Displaying 20 results from an estimated 80 matches for "weakforced".
2019 Jan 16
2
Dovecot + Weakforced Policy server
Hi,
I'm trying to set Weakforced with Dovecot and I cannot log in policy
server. This is the config:
/root/weakforced/wforce/wforce.conf
-----------------------------------
...
webserver("0.0.0.0:8084", "super")
...
/etc/dovecot/conf.d/95-policy.conf
----------------------------------
auth_policy_server_url...
2019 Jan 16
2
Dovecot + Weakforced Policy server
Hi Aki,
I've configured in this way:
vm-weakforced:~# printf 'wforce:super' | base64
d2ZvcmNlOnN1cGVy
vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf
auth_policy_server_url = http://localhost:8084/
auth_policy_hash_nonce = some random string
auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy
With the same...
2019 Jan 16
0
Dovecot + Weakforced Policy server
..._server_api_header = "Authorization: Basic d2ZvcmNlOkJydHpUNlRuTkZ4UUU="
the authorization blob is basically
printf 'wforce:super' | base64
Aki
> On 16 January 2019 at 10:06 alberto bersol <alberto at bersol.info> wrote:
>
>
> Hi,
> I'm trying to set Weakforced with Dovecot and I cannot log in policy
> server. This is the config:
>
> /root/weakforced/wforce/wforce.conf
> -----------------------------------
> ...
> webserver("0.0.0.0:8084", "super")
> ...
>
> /etc/dovecot/conf.d/95-policy.conf
> --------...
2019 Jan 16
0
Dovecot + Weakforced Policy server
Did you miss the closing quote from api_header? Also, can you turn on auth_debug=yes?
Aki
> On 16 January 2019 at 12:05 alberto bersol <alberto at bersol.info> wrote:
>
>
> Hi Aki,
>
> I've configured in this way:
>
> vm-weakforced:~# printf 'wforce:super' | base64
> d2ZvcmNlOnN1cGVy
>
> vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf
> auth_policy_server_url = http://localhost:8084/
> auth_policy_hash_nonce = some random string
> auth_policy_server_api_header = "Authorization: Basic d2...
2017 Jul 18
2
weakforced
I've been playing with weakforced, so it fills in the 'fail2ban across a
cluster' niche (not to mention RBLs). It seems to work well, once you've
actually read the docs :)
I was curious if anyone had played with it and was *very* curious if anyone
was using it in high traffic production. Getting things to 'work'...
2017 Jul 19
0
weakforced
On 19.07.2017 02:38, Mark Moseley wrote:
> I've been playing with weakforced, so it fills in the 'fail2ban across a
> cluster' niche (not to mention RBLs). It seems to work well, once you've
> actually read the docs :)
>
> I was curious if anyone had played with it and was *very* curious if anyone
> was using it in high traffic production. Getting...
2017 Aug 16
3
weakforced
On Tue, Jul 18, 2017 at 10:40 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote:
>
>
> On 19.07.2017 02:38, Mark Moseley wrote:
> > I've been playing with weakforced, so it fills in the 'fail2ban across a
> > cluster' niche (not to mention RBLs). It seems to work well, once you've
> > actually read the docs :)
> >
> > I was curious if anyone had played with it and was *very* curious if
> anyone
> > was using it in hi...
2017 Aug 17
0
weakforced
Below is an answer by the current weakforced main developer. It overlaps partly with Samis answer.
---snip---
> Do you have any hints/tips/guidelines for things like sizing, both in a
> per-server sense (memory, mostly) and in a cluster-sense (logins per sec ::
> node ratio)? I'm curious too how large is quite large. Not lookin...
2019 Mar 06
0
how to enable PowerDNS/Weakforced with Fedora and sendmail
...;ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from
<a href="https://github.com/PowerDNS/weakforced">https://github.com/PowerDNS/weakforced</a>.
<br>
</div>
<div dir="ltr">
<br>
</div>
<div>
I see instructions at the Authentication policy support page,...
2019 Mar 07
0
how to enable PowerDNS/Weakforced with Fedora and sendmail
wforce is the username always.
auth_policy_hash_nonce should be set to a pseudorandom value that is
shared by your server(s). Weakforced does not need it for anything.
auth_policy_server_api_header should be set to Authorization: Basic
<echo -n wforce:our_password | base64>
without the < >.
Aki
On 6.3.2019 20.42, Robert Kudyba via dovecot wrote:
> I took suggestions from?https://forge.puppet.com/fraenki/wforce to...
