Cannot get the libwrap patch work (Edgar Fu?) 2. libwrap patch for 1.1.6 (Edgar Fu?) 3. Re: Cannot get the libwrap patch work (Edgar Fu?) 4. Problem witch dovecot-auth (Grzegorz Zalewski) 5. Problem witch dovecot-auth continue (Grzegorz Zalewski) 6. limit logins by time (Andre H?bner) 7. Re: limit logins by time (Timo Sirainen) 8. Re: limit logins by time (Andre H?bner) 9. Re: limit logins by time (Timo Sirainen) ---------------------------------------------------------------------- Message: 1 Date: Fri, 7 Nov 2008 12:01:43 +0100 From: Edgar Fu? <ef at math.uni-bonn.de> Subject: Re: [Dovecot] Cannot get the libwrap patch work To: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <20081107110142.GA304 at orion.math.uni-bonn.de> Content-Type: text/plain; charset=us-ascii> "Error: login_tcp_wrappers can't be used because Dovecot wasn't built withlibwrap" What does the configure script tell you about "tcpd.h usability" and "tcpd.h presence"? What does config.log say about them? ------------------------------ Message: 2 Date: Fri, 7 Nov 2008 12:05:26 +0100 From: Edgar Fu? <ef at math.uni-bonn.de> Subject: [Dovecot] libwrap patch for 1.1.6 To: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <20081107110526.GB304 at orion.math.uni-bonn.de> Content-Type: text/plain; charset="us-ascii" Btw, I've updated the patch for 1.1.6, see attached file. -------------- next part -------------- --- configure.in.orig 2008-06-22 13:02:27.000000000 +0200 +++ configure.in 2008-07-23 15:05:00.000000000 +0200 @@ -61,6 +61,15 @@ notify=$withval, notify=) +AC_ARG_WITH(libwrap, +[ --with-libwrap Build with libwrap, ie. TCP-wrappers (default)], + if test x$withval = xno; then + want_libwrap=no + else + want_libwrap=yes + fi, + want_libwrap=yes) + AC_ARG_WITH(linux-quota, [ --with-linux-quota=n Linux quota version to use (default: system's)], AC_DEFINE_UNQUOTED(_LINUX_QUOTA_VERSION, $withval, @@ -1554,6 +1563,30 @@ fi dnl ** +dnl ** TCP wrappers +dnl ** + +if test "$want_libwrap" = "yes"; then + AC_CHECK_HEADER(tcpd.h, [ + old_LIBS=$LIBS + LIBS="$LIBS -lwrap" + AC_TRY_LINK([ + #include <tcpd.h> + int allow_severity; + int deny_severity; + struct request_info request; + ], [ + request_init(&request, 0); + ], [ + AC_DEFINE(HAVE_LIBWRAP,, Define if you have libwrap) + LIBWRAP_LIBS=-lwrap + AC_SUBST(LIBWRAP_LIBS) + ]) + LIBS=$old_LIBS + ]) +fi + +dnl ** dnl ** userdb and passdb checks dnl ** --- dovecot-example.conf.orig 2008-07-07 18:57:31.000000000 +0200 +++ dovecot-example.conf 2008-07-07 18:57:31.000000000 +0200 @@ -171,6 +171,11 @@ # Greeting message for clients. #login_greeting = Dovecot ready. +# Use TCP wrappers for incoming connection access checks. This requires +that # Dovecot was compiled with libwrap. Note that this setting +requires # login_process_per_connection=yes. +#login_tcp_wrappers = no + # Space-separated list of elements we want to log. The elements which have # a non-empty variable value are joined together to form a comma-separated # string. --- src/imap-login/Makefile.am.orig 2008-06-12 08:45:10.000000000 +0200 +++ src/imap-login/Makefile.am 2008-07-07 18:57:31.000000000 +0200 @@ -13,7 +13,8 @@ ../lib-imap/libimap.a \ ../lib-auth/libauth.a \ ../lib/liblib.a \ - $(SSL_LIBS) + $(SSL_LIBS) \ + $(LIBWRAP_LIBS) imap_login_SOURCES = \ client.c \ --- src/login-common/main.c.orig 2008-10-26 16:03:45.000000000 +0100 +++ src/login-common/main.c 2008-11-06 13:54:01.000000000 +0100 @@ -19,8 +19,16 @@ #include <unistd.h> #include <syslog.h> +#ifdef HAVE_LIBWRAP +# include <tcpd.h> +# include <syslog.h> +int allow_severity = LOG_INFO; +int deny_severity = LOG_WARNING; +# include "str.h" +#endif + bool disable_plaintext_auth, process_per_connection, greeting_capability; -bool verbose_proctitle, verbose_ssl, verbose_auth, auth_debug; +bool verbose_proctitle, verbose_ssl, verbose_auth, auth_debug, +tcp_wrappers; bool ssl_require_client_cert; const char *greeting, *log_format; const char *const *log_format_elements; @@ -75,6 +83,45 @@ io_loop_stop(ioloop); } +static void access_check(int fd, const struct ip_addr *ip, bool ssl) { +#ifdef HAVE_LIBWRAP + struct request_info req; + char *daemon; + string_t *process_name_ssl; + + if (!tcp_wrappers) + return; + if (!process_per_connection) + i_fatal("Tried to use TCP wrapers with process_per_connection=no"); + + if (ssl) { + process_name_ssl = t_str_new(20); + str_append(process_name_ssl, process_name); + str_append(process_name_ssl, "-ssl"); + daemon = str_c(process_name_ssl); + } else { + daemon = process_name; + } + request_init(&req, + RQ_FILE, fd, + RQ_CLIENT_ADDR, net_ip2addr(ip), + RQ_DAEMON, daemon, + 0); + fromhost(&req); + + if (!hosts_access(&req)) { + i_error("Connection refused by tcp-wrappers: %s", + net_ip2addr(ip)); + refuse(&req); + i_unreached(); + } + if (ssl) { + str_free(&process_name_ssl); + } +#endif +} + static void login_accept(void *context) { int listen_fd = POINTER_CAST_TO(context, int); @@ -89,6 +136,7 @@ i_error("accept() failed: %m"); return; } + access_check(fd, &remote_ip, FALSE); if (net_getsockname(fd, &local_ip, &local_port) < 0) { memset(&local_ip, 0, sizeof(local_ip)); @@ -120,6 +168,7 @@ i_error("accept() failed: %m"); return; } + access_check(fd, &remote_ip, TRUE); if (net_getsockname(fd, &local_ip, &local_port) < 0) { memset(&local_ip, 0, sizeof(local_ip)); @@ -319,6 +368,7 @@ verbose_auth = getenv("VERBOSE_AUTH") != NULL; auth_debug = getenv("AUTH_DEBUG") != NULL; ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL; + tcp_wrappers = getenv("TCP_WRAPPERS") != NULL; greeting = getenv("GREETING"); if (greeting == NULL) @@ -419,11 +469,12 @@ restrict_access_by_env() is called */ lib_init(); + process_name = strrchr(argv[0], '/'); + process_name = process_name == NULL ? argv[0] : process_name+1; + if (is_inetd) { /* running from inetd. create master process before dropping privileges. */ - process_name = strrchr(argv[0], '/'); - process_name = process_name == NULL ? argv[0] : process_name+1; group_name = t_strcut(process_name, '-'); for (i = 1; i < argc; i++) { --- src/master/login-process.c.orig 2008-06-12 23:38:01.000000000 +0200 +++ src/master/login-process.c 2008-07-07 19:51:45.000000000 +0200 @@ -573,6 +573,8 @@ env_put(t_strconcat("LOG_FORMAT=", set->login_log_format, NULL)); if (set->login_greeting_capability) env_put("GREETING_CAPABILITY=1"); + if (set->login_tcp_wrappers) + env_put("TCP_WRAPPERS=1"); if (group->mail_process_type == PROCESS_TYPE_IMAP) { env_put(t_strconcat("CAPABILITY_STRING=", --- src/master/master-settings.c.orig 2008-06-21 15:09:16.000000000 +0200 +++ src/master/master-settings.c 2008-07-07 20:28:37.000000000 +0200 @@ -208,6 +208,7 @@ MEMBER(login_process_per_connection) TRUE, MEMBER(login_chroot) TRUE, MEMBER(login_greeting_capability) FALSE, + MEMBER(login_tcp_wrappers) FALSE, MEMBER(login_process_size) 64, MEMBER(login_processes_count) 3, @@ -479,6 +480,7 @@ fix_base_path(auth->parent->defaults, &s->master.path); fix_base_path(auth->parent->defaults, &s->client.path); } + return TRUE; } @@ -861,6 +863,20 @@ return FALSE; } #endif + + if (!set->login_process_per_connection && set->login_tcp_wrappers) { + i_error("login_process_per_connection=no can't be used with " + "login_tcp_wrappers=yes"); + return FALSE; + } +#ifndef HAVE_LIBWRAP + if (set->login_tcp_wrappers) { + i_error("login_tcp_wrappers can't be used because " + "Dovecot wasn't built with libwrap"); + return FALSE; + } +#endif + return TRUE; } --- src/master/master-settings-defs.c.orig 2008-07-07 20:06:11.000000000 +0200 +++ src/master/master-settings-defs.c 2008-07-07 19:55:08.000000000 +0200 @@ -46,6 +46,7 @@ DEF_BOOL(login_process_per_connection), DEF_BOOL(login_chroot), DEF_BOOL(login_greeting_capability), + DEF_BOOL(login_tcp_wrappers), DEF_INT(login_process_size), DEF_INT(login_processes_count), --- src/master/master-settings.h.orig 2008-06-12 08:45:10.000000000 +0200 +++ src/master/master-settings.h 2008-07-07 18:57:31.000000000 +0200 @@ -60,6 +60,7 @@ bool login_process_per_connection; bool login_chroot; bool login_greeting_capability; + bool login_tcp_wrappers; unsigned int login_process_size; unsigned int login_processes_count; --- src/pop3-login/Makefile.am.orig 2008-06-12 08:45:10.000000000 +0200 +++ src/pop3-login/Makefile.am 2008-07-07 18:57:31.000000000 +0200 @@ -11,7 +11,8 @@ ../login-common/liblogin-common.a \ ../lib-auth/libauth.a \ ../lib/liblib.a \ - $(SSL_LIBS) + $(SSL_LIBS) \ + $(LIBWRAP_LIBS) pop3_login_SOURCES = \ client.c \ ------------------------------ Message: 3 Date: Fri, 7 Nov 2008 12:06:28 +0100 From: Edgar Fu? <ef at math.uni-bonn.de> Subject: Re: [Dovecot] Cannot get the libwrap patch work To: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <20081107110628.GC304 at orion.math.uni-bonn.de> Content-Type: text/plain; charset=us-ascii> After compiling and running itJust to make sure: You did run autoconf/automake/autoheader before configuring? ------------------------------ Message: 4 Date: Fri, 7 Nov 2008 10:03:12 +0100 From: "Grzegorz Zalewski" <zalewski_grzegorz at passat.com.pl> Subject: [Dovecot] Problem witch dovecot-auth To: <dovecot at dovecot.org> Message-ID: <EBEBB133D30542E79650168B757DB3AA at zapasduo> Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Hello i`m post in this mailing list first time. I`ve debian Etch witch dovecot version 1.2.alpha3 from: deb http://xi.rename-it.nl/debian/ experimental-auto main I`m installing this version dovecot becouse this version solved my problem witch imap problem. It`s working but once or twice times for a day i have error in log: -------- dovecot: 2008-11-06 22:11:59 Error: auth(default): Raw backtrace: dovecot-auth [0x8075761] -> dovecot-auth [0x80757e2] -> dovecot-auth [0x8075179] -> dovecot-auth [0x805c478] -> dovecot-auth(io_loop_handle_timeouts+0xe9) [0x8078629] -> dovecot-auth(io_loop_handler_run+0x82) [0x8078eb2] -> dovecot-auth(io_loop_run+0x20) [0x80783d0] -> dovecot-auth(main+0x28c) [0x805e07c] -> /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7a7b455] -> dovecot-auth [0x8053cd1]dovecot: 2008-11-06 22:11:59 Error: child 28945 (auth) killed with signal 6 -------- my dovecot configuration is: -------- # 1.2.alpha3: /etc/dovecot/dovecot.conf# OS: Linux 2.6.18-6-686 i686 Debian 4.0log_path: /var/log/dovecot.loglog_timestamp: %Y-%m-%d %H:%M:%Sprotocols: imap imaps pop3 pop3sssl_listen(default): my_ip:993ssl_listen(imap): my_ip:993ssl_listen(pop3): my_ip:995ssl_cert_file: /etc/dovecot/ssl/dovecot.pemssl_key_file: /etc/dovecot/ssl/dovecot.pemverbose_ssl: yeslogin_dir: /var/run/dovecot/loginlogin_executable(default): /usr/lib/dovecot/imap-loginlogin_executable(imap): /usr/lib/dovecot/imap-loginlogin_executable(pop3): /usr/lib/dovecot/pop3-loginlogin_greeting: POP readyverbose_proctitle: yesmail_access_groups: postfixmail_location: maildir:~/Maildirmail_executable(default): /usr/lib/dovecot/imapmail_executable(imap): /usr/lib/dovecot/imapmail_executable(pop3): /usr/lib/dovecot/pop3mail_plugin_dir(default): /usr/lib/dovecot/modules/imapmail_plugin_dir(imap): /usr/lib/dovecot/modules/imapmail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3imap_client_workarounds: outlook-idlepop3_client_workarounds: outlook-no-nulsauth default: verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd -------- Have anyone any idea what is wrong ?? ------------------------------ Message: 5 Date: Fri, 7 Nov 2008 11:17:36 +0100 From: "Grzegorz Zalewski" <zalewski_grzegorz at passat.com.pl> Subject: [Dovecot] Problem witch dovecot-auth continue To: <dovecot at dovecot.org> Message-ID: <1E3598730CBB4517A61A82FFD912F170 at zapasduo> Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original I`m forgot paste rest of the log: dovecot: 2008-11-07 10:16:44 Panic: auth(default): file auth-worker-server.c: line 54 (auth_worker_idle_timeout): assertion failed: (array_count(&conn->requests) == 0) ------------------------------ Message: 6 Date: Fri, 7 Nov 2008 12:21:06 +0100 From: Andre H?bner <andre.huebner at gmx.de> Subject: [Dovecot] limit logins by time To: "Dovecot Mailing List" <dovecot at dovecot.org> Message-ID: <6369625A000E47B0BAD806CA4978CAD6 at nmm.local> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Hello, i want to limit the count of pop3 logins for users by time. Whats the correct way to do this? I searched the webpage and conf parameters but did not find a fitting solution. Please give me litte hint. Thanks, Andre ------------------------------ Message: 7 Date: Fri, 7 Nov 