search for: mail_host

Timo Sirainen <tss at iki.fi> (Di 13 Okt 2015 21:36:40 CEST): ? > > I see: > > > > a) pass the host *names* to the director too, for CN verification > > purpose > > > > May be in struct mail_host could be a field for the original > > hostname we used to obtain the adress(es)? > > Does the attached patch work? Compiles, but untested. I'm about to test it. Best regards from Dresden/Germany Viele Gr??e aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de -...

Hi, I have a current auth database using mysql with a "password" column in plain text. The config has "default_pass_scheme = PLAIN" specified In preparation for a more adaptable system I changed a password entry from "asdf" to "{PLAIN}asdf", but now auth fails. Works fine if I change it back to just "asdf". (I don't believe it's a

...preted as > > the IPv6 loopback device ::1 and not the v4 127.0.0.1 - it may be that > > roundcube has got a wrong mailhost stored. Try running the following > > SQL command on your roundcube database: > > > > mysql --user=rc -p roundcubemail -e "select username,mail_host from > > users;" > > > > It will prompt for the password. (Obviously use a different user if > > it's not 'rc' and a different databasename if it's not 'roundcubemail' > > - they are the defaults and are defined in the roundcube config fil...

...sword or the credentials obtained from the client, we want to use secured connections. And using TLS w/o verified certs is better than nothing, but it's far from being perfect. I see: a) pass the host *names* to the director too, for CN verification purpose May be in struct mail_host could be a field for the original hostname we used to obtain the adress(es)? or b) allow some kind of certificate pinning, that is loose the implied relation CN <=> hostname > > Should I create certificates with IP address in SAN? (Any hint about the > > correc...

...mann <hs at schlittermann.de> wrote: > > Hi Timo, > > Heiko Schlittermann <hs at schlittermann.de> (Di 13 Okt 2015 22:33:23 CEST): >>> Does the attached patch work? Compiles, but untested. >> I'm about to test it. > > It seems to update the struct mail_host, but it looks as if the data > in mail_host do not propagate down to login_proxy_new(). > > In other words, in login_proxy_new() set->host contains the IP address, > correctly, because the director choose it, but where can I find the > hostname there? And we need a way to pass...

Hi Timo, Heiko Schlittermann <hs at schlittermann.de> (Di 13 Okt 2015 22:33:23 CEST): > > Does the attached patch work? Compiles, but untested. > I'm about to test it. It seems to update the struct mail_host, but it looks as if the data in mail_host do not propagate down to login_proxy_new(). In other words, in login_proxy_new() set->host contains the IP address, correctly, because the director choose it, but where can I find the hostname there? And we need a way to pass the host*name* further, t...

...problem is that 'localhost' is being interpreted as the IPv6 loopback device ::1 and not the v4 127.0.0.1 - it may be that roundcube has got a wrong mailhost stored. Try running the following SQL command on your roundcube database: mysql --user=rc -p roundcubemail -e "select username,mail_host from users;" It will prompt for the password. (Obviously use a different user if it's not 'rc' and a different databasename if it's not 'roundcubemail' - they are the defaults and are defined in the roundcube config file.) It will come back with a list of the users de...

...resh=450#011host=2001:x.y:f33::5:fe > > Here it seems that the director doesn't send it's knowledge about the > hostname. > > Here some other output, to show that the host list contains names and addresses: > > Oct 14 00:02:32 director1 dovecot: director: Warning: ** mail_host_add: added backends.<domain> [2001:x.y:f33::5:fe] > Oct 14 00:02:32 director1 dovecot: director: Warning: ** mail_host_add: added backends.<domain> [2001:x.y:f33::5:ff] > Oct 14 00:02:32 director1 dovecot: director: Warning: ** mail_host_add: added backends.<domain> [149.x.y...