2019 May 14
0
weakforced and GeoIP lookups
Hi list
hope it's okay to ask weakforced questions here as well, but I could not
find a dedicated mailinglist for wforce.
I want to enable GeoIP lookups in my wforce daemon. In a first step I
installed luarocks and lua-compat53 to install mmdblua module.
Then I added
newGeoIP2DB("country", "/usr/local/share/GeoIP/GeoLite2...
2019 May 14
0
weakforced and GeoIP lookups
...haven?t included the libmaxmind libraries before
> running configure. GeoIP support is only compiled in if it finds the
> right libs.
>
> This would be?libmaxminddb-dev on Ubuntu for example.
>
> Neil
>
>>> Hi list
>>>
>>> hope it's okay to ask weakforced questions here as well, but I could not
>>> find a dedicated mailinglist for wforce.
>>>
>>> I want to enable GeoIP lookups in my wforce daemon. In a first step I
>>> installed luarocks and lua-compat53 to install mmdblua module.
>>> Then I added
>>...
2019 Apr 12
2
Mail account brute force / harassment
.... I do not believe the
>> agents behind these login attempts are only targeting me, hence the
>> addresses should be shared via a dnsbl.
>
> Probably there's an existing solution for both problems (subsequent
> attempts and dnsbl):
>
>> https://github.com/PowerDNS/weakforced
"The goal of 'wforce' is to detect brute forcing of passwords across
many servers"
The problem is not detecting but blocking. Dovecot has no mechanism for
using the data; Dovecot needs DNSBL capability.
I tested a small sample of my IMAP hackers using the lists I use for
SM...
2017 Aug 03
0
Auth Policy Server/wforce/weakforced
On 02.08.2017 23:35, Daniel Miller wrote:
> Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious...
>
> Wforce appears to start without errors. I added a file to dovecot's conf.d:
>
> 95-policy.conf:
> auth_policy_server_url =
2017 Aug 04
0
Auth Policy Server/wforce/weakforced
On 8/4/2017 12:48 PM, Daniel Miller wrote:
> On 8/3/2017 6:11 AM, Teemu Huovila wrote:
>>
>> On 02.08.2017 23:35, Daniel Miller wrote:
>>> Is there explicit documentation available for the (probably trivial)
>>> configuration needed for Dovecot and Wforce? I'm probably missing
>>> something that should be perfectly obvious...
>>>
2019 Apr 12
2
Mail account brute force / harassment
On 12/04/2019 08:24, Aki Tuomi via dovecot wrote:
> Weakforced uses Lua so you can easily integrate DNSBL support into it.
How does this help Dovecot block?
A link to some documentation or example perhaps?
> We will not add DNSBL support to dovecot at this time.
Is there a reason why you will not support this RFE?
2019 May 22
0
weakforced: Possible to access the ip address of report/allow?
From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g.
By default in 2.3.1 this looks like:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s
But you can add additional parameters:
login=%{requested_username} pwhash=%{hashed_password} remote=%{rip}
2017 Sep 28
2
Conditionally disabling auth policy
...gt;
>
> On 27.09.2017 20:14, Mark Moseley wrote:
> > On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se>
> wrote:
> >
> >> On 2017-09-27 16:57:44 +0000, Mark Moseley wrote:
> >>> I've been digging into the auth policy stuff with weakforced lately.
> >> There
> >>> are cases (IP ranges, so could be wrapped up in remote {} blocks) where
> >>> it'd be nice to skip the auth policy (internal hosts that I can trust,
> >> but
> >>> that are hitting the same servers as the outside wor...
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to
test wforce, from https://github.com/PowerDNS/weakforced.
I see instructions at the Authentication policy support page,
https://wiki2.dovecot.org/Authentication/Policy
I see the Required Minimum Configuration:
auth_policy_server_url = http://example.com:4001/
auth_policy_hash_nonce = localized_random_string
But when I search for these directives, they...
2019 Mar 07
0
how to enable PowerDNS/Weakforced with Fedora and sendmail
In weakforced you have
webserver("0.0.0.0:8084", "THIS-IS-THE-PASSWORD-FOR-WFORCE")
Thus, you make the base64 blob as
~$ echo -n wforce:THIS-IS-THE-PASSWORD-FOR-WFORCE | base64
d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U=
And in dovecot you put
auth_policy_server_api_header = Au...