search for: policy_reject

...policy(ouruser,127.0.0.1,<OWoLzlWGDrh/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"2a","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} I've tried setting auth_policy_server_url to examples such as: - auth_policy_server_url = http://localhost:8084/ - auth_policy_server_url = http://0.0.0.0:8084/ - auth_policy_server_url = https://ourdomain.edu:8084/ in the custom config file for wf...

...policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>): Policy server request JSON: {"device_id":"","login":" ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} > For webmails, this requires both login_trusted_networks and also support > from the webmail software to forward client IP. > I did get a reply from the Squirrelmail list: "Well, I've had code sitting around for a while that implements RFC297...

...user,127.0.0.1,<6GFTnVmGcMN/AAAB>): Policy server request JSON: > {"device_id":"","login":" > ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} > > > > > For webmails, this requires both login_trusted_networks and also > support from the webmail software to forward client IP. > > > > I did get a reply from the Squirrelmail list: > > "Well, I've had code sitting...

...policy(ouruser,127.0.0.1,<OWoLzlWGDrh/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"2a","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} > > I've tried setting?auth_policy_server_url to examples such as: > * auth_policy_server_url = http://localhost:8084/ > * auth_policy_server_url = http://0.0.0.0:8084/ > * auth_policy_server_url = https://ourdomain.edu:8084/ > in the...

...policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>): Policy server request JSON: {"device_id":"","login":" ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} > > > For webmails, this requires both login_trusted_networks and also support from the webmail software to forward client IP. > > I did get a reply from the Squirrelmail list: > "Well, I've had code sitting around for a while that imp...

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 28 March 2019 22:02 Aki Tuomi via dovecot <dovecot@dovecot.org> wrote: </div> <div> <br> </div> <div> <br>

...: policy(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"68","remote":"127.0.0.1","success":true,"policy_reject":false,"tls":false} > On Mar 7, 2019, at 2:42 AM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > wforce is the username always. > > auth_policy_hash_nonce should be set to a pseudorandom value that is shared by your server(s). Weakforced does not need i...

On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those

...: policy(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"68","remote":"127.0.0.1","success":true,"policy_reject":false,"tls":false} > > > > > > On Mar 7, 2019, at 2:42 AM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > wforce is the username always. > > auth_policy_hash_nonce should be set to a pseudorandom value that is share...

...: Debug: policy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): Policy server request JSON: {"device_id":"","login":"abc","protocol":"imap","pwhash":"00","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} Mar 28 16:13:38 auth: Debug: http-client[1]: queue https://ourdomain:8084: Set request timeout to 2019-03-28 16:13:40.625 (now: 2019-03-28 16:13:38.625) Mar 28 16:13:38 auth: Debug: http-client: peer ex.ter.na.lip:8084 (shared): Peer reused Mar 28 16:13:38 auth: D...

...olicy(abc,127.0.0.1,<5aBSMC2FROF/AAAB>): > Policy server request JSON: > {"device_id":"","login":"abc","protocol":"imap","pwhash":"00","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false} > Well, as I said, it's up to squirrelmail to actually provide the real client IP. Otherwise dovecot cannot know it. You can try turning on imap rawlogs (see https://wiki.dovecot.org/Debugging/Rawlog) and check if squirrelmail is forwarding client ip or no...

...cy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_reject_on_fail = no auth_policy_hash_truncate = 8 auth_policy_check_before_auth = yes auth_policy_check_after_auth = yes auth_policy_report_after_auth = yes And auth_debug=yes in /usr/local/etc/wforce.conf webserver("0.0.0.0:8084", "our_password") So when I run: curl -X POST -H &quot...

...;local_host":"185.53.173.74","local_port":"993","remote_host":"2.26.22.162","remote_port":"34334","service":"dovecot","username":"rich at ourdomian1.com","success":true,"policy_reject":false} Jul 12 00:42:45 ssd99 dovecot: auth: Debug: http-client: queue http://127.0.0.1:579: Using existing connection to 127.0.0.1:579 (1 requests pending) Jul 12 00:42:45 ssd99 dovecot: auth: Debug: http-client: request [Req15: POST http://127.0.0.1:579/dovecot-auth-policy?command=report]: S...