2008 13:34:06 +0200 From: Timo Sirainen <tss at iki.fi> Subject: Re: [Dovecot] limit logins by time To: Andre H?bner <andre.huebner at gmx.de> Cc: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <E69491A7-C62D-4687-94D2-C4E18E19B24D at iki.fi> Content-Type: text/plain; charset="iso-8859-1" On Nov 7, 2008, at 1:21 PM, Andre H?bner wrote:> i want to limit the count of pop3 logins for users by time. Whats > the correct way to do this? > I searched the webpage and conf parameters but did not find a > fitting solution.You mean something like "one login per 5 minutes"? Why do you want it? There's no existing way to do it, but you could probably do it with http://wiki.dovecot.org/PostLoginScripting . -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20081107/5ed0fd2d/attachmen t-0001.bin ------------------------------ Message: 8 Date: Fri, 7 Nov 2008 12:43:03 +0100 From: Andre H?bner <andre.huebner at gmx.de> Subject: Re: [Dovecot] limit logins by time To: "Dovecot Mailing List" <dovecot at dovecot.org> Cc: Timo Sirainen <tss at iki.fi> Message-ID: <374C4EDA21FC4D7A815B9EF137E68E69 at nmm.local> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original>You mean something like "one login per 5 minutes"? Why do you want it?yes, this is exactly what i want. have a user who seems to go crazy, lots of logins with differnet usernames within seconds. i could limit him by iptables, but this has only effect for short time...> There's no existing way to do it, but you could probably do it with > http://wiki.dovecot.org/PostLoginScripting. ok, will try it Thanks, Andre ------------------------------ Message: 9 Date: Fri, 7 Nov 2008 13:47:56 +0200 From: Timo Sirainen <tss at iki.fi> Subject: Re: [Dovecot] limit logins by time To: Andre H?bner <andre.huebner at gmx.de> Cc: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <C7E1C8F5-AE57-406E-BDC4-1E93E74B3CBD at iki.fi> Content-Type: text/plain; charset="iso-8859-1" On Nov 7, 2008, at 1:43 PM, Andre H?bner wrote:>> You mean something like "one login per 5 minutes"? Why do you want >> it? > yes, this is exactly what i want. > have a user who seems to go crazy, lots of logins with differnet > usernames within seconds. i could limit him by iptables, but this > has only effect for short time...They're successful logins?>> There's no existing way to do it, but you could probably do it withhttp://wiki.dovecot.org/PostLoginScripting> . > ok, will try itPerhaps just make it do a "sleep 30" or something if the previous login was too close. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20081107/7624863f/attachmen t.bin ------------------------------ _______________________________________________ dovecot mailing list dovecot at dovecot.org http://dovecot.org/cgi-bin/mailman/listinfo/dovecot End of dovecot Digest, Vol 67, Issue 19 ***************************************
Hello again, Generated the configure script with autoconf. But stiil the same error when I start dovecot "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with libwrap" . Below are the usability and presence report from config.log configure:30349: checking tcpd.h usability configure:30366: gcc -c -std=gnu99 -g -O2 -Wall -W -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wchar-subscripts -Wformat=2 -Wbad-function-cast -Wstrict-aliasing=2 -I/usr/kerberos/include conftest.c >&5 configure:30372: $? = 0 configure:30386: result: yes configure:30390: checking tcpd.h presence configure:30405: gcc -E conftest.c configure:30411: $? = 0 configure:30425: result: yes configure:30458: checking for tcpd.h configure:30465: result: yes ac_cv_header_sys_vmount_h=no ac_cv_header_tcpd_h=yes ac_cv_header_ucontext_h=yes Thankyou Tahir Riaz Assistant Director (Systems) COMSATS Internet Services COMSATS Headquarters Building 9, Shahrah-e-Jamhuriat, G-5/2 Islamabad. -----Original Message----- From: Tahir riaz [mailto:tahir.riaz at comsats.net.pk] Sent: Saturday, November 08, 2008 1:00 PM To: 'dovecot at dovecot.org' Subject: RE: Cannot get the libwrap patch work Hello, Again the same issue. The patch is not working again. There are no signs of tcpd.h in config.log. Do I have to make