search for: auth_username_char

Hi, I'm receiving the following messages in my mail logs that I haven't seen before: Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) There's thousands of them, from hundreds of different IP addresses. I suspect it's an exploit attempt, but does anyone know...

...ample2.com and example3.com. I want to use Dovecot with ldap and authentication binds. For testing I use "auth_bind_userdn = cn=%n,ou=users,dc=%d" and the user name must provide as "jim at example,dc=com". To allow the special chars ("=,") in user name, I extend "auth_username_chars". Now my questions. Exists a real chance to attack the ldap directory with the extended "auth_username_chars"? And it's possible to use authentication binds with the regular "auth_username_chars" and a provided user names like "jim at example.com" in my speci...

...r 29, 2017 at 5:58 AM Alex <mysqlstudent at gmail.com> wrote: > > > Hi, I'm receiving the following messages in my mail logs that I > haven't seen before: > > Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): > Username character disallowed by auth_username_chars: 0x13 (username: > AB?) > Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): > Username character disallowed by auth_username_chars: 0x13 (username: > AB?) > > There's thousands of them, from hundreds of different IP addresses. I > suspect it's an exp...

Hello, i use dovecot 1.2.11 with auth by mysql. auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@?????? for some reasons more special chars in username are needed. in fact the % char is meant. Is this recommend to use with mysql? should i expect some problems when using chars with special function within mysql? Config i...

I notice there is a space after the = in the default setting: #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ Is that space part of the syntax or required? If not, does that mean 'space' is included in the default list of allowed characters? If not, then is the space after the '=' required? -- If not, the implicatio...

Dear List If ssl_username_from_cert = yes then setting of auth_username_chars is not respected. (It may be that anything goes in that case) Also how can I include space (0x20) in auth_username_chars if I don't use ssl_username_from_cert = yes Thanks mr.wu

...9;t update INBOX's STATUS information to index. I created a new user adduser --gecos 'DV test' --disabled-password dvtest I have setup a Dovecot config with: http://pastebin.com/XKNn6W24 Because sieve did not compile, I removed sieve from your config. Then I added "@" to auth_username_chars, because of this error: Info: userdb(?): Username character disallowed by auth_username_chars: 0x40 (username: dvtest at example.com) Then I ran: (echo LHLO loc; echo 'mail from:<skdovecot at example.net>'; echo 'rcpt to:<dvtest at example.com>'; echo data; sleep 1...

...> Sorry for a delay in responding. Please find my config below. > > # > # > # > > # 2.3.5.1 (7ec6d0ade): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.5 (2483b085) > # OS: OpenBSD 6.5 amd64 > # Hostname: smtp.example.com <snip/> Have you tried setting? auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@' Aki

...-d argument, without quotes. >> I then adapted the script to specifically replace this address with >> "@"@mydomain.tld, but this results in the following error message by >> Dovecot: >> >> ???? auth: Info: userdb(?): Username character disallowed by >> auth_username_chars: 0x22 (username: "@"@mydomain.tld) >> >> So what would be the appropriate quoting/setting for this address? > > Adding " to auth_username_chars would help. > > But why are you trying to accept such incredibly horrible > email-addresses/usernames? > Als...

...that Postfix passes "@@mydomain.tld" as the -d argument, without quotes. I then adapted the script to specifically replace this address with "@"@mydomain.tld, but this results in the following error message by Dovecot: ??? auth: Info: userdb(?): Username character disallowed by auth_username_chars: 0x22 (username: "@"@mydomain.tld) So what would be the appropriate quoting/setting for this address? Kind regards, Philipp Am 06-Mar-18 um 15:08 schrieb Stephan Bosch: > > > Op 6-3-2018 om 14:34 schreef Philipp Berger: >> I upgraded to Dovecot 2.3.0.1 as advised, but i...

