search for: tcpremoteip

In case anyone still cares, relay-ctrl works with Dovecot. Dovecot's end of the bargain requires a dirty little script to set TCPREMOTEIP based on the arguments passed from imap-login: #!/bin/sh TCPREMOTEIP=`echo "$@" | sed -e 's|.* ||' -e 's|]$||'` export TCPREMOTEIP exec "$@" And this (long) line in dovecot.conf: mail_executable: envdir /etc/relay-ctrl /usr/local/bin/relay-ctrl- chdir /usr/...

...uid = 89 info_log_path = /var/log/dovecot-info.log listen = * log_path = /var/log/dovecot.log mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap service imap { executable = /usr/local/bin/envdir /etc/relay-ctrl /usr/local/bin/relay-ctrl-chdir /usr/local/bin/dovecot-settcpremoteip /usr/local/bin/relay-ctrl-allow /usr/local/libexec/dovecot/imap } ssl = no userdb { driver = passwd } /usr/local/bin/dovecot-settcpremoteip: #!/bin/sh # # Wrapper for relay-ctrl-allow that sets TCPREMOTEIP. TCPREMOTEIP="${IP}"; export TCPREMOTEIP exec "$@"

...with the checkpassword option. I haven't gotten it to work yet. We have: passdb checkpassword { args = /usr/local/bin/checkpassword deny = yes } As the first auth.. This should reject the connection if the IP matches. checkpassword can see TCPREMOTEIP enviornmental variable. In the checkpassword script we have: #!/usr/bin/perl sub read_uinfo { my($user,$passwd,$apop_ts); open X,"<&=3" or exit 111; $_ = <X>; # ugly; should use sysread instead ($user,$passwd,$apop_ts) = /^(.*)\0(.*)\0(.*)\0/; while (<X&g...

...doing a search. Otherwise it could fail if a user gave an invalid password. * Initial binding at connect is now done asynchronously. * Use pass_attrs even with auth_bind=yes since it may contain useful non-password fields. + passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP environments to the checkpassword binary so we're UCSPI (and vchkpw) compatible. - mbox handling was a bit broken in rc10 - Using Dovecot via inetd kept crashing dovecot master - deliver: Don't crash with -f "". Changed the default from envelope to be &qu...

...doing a search. Otherwise it could fail if a user gave an invalid password. * Initial binding at connect is now done asynchronously. * Use pass_attrs even with auth_bind=yes since it may contain useful non-password fields. + passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP environments to the checkpassword binary so we're UCSPI (and vchkpw) compatible. - mbox handling was a bit broken in rc10 - Using Dovecot via inetd kept crashing dovecot master - deliver: Don't crash with -f "". Changed the default from envelope to be &qu...

...vpop_user, vpop_domain); @@ -57,6 +60,15 @@ return; } + /* it is needed for open smtp relay */ + + ip_addr_fe = net_ip2addr(&request->client_ip); + if (ip_addr_fe == NULL) + ip_addr_fe = "??"; + + env_put(t_strconcat("TCPREMOTEIP=", ip_addr_fe, NULL)); + open_smtp_relay(); + callback(PASSDB_RESULT_OK, request); } diff -Naur dovecot-0.99.10.5/src/login-common/auth-connection.c dovecot-0.99.10.5-patched/src/login-common/auth-connection.c --- dovecot-0.99.10.5/src/login-common/auth-connection.c Mon May...

...HOSTNAME=mail DOVECOT_HOSTDOMAIN=mail.hprs.local DOVECOT_VERSION=2.2.15 LOG_SERVICE=1 SOCKET_COUNT=6 SSL_SOCKET_COUNT=0 SOCKET_NAMES=login tokenlogin auth-login auth-client auth-userdb auth-master PROTO=TCP ORIG_UID=151 SERVICE=imap TCPLOCALIP=192.168.0.2 LOCAL_IP=192.168.0.2 TCPREMOTEIP=192.168.0.58 REMOTE_IP=192.168.0.58 TCPLOCALPORT=143 TCPREMOTEPORT=49649 AUTH_USER=mark AUTH_USERNAME=mark AUTH_SERVICE=imap AUTH_LIP=192.168.0.2 AUTH_RIP=192.168.0.58 AUTH_PID=14748 AUTH_MECH=PLAIN AUTH_SECURED= AUTH_LPORT=143 AUTH_RPORT=49649 AUTH_CERT= AUTH_SESSION=AkYg1G8f8QDAqAA6 AUTH_REAL_LIP...

