thr3ads.net - dovecot - Auth cache does not take %real

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Tom Sommer

2017-Jan-31 12:49 UTC

Auth cache does not take %real_rip into account

I run a Director setup with a webmail in front, the webmail is in 
login_trusted_networks and sends IMAP-ID x-original-ip to log the client 
IP.

If I enable auth_debug on the director, I see that the cache key 
contains the client IP, and not the %real_rip.

This is causing problems because in my passdb SQL query, I use the 
%real_rip to determine if login is allowed.

Should %real_rip not be added to the auth cache key? Or should it be the 
cache key instead of the %rip?

Thanks
-- 
Tom

Maybe Matching Threads

Mail account brute force / harassment
Mail account brute force / harassment
Mail account brute force / harassment
real_rip variable addition for dovecot 2.1.10
Mail account brute force / harassment

Search for more possibly parallel threads

dovecot - Jan 2017 - Auth cache does not take %real_rip into account

Auth cache does not take %real_rip into account

Maybe Matching Threads

Wisdom of the Ancients