search for: oliwel

Hi All, I use dovecot (v2.3.4) with a SQL backend for user authentication, passwords are stored in CRAMMD5 format. My SMTP server uses "doveadm auth" via auth-socket to perform sender authentification. To shut down SMTP access for hacked passwords I want to have a dedicated flag in the user database to allow/disallow SMTP for a user withouth disabling his account for IMAP. So, is

...;br> </div> <div> Sami </div> <div> <br> </div> <div> <br> </div> <blockquote type="cite"> <div> On 18 Jan 2020, at 10.30, Oliver Welter < <a href="mailto:mail@oliwel.de">mail@oliwel.de</a>> wrote: </div> <div> <br> </div> <div> Hi All, </div> <div> <br> </div> <div> I use dovecot (v2.3.4) with a SQL backend for user authentication,...

...did a quick hack for exactly this purpose - send offending IPs from my mail server to the firewall "in a secure way". Its a python script that uses the fail2ban syntax on the one end and feeds a (patched) pfSense on the other end. You can find the scripts on github: https://github.com/oliwel/fail2sense - be warned, its a first draft - but it does the job here...For the unblock feature you need this patch against pfsense https://github.com/pfsense/pfsense/pull/1444/ Oli -- Protect your environment - close windows and adopt a penguin! -------------- next part -------------- A non-...

Hi, can't you just check "account_locked" or similar flag in the password_query and user_query on your sql config? Sami > On 18 Jan 2020, at 10.30, Oliver Welter <mail at oliwel.de> wrote: > > Hi All, > > I use dovecot (v2.3.4) with a SQL backend for user authentication, > passwords are > stored in CRAMMD5 format. > > My SMTP server uses "doveadm auth" via auth-socket to perform sender > authentification. To shut down SMTP access...

Am 02.03.2015 um 19:30 schrieb Dan LaSota: >>> >>> Just some quick ideas >>> * check if the mysql socket file has rw permissions for the dovecot user > > # ls -l /var/lib/mysql/mysql.sock > srwxrwxrwx. 1 mysql mysql 0 Mar 1 19:33 /var/lib/mysql/mysql.sock >>> >>> * Try to run the mysql query as user dovecot (su dovecot) > > The dovecot

Dave McGuire writes: >>>> then setup fail2ban to manage extrafields >>> >>> Now that's a very interesting idea, thank you! I will investigate this. >> >> If you don't expect yor firewall to handle 45K+ IPs, I'm not how you >> expect dovecot will handle a comma separated string with 45K+ entries >> any better. > > My

Hi All, I upgrade my mail server from doveot 1.1.7 to 2.2.13 and encounter problems with file locking issues. The server has around 400 clients using IMAP and I get tons of "Warning: fscking index file .. dovecot.index" and "Error: Corrupted transaction log". Sometimes the transaction log problem is followed by "Panic: file mail-transaction-log.c: line 350

Hi List, Am 21.01.2015 um 13:24 schrieb Oliver Welter: > Hi All, > > after upgrading my mail server (dovecot 1.1.7 -> 2.2.13) I get tons of > messages about corrupted index files in the syslog ("Error: Corrupted > transaction log" and "Warning: fscking index file .. dovecot.index". > > I tried flock and even dotlock, but the problems persist. > >

Hi Andreas, Am 25.01.2015 um 12:41 schrieb Andreas Schulze: > Oliver Welter: >>> after upgrading my mail server (dovecot 1.1.7 -> 2.2.13) I get tons of >>> messages about corrupted index files in the syslog ("Error: Corrupted >>> transaction log" and "Warning: fscking index file .. dovecot.index". >>> >> Some more debugging - I

Am 02.03.2015 um 06:03 schrieb Dan LaSota: > I have dovecot version 2.2.10 > dovecot -n output below > > I am seeing connection errors being written to my dovecot error log: > Mar 1 19:51:15 mail dovecot: auth-worker(2224): Error: mysql(localhost): Connect failed to database (servermail): Access denied for user 'usermail'@'localhost' (using password: YES) - waiting

Am 01.03.2015 um 23:16 schrieb Dave McGuire: > On 03/01/2015 04:25 AM, Reindl Harald wrote: >>> I wonder if there is an easy way to provide dovecot a flat text >>> file of ipv4 #'s which should be ignored or dropped? >>> >>> I have accumulated 45,000+ IPs which routinely try dictionary >>> and 12345678 password attempts. The file is too big to

Hi All, after upgrading my mail server (dovecot 1.1.7 -> 2.2.13) I get tons of messages about corrupted index files in the syslog ("Error: Corrupted transaction log" and "Warning: fscking index file .. dovecot.index". I tried flock and even dotlock, but the problems persist. The system is a VPS with an overlay filesystem which did work flawlessly with the old dovecot

Am 07.02.2015 um 10:10 schrieb SW: > I've just done a test with K9 mail on Android 4.4.2 and this is what I > see in the log: > > ECDHE-ECDSA-AES128-SHA (128/128 bits) > > But when using Thunderbird I see: > > ECDHE-ECDSA-AES128-GCM-SHA256 (128/128 bits) > > I'm happy that Thunderbird is using a secure cipher but is Android? Is > ECDHE-ECDSA-AES128-SHA

Am 04.03.2015 um 21:45 schrieb Dave McGuire: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >>>>> I would like to reiterate Reindl Harald's point above, since subsequent >>>>> discussion has gotten away from it. If Dovecot had DNS RBL support >>>>> similar to Postfix, I think quite a few people would use it, and >>>>> thereby

Am 07.02.2015 um 04:47 schrieb Reindl Harald: > > Am 06.02.2015 um 23:13 schrieb SW: >> According to https://cipherli.st/ >>> ssl = yes >>> ssl_cert = </etc/dovecot.cert >>> ssl_key = </etc/dovecot.key >>> ssl_protocols = !SSLv2 !SSLv3 >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> ssl_prefer_server_ciphers = yes #

Hi Folks, after adding TLSv1.2 to by TLS options a lot of Outlook users complaint about connection errors, openssl s_client and Thunderbird works fine. I found some posts about this but none of them had a real solution on this - I meanwhile disabled TLSv1.2 which made the Outlook users happy. I run dovecot 2.2.13, OpenSSL 1.0.1j 15 Oct 2014 ssl_cert = </var/qmail/control/servercert.pem

Am 04.03.2015 um 21:03 schrieb Dave McGuire: > On 03/04/2015 02:12 PM, Michael Orlitzky wrote: >>> I would like to reiterate Reindl Harald's point above, since subsequent >>> discussion has gotten away from it. If Dovecot had DNS RBL support >>> similar to Postfix, I think quite a few people would use it, and thereby >>> defeat the scanners far more