...getting %d instead. This is a dump of my information: %ENV = { 'USERNAME_TRANSLATION' => '', 'SYSLOG_FACILITY' => '16', 'CACHE_SIZE' => '0', 'RESTRICT_GID_LAST' => '', 'TCPREMOTEIP' => '213.31.43.3', 'RESTRICT_GID_FIRST' => '', 'AUTH_NAME' => 'default', 'CACHE_TTL' => '3600', 'SERVICE' => 'IMAP', 'USERDB_1_DRIVER' => 'pref...

...ction vpopmail "Record time and ip of last auth attempt" (--enable-auth-logging option for configure) won't work - the file "lastauth" is created in Maildir, but does not contain ip-address. If I had correctly understood, dovecot woldn't have set a enviroment variable TCPREMOTEIP for vchkpw. If changes are made in auth/passdb-checkpassword.c (a patch in attachment), everything will work. Probably, the patch is incorrect and does not solve all problems, however the request is to pay attention to existence of the problem. Also it is possible, that a similar problem exists wi...

...doing a search. Otherwise it could fail if a user gave an invalid password. * Initial binding at connect is now done asynchronously. * Use pass_attrs even with auth_bind=yes since it may contain useful non-password fields. + passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP environments to the checkpassword binary so we're UCSPI (and vchkpw) compatible. - mbox handling was a bit broken in rc10 - Using Dovecot via inetd kept crashing dovecot master - deliver: Don't crash with -f "". Changed the default from envelope to be &qu...

...doing a search. Otherwise it could fail if a user gave an invalid password. * Initial binding at connect is now done asynchronously. * Use pass_attrs even with auth_bind=yes since it may contain useful non-password fields. + passdb checkpassword: Give TCPLOCALIP and TCPREMOTEIP and PROTO=TCP environments to the checkpassword binary so we're UCSPI (and vchkpw) compatible. - mbox handling was a bit broken in rc10 - Using Dovecot via inetd kept crashing dovecot master - deliver: Don't crash with -f "". Changed the default from envelope to be &qu...

...tion vpopmail "Record time and ip of last auth attempt" (--enable-auth-logging option for configure) won't work - the file "lastauth" is created in Maildir, but does not contain ip-address. If I had correctly understood, dovecot woldn't have set a enviroment variable TCPREMOTEIP for vchkpw. If changes are made in auth/passdb-checkpassword.c (a patch in attachment), everything will work. Probably, the patch is incorrect and does not solve all problems, however the request is to pay attention to existence of the problem. Also it is possible, that a similar problem exists wit...

On 4/8/2019 4:55 PM, @lbutlr via dovecot wrote: > On 8 Apr 2019, at 16:35, Shawn Heisey via dovecot <dovecot at dovecot.org> wrote: >> I would like to create a sieve rule where I do a regex match on ALL headers, not a specific header. > > This is a really bad idea. Headers can be quite long, contain data that you do not have control over, and checking all headers will be very

...HOSTNAME=mail DOVECOT_HOSTDOMAIN=mail.hprs.local DOVECOT_VERSION=2.2.15 LOG_SERVICE=1 SOCKET_COUNT=6 SSL_SOCKET_COUNT=0 SOCKET_NAMES=login tokenlogin auth-login auth-client auth-userdb auth-master PROTO=TCP ORIG_UID=151 SERVICE=imap TCPLOCALIP=192.168.0.2 LOCAL_IP=192.168.0.2 TCPREMOTEIP=192.168.0.58 REMOTE_IP=192.168.0.58 TCPLOCALPORT=143 TCPREMOTEPORT=49649 AUTH_USER=mark AUTH_USERNAME=mark AUTH_SERVICE=imap AUTH_LIP=192.168.0.2 AUTH_RIP=192.168.0.58 AUTH_PID=14748 AUTH_MECH=PLAIN AUTH_SECURED= AUTH_LPORT=143 AUTH_RPORT=49649 AUTH_CERT= AUTH_SESSION=AkYg1G8f8QDAqAA6 AUTH_REAL_LIP...

...:13139:13174:13229:13231:13439:14096:14659:21080:21212:21324:21325:21433:21450:21451:21499:21524:21627:21819:30018:30021:30022:30026:30054:30056:30062:30070:30090,0,RBL:125.99.156.6:@scientmed.com:.lbl8.mailshell.net-62.6.117.100 64.201.201.201,CacheIP:non X-SpamExperts-Username: 89.42.221.17 X-TCPREMOTEIP: 115.97.184.63 X-VirtualServer: Transactional, sv016071.hosted.strongview.com, 172.18.101.71 x-originating-ip: [46.252.109.60] x-pmwin-version: 3.1.3.0, Antivirus-Engine: 3.74.1, Antivirus-Data: 5.60 That's a *small* sample of where IPs can show up. A non-trivial IP pattern is probably...