search for: requested_usernam

Hi I wonder if the information about the origin of report or allow can be accessed somehow. lt.remote gives the IP of the client trying to login but is there anything in lt which gives the ip of the system that connects to wforced? Thanks and have a good one -- tobi

...For dovecot I configured in /etc/dovecot/conf.d/95-wforce.conf > auth_policy_server_url = http://REMOTE_IP:8084/ > auth_policy_hash_nonce = my_random > auth_policy_server_api_header = Authorization: Basic <BASE64 of wforce:my_password> > auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s restarted dovecot without errors, but upon testing via imap I cannot see just one single tcp paket leaving direction REMOTE_IP on port 8084. It looks like auth policy in not involved at all. Thanks for any idea tobi

...ttrs? Thanks for your help and have a good one -- tobi Am 22.05.19 um 11:53 schrieb Neil Cook: > From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g. > > By default in 2.3.1 this looks like: > > login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s > > But you can add additional parameters: > > login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip} > > The above will add the lo...

From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g. By default in 2.3.1 this looks like: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s But you can add additional parameters: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip} The above will add the local dovecot IP address to the...

> > You are running some kind of proxy in front of it. No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail. > If you want it to show real client IP, you need to enable forwarding of > said data. With dovecot it's done by setting > > login_trusted_networks = your-upstream-host-or-net > > in backend config file. > OK I changed it and

...LNo4tOL1ry_m7-psV3GejY&m=CsaMqvBelGXz-_ClT0RDzwqz0tH3cTGNItJktQeULLs&s=JnUd5ej3Twniz2q3fiWUrV_qOFlAwvFHquFjfgsoQJ0&e=) > file that I'm missing? > > Can you verify following? > > doveconf auth_policy_request_attributes > > auth_policy_request_attributes = login=%{requested_username} > pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s > > On some versions remote is mistakenly %{real_rip} which expands into where > the connection came from instead of client IP. > > If it's wrong just feel free to copypaste the setting above into d...

...onf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_reject_on_fail = no auth_policy_hash_truncate = 8 auth_policy_check_before_auth = yes auth_policy_check_after_auth = yes auth_policy_report_after_auth = yes And auth_debug=yes in /usr/local/etc/wforce.conf we...

...http://localhost:8084/ > auth_policy_hash_nonce = our_password > auth_policy_server_api_header = "Authorization: Basic > hash_from_running_echo-n_base64" > auth_policy_server_timeout_msecs = 2000 > auth_policy_hash_mech = sha256 > auth_policy_request_attributes = login=%{requested_username} > pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s > auth_policy_reject_on_fail = no > auth_policy_hash_truncate = 8 > auth_policy_check_before_auth = yes > auth_policy_check_after_auth = yes > auth_policy_report_after_auth = yes > > And auth_debu...

...> Which I also added previously. But that doesn't address emacs/RMail users. > > Could there be a setting in sendmail.mc/cf (http://sendmail.mc/cf) file that I'm missing? Can you verify following? doveconf auth_policy_request_attributes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s On some versions remote is mistakenly %{real_rip} which expands into where the connection came from instead of client IP. If it's wrong just feel free to copypaste the setting above into dovecot config. Aki Aki

.../etc/dovecot/conf.d/95-wforce.conf > > > auth_policy_server_url = http://REMOTE_IP:8084/ > > auth_policy_hash_nonce = my_random > > auth_policy_server_api_header = Authorization: Basic <BASE64 of > wforce:my_password> > > auth_policy_request_attributes = login=%{requested_username} > pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s > > restarted dovecot without errors, but upon testing via imap I cannot see > just one single tcp paket leaving direction REMOTE_IP on port 8084. It > looks like auth policy in not involved at all. >...

...71): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.10 (67bf5bd7) # OS: Linux 2.6.32-754.29.2.el6.x86_64 x86_64 CentOS release 6.10 (Final) auth_master_user_separator = * auth_mechanisms = plain login auth_policy_hash_nonce = # hidden, use -P to show it auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip} auth_policy_server_api_header = Authorization: Basic asdfasdfasdf auth_policy_server_url = http://wforce.example.com:8084/ auth_verbose = yes auth_verbose_passwords = sha1 default_client_limit = 6000...

...;e=> >> auth_policy_hash_nonce = our_password >> auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" >> auth_policy_server_timeout_msecs = 2000 >> auth_policy_hash_mech = sha256 >> auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s >> auth_policy_reject_on_fail = no >> auth_policy_hash_truncate = 8 >> auth_policy_check_before_auth = yes >> auth_policy_check_after_auth = yes >> auth_policy_report_after_auth = yes >>...

...policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" > > > > > > auth_policy_server_timeout_msecs = 2000 > > > > > > auth_policy_hash_mech = sha256 > > > > > > auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s > > > > > > auth_policy_reject_on_fail = no > > > > > > auth_policy_hash_truncate = 8 > > > > > > auth_policy_check_before_auth = yes > > > > > &...

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I

...y_check_after_auth = yes | auth_policy_check_before_auth = yes | auth_policy_hash_mech = sha256 | auth_policy_hash_nonce = | auth_policy_hash_truncate = 12 | auth_policy_log_only = no | auth_policy_reject_on_fail = no | auth_policy_report_after_auth = yes | auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s | auth_policy_server_api_header = | auth_policy_server_timeout_msecs = 2000 | auth_policy_server_url = | auth_proxy_self = | auth_realms = | auth_socket_path = auth-userdb | auth_ssl_require_client_cert = no | auth_ssl...

...ator = auth_mechanisms = plain auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_c...

> On 25/08/2020 14:35 Robert Nowotny <rnowotny at rotek.at> wrote: > > > I get ZLIB Errors after dovecot upgrade from 2.3.10.1 to 2.3.11.3 > > > Aug 21 15:27:34 lxc-imap dovecot: imap(acsida)<63870><jZk...>: Error: Mailbox Sent: UID=40826: read(zlib(/home/vmail/virtualmailboxes/acsida/storage/m.2409)) failed:

...plain auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_log_only = no auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert...

...login auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_log_only = no auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_c...

...auth_mechanisms = plain login auth_policy_check_after_auth = yes auth_policy_check_before_auth = yes auth_policy_hash_mech = sha256 auth_policy_hash_nonce = auth_policy_hash_truncate = 12 auth_policy_reject_on_fail = no auth_policy_report_after_auth = yes auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s auth_policy_server_api_header = auth_policy_server_timeout_msecs = 2000 auth_policy_server_url = auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_c...