> Here's the link for the maillog: > > https://paste.fedoraproject.org/paste/kbH2N9Pc~JPuCqVpE1kszQ OK. There are a couple of things: Aug 23 21:47:18 ts130 postfix/smtpd[3750]: warning: hostname localhost does not resolve to address 127.0.0.1 Aug 23 21:47:18 ts130 postfix/smtpd[3750]: connect from unknown[127.0.0.1] That needs to be fixed. What does the entry for 127.0.0.1

...turns a plain >> password.? Actually since it's DB driven I have already returned all the >> information needed to auth the user on the proxying machine >> >> The password query is the same on both sides and it looks like: >> >> password_query = SELECT NULLIF(mail_host, '%l') as proxy, >> NULLIF(mail_host, '%l') as host, \ >>? ? ???email as user, password, \ > Add: ..., password, password as pass, .. > > Aha - this is the master login stuff.? That does kind of make sense.? Quite subtle mind Thanks for replying Ed W -----...

...hostname without the first part // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %s - domain name after the '@' from e-mail address provided at login screen // For example %n = mail.domain.tld, %t = domain.tld // WARNING: After hostname change update of mail_host column in users table is // required to match old user data records with the new host. $config['default_host'] = 'localhost'; TIA

...text SASL for Dovecot proxy. Probably SCRAM-SHA1. That would avoid sending credentials in plaintext, although it wouldn't prevent other kind of MITM. > I see: > > a) pass the host *names* to the director too, for CN verification > purpose > > May be in struct mail_host could be a field for the original > hostname we used to obtain the adress(es)? Does the attached patch work? Compiles, but untested. -------------- next part -------------- A non-text attachment was scrubbed... Name: director-host.diff Type: application/octet-stream Size: 4143 bytes Desc...

...> (Mi 14 Okt 2015 00:46:11 CEST): ? > > And if I add -D to the director service, I can see "Debug: request <hash> refreshed timeout to ?", > but never I see "Debug: request <hash> added". And from what I > understand this would be the place where the mail_host info comes into > the game. > > But probably I do not understand how director_request_continue() is > supposed to work. Ah, the information comes from the other director running. The other one is using an unpatched version of dovecot. If I shutdown the other director instance, it se...

...turns a plain >> password.? Actually since it's DB driven I have already returned all the >> information needed to auth the user on the proxying machine >> >> The password query is the same on both sides and it looks like: >> >> password_query = SELECT NULLIF(mail_host, '%l') as proxy, >> NULLIF(mail_host, '%l') as host, \ >>? ? ???email as user, password, \ > Add: ..., password, password as pass, .. > > Aha - this is the master login stuff.? That does kind of make sense.? Quite subtle mind Thanks for replying Ed W -----...

...lhost' is being interpreted as > the IPv6 loopback device ::1 and not the v4 127.0.0.1 - it may be that > roundcube has got a wrong mailhost stored. Try running the following > SQL command on your roundcube database: > > mysql --user=rc -p roundcubemail -e "select username,mail_host from > users;" > > It will prompt for the password. (Obviously use a different user if > it's not 'rc' and a different databasename if it's not 'roundcubemail' > - they are the defaults and are defined in the roundcube config file.) > > It will co...

Hello, using Dovecot 2.2.9 and a setup with directors and backends. The communication between directors and backends needs to be TLS secured. The director config contains a list of hostnames for the backends. (implicit list because of multiple A/AAAA records for a single hostname or explicit list of several host names) On connection setup from a client the director connects to the selected

HI, > You could set > > syslog_facility = local5 > > and have all the log messages in the messages file. According to the output of command # doveadm log find every type of message goes to the file I was looking at, "/var/spool/maillog". >> So, is it postfix doing the local mail delivery, not dovecot? >> > To answer this question please post relevant

...ilter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_instance_directories = multi_instance_enab...

...milter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_instance_directories = multi_instance_enab...

...milter_end_of_header_macros = i milter_header_checks = milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer} milter_macro_daemon_name = $myhostname milter_macro_v = $mail_name $mail_version milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer} milter_protocol = 6 milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer} milter_unknown_command_macros = mime_boundary_length_limit = 2048 mime_header_checks = $header_checks mime_nesting_limit = 100 minimal_backoff_time = 300s multi_instance_directories = multi_instance_enab...