similar to: More fine-grained connection limitations?

Has anyone been successful at using the TARPIT target in iptables under CentOS 4? I am using CentOS 4.3, fully updated with iptables-1.2.11-3.1.RHEL4 and kernel-2.6.9-34.107.plus.c4 Doing a locate on TARPIT returns: # locate TARPIT /lib/iptables/libipt_TARPIT.so This makes me think that the TARPIT target would be valid, however when I try to use it, I get the following reponse: # iptables

Aki Tuomi writes: > Dovecot does support making it difficult to prevent access to the stored > mail. Those who have had problems understanding the documentation might find this unintended double-negative ironically funny. > You can, with suitable workflows, ensure that the user's emails are not > readable by anyone but the user. Of course the only way to be fully > sure is

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 ------- Additional Comments From tools@die.net 2003-04-17 15:47 ------- Showing any ports open that are sent to it is the normal function of TARPIT target. The psd match will start routing all ports to it after it decides that an IP is portscanning, so this is the expected behavior. That being said, the psd match won't

dnsbl's are a popular method to prevent listed ips from making connections to mta software. cf. postscreen_dnsbl_sites in postfix Would it be possible to introduce such a feature in dovecot, so that connections can be denied based on a dnsbl lookup (where the precise dnsbls used are configurable)? John

Hi, I''m building an application which is going to require quite fine grained access control. Deciding if a user is allowed to access an action will probably require checking quite number of different rules, so a simple role-based system won''t be flexible enough. The approach I think I will try first is, if it''s possible, to ignore permission issues inside the

Hi, I'm wondering if it's possible to have some users restricted to only login via POP3 or only IMAP (likewise for IMAPS/POP3S). Returning a particular field with the userdb sql query (protocols=imaps did not work), perhaps setting up a different passdb? Is this possible with dovecot? -Adam

On 11/12/15 6:24 PM, Darren Tucker wrote: > > As long as someone is willing to do the work and help with tests > (which it sounds like you are), the support doesn't compromise other > platforms or make maintenance significantly harder then I have no > objections to it going in. Sounds good to me. We're already running with this patch in (pre-)production, and I'm

Hi, I'm not sure how interested anybody here is in this, but I've been working lately on getting rid of the horror that is SunSSH for some distros of Illumos (mostly SmartOS). One of the patches we're carrying around at the moment is one that simply drops fine-grained privileges in sshd, ssh-agent and sftp-server. Since the privilege dropping here is roughly equivalent to a more

On Thu, 10 Aug 2017, Larry Rosenman wrote: > Which mail client on iOS? Sorry, maybe not iOS, but definitely MacOSX Mail app. Joseph Tam <jtam.home at gmail.com>

Hi, I''ve been working the past 8 hrs combatting DDoS attacks on websites and dedicated servers I host for clients. They''re hitting one specific IP address, but coming from thousands of external IP addresses. I use: shorewall-4.0.10-3.noarch How can I tackle this? I''ve blocked many subnets in the blacklist file but it''s made very little difference. If

Michael Felt <michael at felt.demon.nl> writes: >> I use acme.sh for all of my LetsEncrypt certs (web & mail), it is >> written in pure shell script, so no python dependencies. >> https://github.com/Neilpang/acme.sh > > Thanks - I might look at that, but as Ralph mentions in his reply - > Let's encrypt certs are only for three months - never ending circus.

Crossbow team, The following is of interest to the Crossbow project. Since a large chunk of these changes also exist in the Crossbow gate, the delivery of this wad will result in fewer lines of changes for Crossbow''s delivery. If someone on Crossbow could participate in this review, that would be a bonus (Eric Cheng made original changes in the Crossbow gate at some point last year).

Kevin writes: > Appreciate if you could help with this. I have been trying to address this > "slow search" issue for a while with very limited success(I was trying to > implement FTS also), so I will appreciate if you could support. When I'm stumped, one of the diagnostic tools I use is process tracing. Connect via IMAP, in another window/session process trace the IMAP

On 09/15/2018 10:41 AM, Aki Tuomi wrote: > Point of sending the success ones is to maintain whitelist as well as > blacklist so you know which ones you should not tarpit anymore. We > know it does scale as we have very large deployments using the whole > three request per login model. > > "Success" in a proxy which is not it self authenticating is only whether it know

Rajesh M wrote: > i wish to improve the performance further by caching the logins. > current the same is kept disable because when user's change passwords > then they are not able to immediately login with the new password for > some time. How to solve this issue. Dovecot shouldn't be doing that. According to https://wiki2.dovecot.org/Authentication/Caching Data is

Adi Pircalabu writes: > For us it is, we're periodically getting hammered by iOS devices that > try to open 300+ simultaneous IMAP connections for a single user from > the same IP, while the average hovers usually below 50 for the busier > mailboxes with many folders. Oh yeah, I've seen this. I think this happens when someone does a global pattern search, which causes the

A mail user reported that he filled up his INBOX (despite reminders he was approaching his filesystem quota), and furthermore, he could not fix the situation because he couldn't expunge message he marked for deletion. The dovecot logs revealed the cause dovecot: imap(user): Error: open(/var/mail/user.lock) failed: Disc quota exceeded This created an impasse where a user cannot free

https://bugzilla.netfilter.org/show_bug.cgi?id=1097 Bug ID: 1097 Summary: TARPIT function does not work in ip6tables Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel) Assignee:

On Thu, 20 Dec 2018 at 15:54, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > On 20 December 2018 at 14:33 Odhiambo Washington < odhiambo at gmail.com> > wrote: > > > On Thu, 20 Dec 2018 at 15:23, Aki Tuomi < aki.tuomi at open-xchange.com> > wrote: > > > > > On 20 December 2018 at 14:10 Odhiambo Washington < odhiambo at gmail.com>

"Scott W. Sander" writes: > I have noticed that the name of my private server running dovecot appears > in email headers rather than the public-friendly name of my server. Which headers are you taking about? If you're talking about Received: headers, that's usually inserted by your MTA, not dovecot. Joseph Tam <jtam.home at gmail.com>