...100 up - 3291 10.0.10.223 100 up - 3280 #Director doveconf -n # Pigeonhole version 0.4.22 (22940fb7) # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 # Hostname: server312.company.com auth_cache_negative_ttl = 0 auth_cache_size = 10 M auth_cache_ttl = 1 days auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#" default_client_limit = 3000 director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112 10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118 director_servers = 10.0.10.114 10.0.10.181 10.0.10.182...

...SQL lookup (but does the splitting correctly, which Dovecot 2.3 does NOT). Dovecot does not strip quotes. What is the recommended (i.e. endorsed by its developers) way for Dovecot to deal with Mail addresses containing Quotation marks? Strip them out? Keep them? Since they are disabled by default (auth_username_chars), it seems like stripping, but then the splitting of local part and domain does not work correctly. Am I really the first one to play around with this? Does it make sense to prepare patches for example for fixing the splitting? On a side note: Has support for UTF8 in local parts already landed in...

...ause its possible to do >> an useless sql code injection. >> >> Is there a way to quote that? Something like exim's quote_mysql? > > there is not much to quote when dovecot accepts only a limited set of > chars at all and otherwise don't send any query > > auth_username_chars = > abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@% > auth_username_translation = > %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz > The password is not subjet to this limitation. Im not an sql expert, i still *think* that there is nothing to worry about.....

My users are like this "username=domain_name". Could the '=' character be the reason? Despite my settings always worked: # doveconf auth_username_chars auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@= All opinions are welcome. Thanks! -- Thiago Henrique Em 16-05-2015 10:06, listas at adminlinux.com.br escreveu: > Hi, > > In a cluster with two servers and replication via dovecot-dsync, this &g...

Hi, I've done some supplementary tests with tcpdump. Apparently, with a login containing the % character, there's no query send to MySQL. Do you know if the % character is filtered by dovecot ? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20050112/03106298/attachment-0002.html>

...sage of double quotes in his password, as the windows-login works: /var/log/dovecot-info.log auth(default): Info: ldap(testuser 77.22.xx.xxx): invalid credentials (given password: xxxxx"xxxxxxx) Which chars in passwords does the dovecot auth process not like? Is there something similar to auth_username_chars for passwords? thanks, martin

...sten = <SCRUBBED IP> disable_plaintext_auth = no ssl = no login_processes_count = 100 login_max_processes_count = 500 login_max_connections = 512 login_greeting = DovecotProxy08 ready. protocol imap { } protocol pop3 { } protocol lda { } #LINE 14 auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@/$!&\ auth default { mechanisms = plain passdb sql { #LINE 18 args = /usr/local/etc/dovecot-sql.conf } userdb sql { args = /usr/local/etc/dovecot-sql.conf } user = root } di...

Hi, In a cluster with two servers and replication via dovecot-dsync, this error is logged: server1 dovecot: dsync-server(<user>): Error: Couldn't create lock /var/lib/imap/user/6a/<user>/.dovecot-sync.lock: No such file or directory This is because "/var/lib/imap/user/6a/<user>/" doesn't exist in server1. In another cluster node, the directory exists and

.... Any suggestions are appreciated. I've included my dovecot configuration. Thank you, Tristan --- Tristan Tristan Goguen CEO, ILAP? T: 416-250-5600 ext. 205 F: 416-250-6755 tgoguen at ilap.com www.ilap.com --- # 2.0.14: /etc/dovecot.conf # OS: SunOS 5.10 sun4v auth_cache_size = 1048575 B auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.+-_@ auth_username_format = %Ln auth_verbose = yes base_dir = /usr/local/var/run/dovecot/ disable_plaintext_auth = no first_valid_uid = 100 log_path = /var/log/dovecot.log login_greeting = mail_access_groups = mail mail_fsync = nev...

Hello list. I'm thinking to migrate the hole user db from system users to mysql. I already did it in a test environment, but something is annoying my OCD... I don't quote the variables username and password sent to the mysql server. I know, the mysql user that dovecot uses only has select rights, but it stills bother me, because its possible to do an useless sql code injection. Is there a