similar to: tcpwrappers

Hello, we want to use dovecot LMTP for efficient mail delivery from our MX servers (running postfix 2.8) to our storage servers (dovecot 2.0.17). However, the one problem we see is the lack of access control when using LMTP. It apears that every client in our network who has access to the storage machines can drop a message in a Maildir of any user on that storage server. To prevent this

It works ! It was THAT easy ! Can you suggest how to replace the hair I pulled out ? :-) On 2016-12-29 5:27 PM, Larry Rosenman wrote: > login_access_sockets = tcpwrap > > service tcpwrap { > unix_listener login/tcpwrap { > group = $default_login_user > mode = 0600 > user = $default_login_user > } > } > > > > On Thu, Dec 29, 2016 at

Hello, I run dovecot-2/Maildir/LDAP user/passdb and would like to be able to deny acess to users who connect from certain domains/IP (google.com for instance since in that case they gave their credentials to a third party). My understanding is that I cannot use some negative form of "allow_nets". The only mechanism I can think of is tcp_wrappers. However, dovecot documentation mention

Can anyone share the proper config to get wrappers working in dovecot on FreeBSD? The dovecot examples do not seem to work, and I thought perhaps FBSD needs slightly different configs. I've compiled with: -DHAVE_LIBWRAP which I presume is the first step. The example for dovecot.conf in uncommenting: login_access_sockets = tcpwrap merely causes a log error of "imap-login: Error:

I have compiled dovecot2 for FreeBSD with the tcpwrap option. A tcpwrap binary gets built and resides in the FreeBSD directory /usr/local/libexec/dovecot an examination of the compiled options (using the FreeBSD pkg install dovecot2) confirms: LIBWRAP : on yet, when I adjust dovecot.conf with: login_access_sockets = tcpwrap I get the following logged error message: 20161229 17:02:49

Dovecot with libwrap doesn't work on FreeBSD for some reason or another. I have these lines in my /etc/hosts.allow: ALL: LOCAL 127.0.0.1: allow pop3: ALL: allow ALL: ALL: deny Yet when you try to telnet to localhost, port 110 this is what happens: Aug 29 22:48:38 dodo dovecot: pop3-login: Error: connect(tcpwrap) failed: Permission denied I also tried auth_debug=yes to see what's wrong

Greetings, I am looking to implement tcp wrappers with dovecot; I am using the following two links as guides to configuration: http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom) I'm concerned in making the configuration correctly. If you set login_access_sockets =

Greetings, I am looking to implement tcp wrappers with dovecot; I am using the following two links as guides to configuration: http://blog.acsystem.sk/linux/brute-force-attack-dovecot-imap-server-blocking-ip-with-tcp-wrappers http://wiki2.dovecot.org/LoginProcess (you need to go to the very bottom) I'm concerned in making the configuration correctly. If you set login_access_sockets =

Updated (current) doveconf -n attached.... On Mon, Dec 25, 2017 at 04:33:16PM -0600, Larry Rosenman wrote: > FTR, this is being delivered via LMTP from Exim using the recommended transport / director. > > headers from one of my tests: > Return-Path: <ler at lerctr.org> > Delivered-To: ler at lerctr.org > Received: from thebighonker.lerctr.org > by

Using 2.3.0/0.5 and the below scripts/config, why doesn?t a mail addressed to ler_freebsd at lerctr.org get the FreeBSD flag? .dovecot.sieve points to master.sieve. Scripts: http://www.lerctr.org/~ler/sieve/ doveconf -n: thebighonker.lerctr.org /home/ler/sieve $ doveconf -n # 2.3.0 (c8b89eb): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.0 (d68c23a1) # OS: FreeBSD

Per my earlier post about system and virtual users, I have everything working, but I'm seeing the following message, and wondering: 1) does it matter? 2) is there a way to suppress it? I have an Exim /etc/aliases entry that sends root to me. Jul 13 14:38:47 thebighonker dovecot: auth-worker(13055): Error: passwd-file /etc/passwd: User root has invalid UID '0' doveconf -n: # 2.2.31

Is it possible in pigeonhole? I.E. I do a fileinto :create "some/mail/box" How can I make it autosubscribe? doveconf -n: # 2.3.7.2 (3c910f64b): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 (7372921a) # OS: FreeBSD 12.0-STABLE amd64 # Hostname: thebighonker.lerctr.org auth_default_realm = lerctr.org auth_mechanisms = plain login auth_realms = lerctr.org

Did you miss the part about 0 also being hardcoded? On Tue, Jul 18, 2017 at 1:34 PM Larry Rosenman <larryrtx at gmail.com> wrote: > On Tue, Jul 18, 2017 at 3:31 PM, Larry Rosenman <larryrtx at gmail.com> > wrote: > > > That didn't change it :( > > Jul 18 15:28:14 thebighonker dovecot: auth-worker(77908): Error: > > passwd-file /etc/passwd: User root has

# Valid UID range for users, defaults to 500 and above. This is mostly # to make sure that users can't log in as daemons or other system users. # Note that denying root logins is hardcoded to dovecot binary and can't # be done even if first_valid_uid is set to 0. #first_valid_uid = 500 #last_valid_uid = 0 Aki > On July 18, 2017 at 9:23 PM Larry Rosenman <larryrtx at gmail.com>

I'm seeing lots of: Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN)

Hi Timo, today I've started Dovecot v2.2.rc2 (976bf9e69367) for the first time. /var/log/mail.log: Mar 3 14:28:33 mail dovecot: master: Dovecot v2.2.rc2 (976bf9e69367) starting up Mar 3 14:28:38 mail dovecot: master: Error: service(tcpwrap): command startup failed, throttling for 2 secs Mar 3 14:28:38 mail dovecot: tcpwrap: Fatal: master: service(tcpwrap): child $PID killed with signal

# Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = login_access_sockets = tcpwrap service tcpwrap { unix_listener login/tcpwrap { group = $default_login_user mode = 0600 user = $default_login_user } } I believe that's all. I had placed it all in /usr/local/etc/dovecot/dovecot.conf. On Mon, Nov 14, 2016 at 11:45 AM, Jim Pazarena

Hi, I used dovecot 1.x for quite a while and it worked fine. However, I used it through inetd and used hosts.allow/deny to restrict access to only certain groups of systems. Since yesterday I have dovecot 2.0.13. But in version 2.0.13 it seems that starting using inetd doesn't work anymore : I only get a strange error message if I try to connect using telnet : telnet localhost imap

My system was working fine with version 2.3.9.2.? I upgraded to 2.3.9.3 and I am getting tcpwraper errors: > imap-login: Error: connect(tcpwrap) failed: No such file or directory Here's my config: > login_access_sockets = tcpwrap > > service tcpwrap { > ? unix_listener login/tcpwrap { > ??? group = $default_login_user > ??? mode = 0600 > ??? user =

My system was working fine with version 2.3.9.2.? I upgraded to 2.3.9.3 and I am getting tcpwraper errors: > imap-login: Error: connect(tcpwrap) failed: No such file or directory Here's my config: > login_access_sockets = tcpwrap > > service tcpwrap { > ? unix_listener login/tcpwrap { > ??? group = $default_login_user > ??? mode = 0600 > ??? user =