search for: mogensen

Hi, I was looking into the new Authentication Policy feature: https://wiki2.dovecot.org/Authentication/Policy I had kinda hoped that I would be able to enfore this in a proxy running in front of several backends. This proxy does not authenticate. It use "nopassword". But I realize that the "succes" reported in the final authpolicy req. (command=report) is not what is

On 9/2/19 3:03 PM, Sami Ketola wrote: >> On 2 Sep 2019, at 15.25, Peter Mogensen via dovecot <dovecot at dovecot.org> wrote: ... >> Is there anyway for dsync to avoid moving Gigabytes of data for could >> just be "moved" by moving the mount? > > > Not tested but you can probably do something like this in the target server: > > dovea...

On 4/4/19 6:47 PM, dovecot-request at dovecot.org wrote: > For a typical Solr index, 60 seconds is an eternity. Most people aim > for query times of 100 milliseconds or less, and they often achieve > that goal. I'm pretty sure I get these while indexing, not querying. Apr 04 16:44:50 host dovecot[114690]: indexer-worker(me at example.com): Error: fts_solr: Indexing failed: Request

Hi, What's the recommended way to handling timeouts on large mailboxes given the hardwired request timeout of 60s in solr-connection.c: http_set.request_timeout_msecs = 60*1000; /Peter

...more than 60s to process by Solr? It doesn't seem like my Solr can handle that, although it does process documents and it does reasonably fast clear pending documents after Dovecot closes the connection. On the surface it looks like Dovecot is too impatient. /Peter On 4/10/19 6:25 PM, Peter Mogensen wrote: > > > On 4/4/19 6:57 PM, Peter Mogensen wrote: >> >> >> On 4/4/19 6:47 PM, dovecot-request at dovecot.org wrote: >>> For a typical Solr index, 60 seconds is an eternity. Most people aim >>> for query times of 100 milliseconds or less, and they...

...uot; on the proxy would however, send a lot of meaningless traffic about "successful" proxy auth events which would tell you basically nothing the backed wouldn't later also report. And the ration between success' and failures in the proxy is probably very high. regards, Peter Mogensen On 12/14/2017 08:30 AM, Peter Mogensen wrote: > Hi, > > I was looking into the new Authentication Policy feature: > https://wiki2.dovecot.org/Authentication/Policy > > I had kinda hoped that I would be able to enfore this in a proxy running > in front of several backends. Thi...

Hi, I was wondering... If one had mdbox ALT path set to a shared storage mount (say, on NFS) and one wanted to move a mailbox to a different host... I guess it in principle wouldn't be necessary to copy all the ALT storage through dsync, when the volume could just be mounted on the new host. Is there anyway for dsync to avoid moving Gigabytes of data for could just be "moved" by

> On 3 Sep 2019, at 15.34, Peter Mogensen via dovecot <dovecot at dovecot.org> wrote: > > > > On 9/2/19 3:03 PM, Sami Ketola wrote: >>> On 2 Sep 2019, at 15.25, Peter Mogensen via dovecot <dovecot at dovecot.org> wrote: > ... >>> Is there anyway for dsync to avoid moving Gigabytes of data for...

*Christian Felsing wrote: * > Please consider to add server side private/public key encryption for incoming mails. > If client logs on, the password is used to unlock users server side private key. > If mail arrives from MTA or any other source, mail is encrypted with users public key. > Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported. >

Hi, For the upcoming 2.3 development, I'd like to re-suggest this: It seems the use of login_trusted_networks is overloaded. Example: * It's used for indicating which hosts you trust to provide XCLIENT remote IP's. (like a proxy) * It's used for indicating from which hosts you trust logins enough to disable auth penalty. (like in a webmail) Often these two uses cases have a

On 12/29/2014 11:22 AM, Peter Mogensen wrote: > Hi, > > Great to see Thunderbird support SPECIAL-USE now. > > I would like to hear the list about the intended use of SPECIAL-USE. > > I get the impression from several earlier mails here that the > intention is for the server to globally decide what the folder-name...

On 12/29/2014 9:24 PM, Peter Mogensen wrote: > On 2014-12-29 20:45, Stephan Bosch wrote: >> For creating a special use mailbox there is the CREATE-SPECIAL-USE >> capability (https://tools.ietf.org/html/rfc6154, Section 3). As you >> suggested, the special use attributes can also be changed using the >> METADA...

On 25 Feb 2015, at 20:59, Peter Mogensen <apm at one.com> wrote: > So, why not just extend the support for proxy authentication forwarding > to any single-handskake SASL-IR mechanism, which doesn't use > channel-binding? (which includes PLAIN, but also GS2-KRB5, and possibly > others). Yeah, I guess it would work f...

Hi, code question... I've been trying to figure out the implications of the new "noauthenticate" passdb field. Internally it causes a passdb to result in PASSDB_RESULT_NEXT. When a SASL mechanism calls auth_request_lookup_credentials(...,callback) the passdb result is passed to the callback. But I can't really figure out when that result will ever be PASSDB_RESULT_NEXT.

> On 14 Dec 2017, at 8.30, Peter Mogensen <apm at one.com> wrote: > However... since the proxy use "nopassword", ALL passdb lookups result > in "success", so the proxy will never report an authentication failure > to the authpolicy server. Why not authenticate the sessions at the proxy level already? Is...

On 09/15/2018 10:41 AM, Aki Tuomi wrote: > Point of sending the success ones is to maintain whitelist as well as > blacklist so you know which ones you should not tarpit anymore. We > know it does scale as we have very large deployments using the whole > three request per login model. > > "Success" in a proxy which is not it self authenticating is only whether it know

Hi, I was wondering if there was anyway to remove FTS indexes in other to have them rebuild on the next BODY search? All the doveadm commands I can find seem to result in fully build indexes. (which is nice if that's what you want). /Peter

On 4/4/2019 2:21 AM, Peter Mogensen via dovecot wrote: > What's the recommended way to handling timeouts on large mailboxes given > the hardwired request timeout of 60s in solr-connection.c: > > http_set.request_timeout_msecs = 60*1000; I'm a denizen of the solr-user at lucene.apache.org mailing list. For a...

On 4/4/19 6:57 PM, Peter Mogensen wrote: > > > On 4/4/19 6:47 PM, dovecot-request at dovecot.org wrote: >> For a typical Solr index, 60 seconds is an eternity. Most people aim >> for query times of 100 milliseconds or less, and they often achieve >> that goal. > > I'm pretty sure I get these...

On 12/04/2019 12:09, Peter Mogensen via dovecot wrote: > Looking further at tcpdumps of the Dovecot->Solr traffic and Solr > metrics it doesn't seem like there's anything suspicious apart from the > TCP windows running full and Dovecot backing of ... until it times out > and close the connection. > > From...