similar to: More fine-grained connection limitations?

Displaying 20 results from an estimated 10000 matches similar to: "More fine-grained connection limitations?"

2006 Jul 08
2
TARPIT target in iptables
Has anyone been successful at using the TARPIT target in iptables under CentOS 4? I am using CentOS 4.3, fully updated with iptables-1.2.11-3.1.RHEL4 and kernel-2.6.9-34.107.plus.c4 Doing a locate on TARPIT returns: # locate TARPIT /lib/iptables/libipt_TARPIT.so This makes me think that the TARPIT target would be valid, however when I try to use it, I get the following reponse: # iptables
2017 Dec 15
1
Mail-crypt plugin clarification
Aki Tuomi writes: > Dovecot does support making it difficult to prevent access to the stored > mail. Those who have had problems understanding the documentation might find this unintended double-negative ironically funny. > You can, with suitable workflows, ensure that the user's emails are not > readable by anyone but the user. Of course the only way to be fully > sure is
2003 Apr 17
1
[Bug 78] -m psd -j TARPIT returns all ports open from nmap
https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 ------- Additional Comments From tools@die.net 2003-04-17 15:47 ------- Showing any ports open that are sent to it is the normal function of TARPIT target. The psd match will start routing all ports to it after it decides that an IP is portscanning, so this is the expected behavior. That being said, the psd match won't
2013 Jul 03
4
dnsbl feature for dovecot
dnsbl's are a popular method to prevent listed ips from making connections to mta software. cf. postscreen_dnsbl_sites in postfix Would it be possible to introduce such a feature in dovecot, so that connections can be denied based on a dnsbl lookup (where the precise dnsbls used are configurable)? John
2006 Feb 14
4
Fine grained access control
Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the
2007 Jul 19
2
fine-grained user authentication support
Hi, I'm wondering if it's possible to have some users restricted to only login via POP3 or only IMAP (likewise for IMAPS/POP3S). Returning a particular field with the userdb sql query (protocols=imaps did not work), perhaps setting up a different passdb? Is this possible with dovecot? -Adam
2015 Nov 13
2
[PATCH] Drop fine-grained privileges on Illumos/Solaris
On 11/12/15 6:24 PM, Darren Tucker wrote: > > As long as someone is willing to do the work and help with tests > (which it sounds like you are), the support doesn't compromise other > platforms or make maintenance significantly harder then I have no > objections to it going in. Sounds good to me. We're already running with this patch in (pre-)production, and I'm
2015 Nov 13
2
[PATCH] Drop fine-grained privileges on Illumos/Solaris
Hi, I'm not sure how interested anybody here is in this, but I've been working lately on getting rid of the horror that is SunSSH for some distros of Illumos (mostly SmartOS). One of the patches we're carrying around at the moment is one that simply drops fine-grained privileges in sshd, ssh-agent and sftp-server. Since the privilege dropping here is roughly equivalent to a more
2017 Aug 10
4
Certificate cache on iOS with sending mail
On Thu, 10 Aug 2017, Larry Rosenman wrote: > Which mail client on iOS? Sorry, maybe not iOS, but definitely MacOSX Mail app. Joseph Tam <jtam.home at gmail.com>
2009 Aug 29
10
Combatting DDoS attack
Hi, I''ve been working the past 8 hrs combatting DDoS attacks on websites and dedicated servers I host for clients. They''re hitting one specific IP address, but coming from thousands of external IP addresses. I use: shorewall-4.0.10-3.noarch How can I tackle this? I''ve blocked many subnets in the blacklist file but it''s made very little difference. If
2017 Aug 18
3
is a self signed certificate always invalid the first time
Michael Felt <michael at felt.demon.nl> writes: >> I use acme.sh for all of my LetsEncrypt certs (web & mail), it is >> written in pure shell script, so no python dependencies. >> https://github.com/Neilpang/acme.sh > > Thanks - I might look at that, but as Ralph mentions in his reply - > Let's encrypt certs are only for three months - never ending circus.
2008 Aug 04
6
[Fwd: [networking-discuss] code-review: fine-grained privileges for datalink administration]
Crossbow team, The following is of interest to the Crossbow project. Since a large chunk of these changes also exist in the Crossbow gate, the delivery of this wad will result in fewer lines of changes for Crossbow''s delivery. If someone on Crossbow could participate in this review, that would be a bonus (Eric Cheng made original changes in the Crossbow gate at some point last year).
2015 Jan 29
4
Indexing Mail faster
Kevin writes: > Appreciate if you could help with this. I have been trying to address this > "slow search" issue for a while with very limited success(I was trying to > implement FTS also), so I will appreciate if you could support. When I'm stumped, one of the diagnostic tools I use is process tracing. Connect via IMAP, in another window/session process trace the IMAP
2018 Sep 15
1
auth_policy in a non-authenticating proxy chain
On 09/15/2018 10:41 AM, Aki Tuomi wrote: > Point of sending the success ones is to maintain whitelist as well as > blacklist so you know which ones you should not tarpit anymore. We > know it does scale as we have very large deployments using the whole > three request per login model. > > "Success" in a proxy which is not it self authenticating is only whether it know
2017 Feb 14
2
dovecot config for 1500 simultaneous connection
Rajesh M wrote: > i wish to improve the performance further by caching the logins. > current the same is kept disable because when user's change passwords > then they are not able to immediately login with the new password for > some time. How to solve this issue. Dovecot shouldn't be doing that. According to https://wiki2.dovecot.org/Authentication/Caching Data is
2017 Mar 16
1
Dovecot 2.2.27 proxy - enforcing per client IP connection limits
Adi Pircalabu writes: > For us it is, we're periodically getting hammered by iOS devices that > try to open 300+ simultaneous IMAP connections for a single user from > the same IP, while the average hovers usually below 50 for the busier > mailboxes with many folders. Oh yeah, I've seen this. I think this happens when someone does a global pattern search, which causes the
2011 Aug 24
3
Catch22: user needs space to fix out of space condition
A mail user reported that he filled up his INBOX (despite reminders he was approaching his filesystem quota), and furthermore, he could not fix the situation because he couldn't expunge message he marked for deletion. The dovecot logs revealed the cause dovecot: imap(user): Error: open(/var/mail/user.lock) failed: Disc quota exceeded This created an impasse where a user cannot free
2016 Nov 09
0
[Bug 1097] New: TARPIT function does not work in ip6tables
https://bugzilla.netfilter.org/show_bug.cgi?id=1097 Bug ID: 1097 Summary: TARPIT function does not work in ip6tables Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel) Assignee:
2018 Dec 20
3
Authentication Problem
On Thu, 20 Dec 2018 at 15:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > On 20 December 2018 at 14:33 Odhiambo Washington < odhiambo at gmail.com> > wrote: > > > On Thu, 20 Dec 2018 at 15:23, Aki Tuomi < aki.tuomi at open-xchange.com> > wrote: > > > > > On 20 December 2018 at 14:10 Odhiambo Washington < odhiambo at gmail.com>
2016 Aug 19
2
Change dovecot hostname
"Scott W. Sander" writes: > I have noticed that the name of my private server running dovecot appears > in email headers rather than the public-friendly name of my server. Which headers are you taking about? If you're talking about Received: headers, that's usually inserted by your MTA, not dovecot. Joseph Tam <jtam.home at gmail.com>