changes in configure script also. I am not a pogrammer so I follwed the step by step instructions on editing the described file. Are some other steps required ? configure is used with following parameters ./configure --prefix=/userdata/usr/local/dovecot-1.1.6 --with-libwrap --with-zlib --with-storages=maildir,mbox,raw Thankyou Tahir Riaz Assistant Director (Systems) COMSATS Internet Services COMSATS Headquarters Building 9, Shahrah-e-Jamhuriat, G-5/2 Islamabad. -----Original Message----- From: dovecot-bounces+tahir.riaz=comsats.net.pk at dovecot.org [mailto:dovecot-bounces+tahir.riaz=comsats.net.pk at dovecot.org] On Behalf Of dovecot-request at dovecot.org Sent: Friday, November 07, 2008 4:48 PM To: dovecot at dovecot.org Subject: dovecot Digest, Vol 67, Issue 19 Send dovecot mailing list submissions to dovecot at dovecot.org To subscribe or unsubscribe via the World Wide Web, visit http://dovecot.org/cgi-bin/mailman/listinfo/dovecot or, via email, send a message with subject or body 'help' to dovecot-request at dovecot.org You can reach the person managing the list at dovecot-owner at dovecot.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dovecot digest..." Today's Topics: 1. Re: Cannot get the libwrap patch work (Edgar Fu?) 2. libwrap patch for 1.1.6 (Edgar Fu?) 3. Re: Cannot get the libwrap patch work (Edgar Fu?) 4. Problem witch dovecot-auth (Grzegorz Zalewski) 5. Problem witch dovecot-auth continue (Grzegorz Zalewski) 6. limit logins by time (Andre H?bner) 7. Re: limit logins by time (Timo Sirainen) 8. Re: limit logins by time (Andre H?bner) 9. Re: limit logins by time (Timo Sirainen) ---------------------------------------------------------------------- Message: 1 Date: Fri, 7 Nov 2008 12:01:43 +0100 From: Edgar Fu? <ef at math.uni-bonn.de> Subject: Re: [Dovecot] Cannot get the libwrap patch work To: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <20081107110142.GA304 at orion.math.uni-bonn.de> Content-Type: text/plain; charset=us-ascii> "Error: login_tcp_wrappers can't be used because Dovecot wasn't built withlibwrap" What does the configure script tell you about "tcpd.h usability" and "tcpd.h presence"? What does config.log say about them? ------------------------------ Message: 2 Date: Fri, 7 Nov 2008 12:05:26 +0100 From: Edgar Fu? <ef at math.uni-bonn.de> Subject: [Dovecot] libwrap patch for 1.1.6 To: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <20081107110526.GB304 at orion.math.uni-bonn.de> Content-Type: text/plain; charset="us-ascii" Btw, I've updated the patch for 1.1.6, see attached file. -------------- next part -------------- --- configure.in.orig 2008-06-22 13:02:27.000000000 +0200 +++ configure.in 2008-07-23 15:05:00.000000000 +0200 @@ -61,6 +61,15 @@ notify=$withval, notify=) +AC_ARG_WITH(libwrap, +[ --with-libwrap Build with libwrap, ie. TCP-wrappers (default)], + if test x$withval = xno; then + want_libwrap=no + else + want_libwrap=yes + fi, + want_libwrap=yes) + AC_ARG_WITH(linux-quota, [ --with-linux-quota=n Linux quota version to use (default: system's)], AC_DEFINE_UNQUOTED(_LINUX_QUOTA_VERSION, $withval, @@ -1554,6 +1563,30 @@ fi dnl ** +dnl ** TCP wrappers +dnl ** + +if test "$want_libwrap" = "yes"; then + AC_CHECK_HEADER(tcpd.h, [ + old_LIBS=$LIBS + LIBS="$LIBS -lwrap" + AC_TRY_LINK([ + #include <tcpd.h> + int allow_severity; + int deny_severity; + struct request_info request; + ], [ + request_init(&request, 0); + ], [ + AC_DEFINE(HAVE_LIBWRAP,, Define if you have libwrap) + LIBWRAP_LIBS=-lwrap + AC_SUBST(LIBWRAP_LIBS) + ]) + LIBS=$old_LIBS + ]) +fi + +dnl ** dnl ** userdb and passdb checks dnl ** --- dovecot-example.conf.orig 2008-07-07 18:57:31.000000000 +0200 +++ dovecot-example.conf 2008-07-07 18:57:31.000000000 +0200 @@ -171,6 +171,11 @@ # Greeting message for clients. #login_greeting = Dovecot ready. +# Use TCP wrappers for incoming connection access checks. This requires +that # Dovecot was compiled with libwrap. Note that this setting +requires # login_process_per_connection=yes. +#login_tcp_wrappers = no + # Space-separated list of elements we want to log. The elements which have # a non-empty variable value are joined