search for: login_trusted_network

Hi, For the upcoming 2.3 development, I'd like to re-suggest this: It seems the use of login_trusted_networks is overloaded. Example: * It's used for indicating which hosts you trust to provide XCLIENT remote IP's. (like a proxy) * It's used for indicating from which hosts you trust logins enough to disable auth penalty. (like in a webmail) Often these two uses cases have a different set o...

??????? Original Message ??????? On Friday, May 24, 2019 10:40 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > Try setting login_trusted_networks= Thank you Aki for your answer. Unfortunately on my Dovecot mailbox backend servers I already have login_trusted_networks set to the IP of my Dovecot LMTP proxy server. > or just upgrade to 2.3.6? I was hoping not to have to compile and install manually 2.3.6 on OpenBSD 6.5, that's why I...

I just spent a bit puzzling over "login_trusted_networks". My problem was using "10.1.2/24" instead of "10.1.2.0/24". Here are some things I looked for during troubleshooting that didn't pan out: (1) No messages printed to syslog. (2) Search for "login_trusted_networks" on the Wiki (wiki2) failed. (3) C...

...roperly but saslauthd that uses it for rimap authentication over 127.0.0.1 works SLOW. You need to wait 15-20 seconds before authentication. only imap login over 127.0.0.1 is slowed down, while over any other IP is quick. i had this problem with older version of dovecot but it was about adding login_trusted_networks = 127.0.0.1 but i already have this and logins is slow. how to disable throttling (or better - put other limits) for 127.0.0.1?

I'd like to get the IP-address of the webmail-klient logged in my maillog (for being compliant with coming data retention policies). I've noticed that with login_trusted_networks pointing at my dovecot directors, we get rip=client-ip logged on the backends. How is the proxy providing this to the dovecot backends? Anybody know what magic we need to implement in our webmail-solution to be able to forward the webmail-client-ip and have it logged as rip= in dovecot? I belive...

Hi Aki, On 10.02.20 17:03, Aki Tuomi wrote: > Try setting > > login_trusted_networks = lb-ip/32 > > See? > https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks I do have login-trusted_networks set already. Along with the proxy protocol (haproxy_trusted_networks = lb-ip) I had to set login_trusted_networks to 0.0.0.0/0 actually because the proxy...

...dovecot2.2/auth-client attempt bad auth 2s penalty NO disconnect ==> Note, it's another connection almost immediately following each connect /var/run/dovecot2.2/auth-client attempt good auth 2s penalty OK disconnect Can I disable auth_failure_delay for local UNIX sockets? How do I add it to login_trusted_networks? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBV20MbHz1H7kL/d9rAQKm1AgAiVjjSimUTapEbhqHwZzfQWLzcJlkfm2W z5smziGbVELYb0/COPd84GK6wyUF7+3iRZOuVPhLRdljhB72PWRe+hHX3KgMWHr2 1o5WLkX+0cGEwSXMvJ2w3ee/zmxYxva2WI+PjSzkgvvhxGMtnIxO7mMglEV5zbbq ZxJcC1Ba4T9qpUhRIw3EQ5VPRs4cnLB...

...re our other mail servers reside. The idea is to not install a local instance of dovecot on the webmail/carddav/caldav servers to reduce the number of instances that need to be managed. Is it possible to have two imap listeners, where ssl is enforced on one port, and not on another? > > Use login_trusted_networks parameter. > What is the syntax for login_trusted_networks? The docs and WIKI do not show it.

...that uses it for rimap authentication over 127.0.0.1 works SLOW. You need to wait 15-20 seconds before authentication. > > only imap login over 127.0.0.1 is slowed down, while over any other IP is quick. > > i had this problem with older version of dovecot but it was about adding > login_trusted_networks = 127.0.0.1 > > but i already have this and logins is slow. > > how to disable throttling (or better - put other limits) for 127.0.0.1? https://wiki2.dovecot.org/Upgrading/2.3 - look for "Localhost Auth Penalty" HTH, Thomas

Hi, It seems the use of login_trusted_networks is overloaded. Example: * It's used for indicating which hosts you trust to provide XCLIENT remote IP's. * It's used for indicating from which hosts you trust logins enough to disable auth penalty. (like in a webmail) However... trustwise, this is trusting two different entities. T...

* Wojciech Puchar, 16.12.19 18:04 >>> how to disable throttling (or better - put other limits) for 127.0.0.1? >> >> https://wiki2.dovecot.org/Upgrading/2.3 - look for "Localhost Auth Penalty" >> > that's certainly this. > > but i am not an expert in this passdb system > > my current config is > [...] > > where

>> how to disable throttling (or better - put other limits) for 127.0.0.1? > > https://wiki2.dovecot.org/Upgrading/2.3 - look for "Localhost Auth Penalty" > that's certainly this. but i am not an expert in this passdb system my current config is passdb { driver=passwd-file args= username_format=%Lu /usr/local/etc/dovecot/aliasy } passdb { driver = pam #

> > You are running some kind of proxy in front of it. No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail. > If you want it to show real client IP, you need to enable forwarding of > said data. With dovecot it's done by setting > > login_trusted_networks = your-upstream-host-or-net > > in backend config file. > OK I changed it and restarted wforce and dovecot. Still seeing this: Apr 12 14:38:55 auth: Debug: policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>): Policy server request JSON: {"device_id":"","login&quot...

> On 10/02/2020 19:17 Bjoern Jacke <lists2020 at j3e.de> wrote: > > > Hi Aki, > > On 10.02.20 17:03, Aki Tuomi wrote: > > Try setting > > > > login_trusted_networks = lb-ip/32 > > > > See? > > https://doc.dovecot.org/settings/dovecot_core_settings/#login-trusted-networks > > I do have login-trusted_networks set already. Along with the proxy > protocol (haproxy_trusted_networks = lb-ip) I had to set > login_trusted_networks to 0...

http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz.sig * IMAP: IDLE now sends "Still here" notifications to same user's connections at the same time. This hopefully reduces power usage of some mobile clients that use multiple IDLEing connections. * IMAP: If imap_capability is set, show it in the login banner. + IMAP:

http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz http://dovecot.org/releases/1.2/dovecot-1.2.7.tar.gz.sig * IMAP: IDLE now sends "Still here" notifications to same user's connections at the same time. This hopefully reduces power usage of some mobile clients that use multiple IDLEing connections. * IMAP: If imap_capability is set, show it in the login banner. + IMAP:

Hi, I would like to disable offering starttls to clients for certain dovecot services. Background is that I want to do let a load balancer do the TLS stuff right on connect time and let dovecot only do plain imap without offering starttls (because the clients do imaps actually). Getting rid of the starttls feature offering works only if I set ssl = no globally only. Setting it in the service

> > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > > > >

Hello, I am running Dovecot 2.3.5 package on OpenBSD 6.5 and it looks like this bug which has been fixed in 2.3.6 is hitting me: lib-smtp: client: Fix infinite loop in XCLIENT command interaction with server https://github.com/dovecot/core/commit/5d03f39b345127b80d145ee90772739baa7ab810 so I was wondering if there is any workarounds? Maybe like disabling the XCLIENT command from the config file

> On 24 May 2019, at 12.22, mabi via dovecot <dovecot at dovecot.org> wrote: > > ??????? Original Message ??????? > On Friday, May 24, 2019 10:40 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> Try setting login_trusted_networks= > > Thank you Aki for your answer. Unfortunately on my Dovecot mailbox backend servers I already have login_trusted_networks set to the IP of my Dovecot LMTP proxy server. just add: protocol lmtp { login_trusted_networks= } Sami