similar to: Suggestion: Split login_trusted_networks

Hi, For the upcoming 2.3 development, I'd like to re-suggest this: It seems the use of login_trusted_networks is overloaded. Example: * It's used for indicating which hosts you trust to provide XCLIENT remote IP's. (like a proxy) * It's used for indicating from which hosts you trust logins enough to disable auth penalty. (like in a webmail) Often these two uses cases have a

When using dovecot (2.1.5) sasl with postfix (2.8.4) behind nginx smtp proxy I am seeing a ton of errors of the form: postfix/smtpd[7731]: warning: unknown[192.168.0.6]: SASL LOGIN authentication failed: Connection lost to authentication server Nothing is printed by dovecot in the logs regarding the error. It seems that dovecot just hung up on postfix. (side note: no, can't use xclient

I'd like to get the IP-address of the webmail-klient logged in my maillog (for being compliant with coming data retention policies). I've noticed that with login_trusted_networks pointing at my dovecot directors, we get rip=client-ip logged on the backends. How is the proxy providing this to the dovecot backends? Anybody know what magic we need to implement in our webmail-solution to be

> On 24 May 2019 10:52 mabi via dovecot <dovecot at dovecot.org> wrote: > > > Hello, > > I am running Dovecot 2.3.5 package on OpenBSD 6.5 and it looks like this bug which has been fixed in 2.3.6 is hitting me: > > lib-smtp: client: Fix infinite loop in XCLIENT command interaction with server >

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I'm using Dovecot v2.2 with unix_listener auth-client { } to verify passwords for a different service. However, it looks like that auth_failure_delay effects all connects going through that socket. I mean: connect /var/run/dovecot2.2/auth-client attempt bad auth 2s penalty NO disconnect ==> Note, it's another connection almost

I just spent a bit puzzling over "login_trusted_networks". My problem was using "10.1.2/24" instead of "10.1.2.0/24". Here are some things I looked for during troubleshooting that didn't pan out: (1) No messages printed to syslog. (2) Search for "login_trusted_networks" on the Wiki (wiki2) failed. (3) Comments in example config file

Hello, I am running Dovecot 2.3.5 package on OpenBSD 6.5 and it looks like this bug which has been fixed in 2.3.6 is hitting me: lib-smtp: client: Fix infinite loop in XCLIENT command interaction with server https://github.com/dovecot/core/commit/5d03f39b345127b80d145ee90772739baa7ab810 so I was wondering if there is any workarounds? Maybe like disabling the XCLIENT command from the config file

??????? Original Message ??????? On Friday, May 24, 2019 10:40 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > Try setting login_trusted_networks= Thank you Aki for your answer. Unfortunately on my Dovecot mailbox backend servers I already have login_trusted_networks set to the IP of my Dovecot LMTP proxy server. > or just upgrade to 2.3.6? I was hoping not to have to

> On 24 May 2019, at 12.22, mabi via dovecot <dovecot at dovecot.org> wrote: > > ??????? Original Message ??????? > On Friday, May 24, 2019 10:40 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> Try setting login_trusted_networks= > > Thank you Aki for your answer. Unfortunately on my Dovecot mailbox backend servers I already have

Benjamin H?ck schreef op 21-5-2015 om 9:31: > Hello, > > I`ve got a question about Dovecot-Director and (Manage)-Sieve: is there > any possibility to pass-through the original IP-address to the backend > server? > > In this case I try to pass-through the IP-address of a webmail server. > > I`ve looked for a solution in different forums and tried it with the >

On 24.5.2019 12.22, mabi via dovecot wrote: > ??????? Original Message ??????? > On Friday, May 24, 2019 10:40 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> Try setting login_trusted_networks= > Thank you Aki for your answer. Unfortunately on my Dovecot mailbox backend servers I already have login_trusted_networks set to the IP of my Dovecot LMTP proxy

Hi all, I want to remove the authentication penalty for specific ip addresses (subnets if possible). I am using Dovecot 2.3.2 (582970113) and figured that this information: https://wiki2.dovecot.org/Authentication/Penalty > If the IP is in login_trusted_networks (e.g. webmail), skip any authentication penalties is not up to date. Instead this information is:

https://dovecot.org/releases/2.2/dovecot-2.2.29.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.29.tar.gz.sig * passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (CVE-2017-2669) * When Dovecot encounters an internal error, it logs the real error

https://dovecot.org/releases/2.2/dovecot-2.2.29.tar.gz https://dovecot.org/releases/2.2/dovecot-2.2.29.tar.gz.sig * passdb/userdb dict: Don't double-expand %variables in keys. If dict was used as the authentication passdb, using specially crafted %variables in the username could be used to cause DoS (CVE-2017-2669) * When Dovecot encounters an internal error, it logs the real error

Hello, I`ve got a question about Dovecot-Director and (Manage)-Sieve: is there any possibility to pass-through the original IP-address to the backend server? In this case I try to pass-through the IP-address of a webmail server. I`ve looked for a solution in different forums and tried it with the parameter "login_trusted_networks", however no success. The above solution is working

http://dovecot.org/releases/2.2/rc/dovecot-2.2.29.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.29.rc1.tar.gz.sig Planning to release v2.2.29 on Monday. Please find and report any bugs before that. * When Dovecot encounters an internal error, it logs the real error and usually logs another line saying what function failed. Previously the second log line's error message was

http://dovecot.org/releases/2.2/rc/dovecot-2.2.29.rc1.tar.gz http://dovecot.org/releases/2.2/rc/dovecot-2.2.29.rc1.tar.gz.sig Planning to release v2.2.29 on Monday. Please find and report any bugs before that. * When Dovecot encounters an internal error, it logs the real error and usually logs another line saying what function failed. Previously the second log line's error message was

* Wojciech Puchar, 16.12.19 15:54 > i've upgraded dovecot on my server to 2.3.9 > > works properly but saslauthd that uses it for rimap authentication over 127.0.0.1 works SLOW. You need to wait 15-20 seconds before authentication. > > only imap login over 127.0.0.1 is slowed down, while over any other IP is quick. > > i had this problem with older version of dovecot

I have a proxy setup for pop/imap. The proxies are defined in login_trusted_networks = x.x.x.x and for the imap it works fine but for pop3 connections displays the ip address of proxy IP... Dovecots are both 1.2 from the debian repo deb http://xi.rename-it.nl/debian/ stable-auto/dovecot-1.2 main thanks -- View this message in context:

Hello, I'm using version 2.3.4.1 and I have a fairly simple setup based on a submission server where I run dovecot and a relay server with postfix. The relevant part of dovecot's config is as follows (sanitized): hostname = submission.domain.local submission_client_workarounds = whitespace-before-path submission_relay_host = 192.168.1.1 <- postfix submission_relay_port = 25