together to form a comma-separated # string. --- src/imap-login/Makefile.am.orig 2008-06-12 08:45:10.000000000 +0200 +++ src/imap-login/Makefile.am 2008-07-07 18:57:31.000000000 +0200 @@ -13,7 +13,8 @@ ../lib-imap/libimap.a \ ../lib-auth/libauth.a \ ../lib/liblib.a \ - $(SSL_LIBS) + $(SSL_LIBS) \ + $(LIBWRAP_LIBS) imap_login_SOURCES = \ client.c \ --- src/login-common/main.c.orig 2008-10-26 16:03:45.000000000 +0100 +++ src/login-common/main.c 2008-11-06 13:54:01.000000000 +0100 @@ -19,8 +19,16 @@ #include <unistd.h> #include <syslog.h> +#ifdef HAVE_LIBWRAP +# include <tcpd.h> +# include <syslog.h> +int allow_severity = LOG_INFO; +int deny_severity = LOG_WARNING; +# include "str.h" +#endif + bool disable_plaintext_auth, process_per_connection, greeting_capability; -bool verbose_proctitle, verbose_ssl, verbose_auth, auth_debug; +bool verbose_proctitle, verbose_ssl, verbose_auth, auth_debug, +tcp_wrappers; bool ssl_require_client_cert; const char *greeting, *log_format; const char *const *log_format_elements; @@ -75,6 +83,45 @@ io_loop_stop(ioloop); } +static void access_check(int fd, const struct ip_addr *ip, bool ssl) { +#ifdef HAVE_LIBWRAP + struct request_info req; + char *daemon; + string_t *process_name_ssl; + + if (!tcp_wrappers) + return; + if (!process_per_connection) + i_fatal("Tried to use TCP wrapers with process_per_connection=no"); + + if (ssl) { + process_name_ssl = t_str_new(20); + str_append(process_name_ssl, process_name); + str_append(process_name_ssl, "-ssl"); + daemon = str_c(process_name_ssl); + } else { + daemon = process_name; + } + request_init(&req, + RQ_FILE, fd, + RQ_CLIENT_ADDR, net_ip2addr(ip), + RQ_DAEMON, daemon, + 0); + fromhost(&req); + + if (!hosts_access(&req)) { + i_error("Connection refused by tcp-wrappers: %s", + net_ip2addr(ip)); + refuse(&req); + i_unreached(); + } + if (ssl) { + str_free(&process_name_ssl); + } +#endif +} + static void login_accept(void *context) { int listen_fd = POINTER_CAST_TO(context, int); @@ -89,6 +136,7 @@ i_error("accept() failed: %m"); return; } + access_check(fd, &remote_ip, FALSE); if (net_getsockname(fd, &local_ip, &local_port) < 0) { memset(&local_ip, 0, sizeof(local_ip)); @@ -120,6 +168,7 @@ i_error("accept() failed: %m"); return; } + access_check(fd, &remote_ip, TRUE); if (net_getsockname(fd, &local_ip, &local_port) < 0) { memset(&local_ip, 0, sizeof(local_ip)); @@ -319,6 +368,7 @@ verbose_auth = getenv("VERBOSE_AUTH") != NULL; auth_debug = getenv("AUTH_DEBUG") != NULL; ssl_require_client_cert = getenv("SSL_REQUIRE_CLIENT_CERT") != NULL; + tcp_wrappers = getenv("TCP_WRAPPERS") != NULL; greeting = getenv("GREETING"); if (greeting == NULL) @@ -419,11 +469,12 @@ restrict_access_by_env() is called */ lib_init(); + process_name = strrchr(argv[0], '/'); + process_name = process_name == NULL ? argv[0] : process_name+1; + if (is_inetd) { /* running from inetd. create master process before dropping privileges. */ - process_name = strrchr(argv[0], '/'); - process_name = process_name == NULL ? argv[0] : process_name+1; group_name = t_strcut(process_name, '-'); for (i = 1; i < argc; i++) { --- src/master/login-process.c.orig 2008-06-12 23:38:01.000000000 +0200 +++ src/master/login-process.c 2008-07-07 19:51:45.000000000 +0200 @@ -573,6 +573,8 @@ env_put(t_strconcat("LOG_FORMAT=", set->login_log_format, NULL)); if (set->login_greeting_capability) env_put("GREETING_CAPABILITY=1"); + if (set->login_tcp_wrappers) + env_put("TCP_WRAPPERS=1"); if (group->mail_process_type == PROCESS_TYPE_IMAP) { env_put(t_strconcat("CAPABILITY_STRING=", --- src/master/master-settings.c.orig 2008-06-21 15:09:16.000000000 +0200 +++ src/master/master-settings.c 2008-07-07 20:28:37.000000000 +0200 @@ -208,6 +208,7 @@ MEMBER(login_process_per_connection) TRUE, MEMBER(login_chroot) TRUE, MEMBER(login_greeting_capability) FALSE, + MEMBER(login_tcp_wrappers) FALSE, MEMBER(login_process_size) 64, MEMBER(login_processes_count) 3, @@ -479,6 +480,7 @@ fix_base_path(auth->parent->defaults, &s->master.path); fix_base_path(auth->parent->defaults, &s->client.path); } + return TRUE; } @@ -861,6 +863,20 @@ return FALSE; } #endif + + if (!set->login_process_per_connection && set->login_tcp_wrappers) { + i_error("login_process_per_connection=no can't be used with " + "login_tcp_wrappers=yes"); + return FALSE; + } +#ifndef HAVE_LIBWRAP + if (set->login_tcp_wrappers) { + i_error("login_tcp_wrappers can't be used because " + "Dovecot wasn't built with libwrap"); + return FALSE; + } +#endif + return TRUE; } --- src/master/master-settings-defs.c.orig 2008-07-07 20:06:11.000000000 +0200 +++ src/master/master-settings-defs.c 2008-07-07 19:55:08.000000000 +0200 @@ -46,6 +46,7 @@ DEF_BOOL(login_process_per_connection), DEF_BOOL(login_chroot), DEF_BOOL(login_greeting_capability), + DEF_BOOL(login_tcp_wrappers), DEF_INT(login_process_size), DEF_INT(login_processes_count), --- src/master/master-settings.h.orig 2008-06-12 08:45:10.000000000 +0200 +++ src/master/master-settings.h 2008-07-07 18:57:31.000000000 +0200 @@ -60,6 +60,7 @@ bool login_process_per_connection; bool login_chroot; bool login_greeting_capability; + bool login_tcp_wrappers; unsigned int login_process_size; unsigned int login_processes_count; --- src/pop3-login/Makefile.am.orig 2008-06-12 08:45:10.000000000 +0200 +++ src/pop3-login/Makefile.am 2008-07-07 18:57:31.000000000 +0200 @@ -11,7 +11,8 @@ ../login-common/liblogin-common.a \ ../lib-auth/libauth.a \ ../lib/liblib.a \ - $(SSL_LIBS) + $(SSL_LIBS) \ + $(LIBWRAP_LIBS) pop3_login_SOURCES = \ client.c \ ------------------------------ Message: 3 Date: Fri, 7 Nov 2008 12:06:28 +0100 From: Edgar Fu? <ef at math.uni-bonn.de> Subject: Re: [Dovecot] Cannot get the libwrap patch work To: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <20081107110628.GC304 at orion.math.uni-bonn.de> Content-Type: text/plain; charset=us-ascii> After compiling and running itJust to make sure: You did run autoconf/automake/autoheader before configuring? ------------------------------ Message: 4 Date: Fri, 7 Nov 2008 10:03:12 +0100 From: "Grzegorz Zalewski" <zalewski_grzegorz at passat.com.pl> Subject: [Dovecot] Problem witch dovecot-auth To: <dovecot at dovecot.org> Message-ID: <EBEBB133D30542E79650168B757DB3AA at zapasduo> Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Hello i`m post in this mailing list first time. I`ve debian Etch witch dovecot version 1.2.alpha3 from: deb http://xi.rename-it.nl/debian/ experimental-auto main I`m installing this version dovecot becouse this version solved my problem witch imap problem. It`s working but once or twice times for a day i have error in log: -------- dovecot: 2008-11-06 22:11:59 Error: auth(default): Raw backtrace: dovecot-auth [0x8075761] -> dovecot-auth [0x80757e2] -> dovecot-auth [0x8075179] -> dovecot-auth [0x805c478] -> dovecot-auth(io_loop_handle_timeouts+0xe9) [0x8078629] -> dovecot-auth(io_loop_handler_run+0x82) [0x8078eb2] -> dovecot-auth(io_loop_run+0x20) [0x80783d0] -> dovecot-auth(main+0x28c) [0x805e07c] -> /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7a7b455] -> dovecot-auth [0x8053cd1]dovecot: 2008-11-06 22:11:59 Error: child 28945 (auth) killed with signal 6 -------- my dovecot configuration is: -------- # 1.2.alpha3: /etc/dovecot/dovecot.conf# OS: Linux 2.6.18-6-686 i686 Debian 4.0log_path: /var/log/dovecot.loglog_timestamp: %Y-%m-%d %H:%M:%Sprotocols: imap imaps pop3 pop3sssl_listen(default): my_ip:993ssl_listen(imap): my_ip:993ssl_listen(pop3): my_ip:995ssl_cert_file: /etc/dovecot/ssl/dovecot.pemssl_key_file: /etc/dovecot/ssl/dovecot.pemverbose_ssl: yeslogin_dir: /var/run/dovecot/loginlogin_executable(default): /usr/lib/dovecot/imap-loginlogin_executable(imap): /usr/lib/dovecot/imap-loginlogin_executable(pop3): /usr/lib/dovecot/pop3-loginlogin_greeting: POP readyverbose_proctitle: yesmail_access_groups: postfixmail_location: maildir:~/Maildirmail_executable(default): /usr/lib/dovecot/imapmail_executable(imap): /usr/lib/dovecot/imapmail_executable(pop3): /usr/lib/dovecot/pop3mail_plugin_dir(default): /usr/lib/dovecot/modules/imapmail_plugin_dir(imap): /usr/lib/dovecot/modules/imapmail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3imap_client_workarounds: outlook-idlepop3_client_workarounds: outlook-no-nulsauth default: verbose: yes debug: yes passdb: driver: pam userdb: driver: passwd -------- Have anyone any idea what is wrong ?? ------------------------------ Message: 5 Date: Fri, 7 Nov 2008 11:17:36 +0100 From: "Grzegorz Zalewski" <zalewski_grzegorz at passat.com.pl> Subject: [Dovecot] Problem witch dovecot-auth continue To: <dovecot at dovecot.org> Message-ID: <1E3598730CBB4517A61A82FFD912F170 at zapasduo> Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original I`m forgot paste rest of the log: dovecot: 2008-11-07 10:16:44 Panic: auth(default): file auth-worker-server.c: line 54 (auth_worker_idle_timeout): assertion failed: (array_count(&conn->requests) == 0) ------------------------------ Message: 6 Date: Fri, 7 Nov 2008 12:21:06 +0100 From: Andre H?bner <andre.huebner at gmx.de> Subject: [Dovecot] limit logins by time To: "Dovecot Mailing List" <dovecot at dovecot.org> Message-ID: <6369625A000E47B0BAD806CA4978CAD6 at nmm.local> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Hello, i want to limit the count of pop3 logins for users by time. Whats the correct way to do this? I searched the webpage and conf parameters but did not find a fitting solution. Please give me litte hint. Thanks, Andre ------------------------------ Message: 7 Date: Fri, 7 Nov 2008 13:34:06 +0200 From: Timo Sirainen <tss at iki.fi> Subject: Re: [Dovecot] limit logins by time To: Andre H?bner <andre.huebner at gmx.de> Cc: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <E69491A7-C62D-4687-94D2-C4E18E19B24D at iki.fi> Content-Type: text/plain; charset="iso-8859-1" On Nov 7, 2008, at 1:21 PM, Andre H?bner wrote:> i want to limit the count of pop3 logins for users by time. Whats > the correct way to do this? > I searched the webpage and conf parameters but did not find a > fitting solution.You mean something like "one login per 5 minutes"? Why do you want it? There's no existing way to do it, but you could probably do it with http://wiki.dovecot.org/PostLoginScripting . -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20081107/5ed0fd2d/attachmen t-0001.bin ------------------------------ Message: 8 Date: Fri, 7 Nov 2008 12:43:03 +0100 From: Andre H?bner <andre.huebner at gmx.de> Subject: Re: [Dovecot] limit logins by time To: "Dovecot Mailing List" <dovecot at dovecot.org> Cc: Timo Sirainen <tss at iki.fi> Message-ID: <374C4EDA21FC4D7A815B9EF137E68E69 at nmm.local> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original>You mean something like "one login per 5 minutes"? Why do you want it?yes, this is exactly what i want. have a user who seems to go crazy, lots of logins with differnet usernames within seconds. i could limit him by iptables, but this has only effect for short time...> There's no existing way to do it, but you could probably do it with > http://wiki.dovecot.org/PostLoginScripting. ok, will try it Thanks, Andre ------------------------------ Message: 9 Date: Fri, 7 Nov 2008 13:47:56 +0200 From: Timo Sirainen <tss at iki.fi> Subject: Re: [Dovecot] limit logins by time To: Andre H?bner <andre.huebner at gmx.de> Cc: Dovecot Mailing List <dovecot at dovecot.org> Message-ID: <C7E1C8F5-AE57-406E-BDC4-1E93E74B3CBD at iki.fi> Content-Type: text/plain; charset="iso-8859-1" On Nov 7, 2008, at 1:43 PM, Andre H?bner wrote:>> You mean something like "one login per 5 minutes"? Why do you want >> it? > yes, this is exactly what i want. > have a user who seems to go crazy, lots of logins with differnet > usernames within seconds. i could limit him by iptables, but this > has only effect for short time...They're successful logins?>> There's no existing way to do it, but you could probably do it withhttp://wiki.dovecot.org/PostLoginScripting> . > ok, will try itPerhaps just make it do a "sleep 30" or something if the previous login was too close. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 194 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20081107/7624863f/attachmen t.bin ------------------------------ _______________________________________________ dovecot mailing list dovecot at dovecot.org http://dovecot.org/cgi-bin/mailman/listinfo/dovecot End of dovecot Digest, Vol 67, Issue 19 ***************************************