Displaying 20 results from an estimated 4000 matches similar to: "Suggestion: Split login_trusted_networks"
2019 May 24
2
Workaround for infinite loop in XCLIENT command bug
Hello,
I am running Dovecot 2.3.5 package on OpenBSD 6.5 and it looks like this bug which has been fixed in 2.3.6 is hitting me:
lib-smtp: client: Fix infinite loop in XCLIENT command interaction with server
https://github.com/dovecot/core/commit/5d03f39b345127b80d145ee90772739baa7ab810
so I was wondering if there is any workarounds? Maybe like disabling the XCLIENT command from the config file
2013 Jul 03
2
login_trusted_networks from webmail ?
I'd like to get the IP-address of the webmail-klient logged in my
maillog (for being compliant with coming data retention policies). I've
noticed that with login_trusted_networks pointing at my dovecot
directors, we get rip=client-ip logged on the backends. How is the proxy
providing this to the dovecot backends? Anybody know what magic we need
to implement in our webmail-solution to be
2014 Jun 20
0
Suggestion: Split login_trusted_networks
Hi,
It seems the use of login_trusted_networks is overloaded.
Example:
* It's used for indicating which hosts you trust to provide XCLIENT
remote IP's.
* It's used for indicating from which hosts you trust logins enough to
disable auth penalty. (like in a webmail)
However... trustwise, this is trusting two different entities.
The first case you put trust in the host.
In the second
2019 May 24
4
Workaround for infinite loop in XCLIENT command bug
??????? Original Message ???????
On Friday, May 24, 2019 10:40 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote:
> Try setting login_trusted_networks=
Thank you Aki for your answer. Unfortunately on my Dovecot mailbox backend servers I already have login_trusted_networks set to the IP of my Dovecot LMTP proxy server.
> or just upgrade to 2.3.6?
I was hoping not to have to
2018 May 18
2
Disconnecting unauthenticated IMAP entities faster?
Hello, given the 2015 revision date, I was curious if anyone can confirm https://wiki2.dovecot.org/Timeouts is still accurate where the 'before login' IMAP timeout remains hard coded?
We're having an issue where blocks of IP's from China and similar locations are crawling IP ranges trying common login credentials, and hanging the connections open in the process. We have clients
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to
test wforce, from https://github.com/PowerDNS/weakforced.
I see instructions at the Authentication policy support page,
https://wiki2.dovecot.org/Authentication/Policy
I see the Required Minimum Configuration:
auth_policy_server_url = http://example.com:4001/
auth_policy_hash_nonce = localized_random_string
But when I
2017 Dec 19
3
detect suspicious logins
does anyone know of a linux module (maybe similar to fail2ban) that
could be installed which would monitor email logs (sign ins) and alert
the user to any suspicious activity on their account? i suspect it
would need to log geo location, device type and ip address to a
database. it seems like a module like this would be very useful and
should exist already? thanks in advance
2019 Apr 12
2
Mail account brute force / harassment
On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote:
>> Which is why a dnsbl for dovecot is a good idea. I do not believe the
>> agents behind these login attempts are only targeting me, hence the
>> addresses should be shared via a dnsbl.
>
> Probably there's an existing solution for both problems (subsequent
> attempts and dnsbl):
>
>>
2019 Apr 11
1
Mail account brute force / harassment
> Am 11.04.2019 um 12:43 schrieb Marc Roos via dovecot <dovecot at dovecot.org>:
>
> Please do not assume anything other than what is written, it is a
> hypothetical situation
>
>
> A. With the fail2ban solution
> - you 'solve' that the current ip is not able to access you
> - it will continue bothering other servers and admins
> - you get the
2015 May 21
2
Dovecot-Director, (Manage)-Sieve und Remote-IP
Hello,
I`ve got a question about Dovecot-Director and (Manage)-Sieve: is there
any possibility to pass-through the original IP-address to the backend
server?
In this case I try to pass-through the IP-address of a webmail server.
I`ve looked for a solution in different forums and tried it with the
parameter "login_trusted_networks", however no success.
The above solution is working
2016 Jun 24
2
exempt local auth-client UNIX socket from failed login penalty // add to login_trusted_networks ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I'm using Dovecot v2.2 with unix_listener auth-client {
} to verify passwords for a different service. However, it looks like that
auth_failure_delay effects all connects going through that socket.
I mean:
connect /var/run/dovecot2.2/auth-client
attempt bad auth
2s penalty
NO
disconnect
==> Note, it's another connection almost
2018 May 21
2
Dovecot blacklist?
Just wondering if there is an easy way to have dovecot do a blacklist
lookup as a negative authentication so that if the IP is on a blacklist
then authentification fails even if they get the password right.
If this works I have a blacklist everyone can use.
2019 Apr 11
5
Mail account brute force / harassment
On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot <dovecot at dovecot.org>
wrote:
>
>
> Say for instance you have some one trying to constantly access an
> account
>
>
> Has any of you made something creative like this:
>
> * configure that account to allow to login with any password
> * link that account to something like /dev/zero that generates infinite
2017 Jun 30
2
Auth Policy Server
I've made a preliminary auth policy server in Perl - and it sort of
works (mostly) - but I've got some questions on "proper" implementation.
It appears the communication is HTTP based - is the intent to talk to a
"proper" webserver, or is a simple dedicated daemon appropriate (which
is what I made)?
Should connections be maintained, or terminated after each
2020 Apr 22
1
Recommendations on intrusion prevention/detection?
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 22/04/2020 19:56 Benny Pedersen <
<a href="mailto:me@junc.eu">me@junc.eu</a>> wrote:
</div>
<div>
<br>
2013 Apr 12
6
v2.2.0 released
http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz.sig
Everything now seems to be stable and working in v2.2, so I can finally
move onto developing great new interesting features for v2.3. :)
My company has also launched a web shop where you can buy various
products. One of them is cheap access to Dovecot enterprise edition
repositories,
2013 Apr 12
6
v2.2.0 released
http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz
http://dovecot.org/releases/2.2/dovecot-2.2.0.tar.gz.sig
Everything now seems to be stable and working in v2.2, so I can finally
move onto developing great new interesting features for v2.3. :)
My company has also launched a web shop where you can buy various
products. One of them is cheap access to Dovecot enterprise edition
repositories,
2019 Apr 11
5
Mail account brute force / harassment
On 11/04/2019 11:43, Marc Roos via dovecot wrote:
> A. With the fail2ban solution
> - you 'solve' that the current ip is not able to access you
It is only a solution if there are subsequent attempts from the same
address. I currently have several thousand addresses blocked due to
dovecot login failures. My firewall is set to log these so I can see
that few repeat, those
2017 Oct 20
2
Post-login scripting
No, it's entirely my own.
If all you want to do is write client IP addresses to a database then your script will probably fit in 20 lines of code or so.
On 10/20/2017 05:04 PM, j.emerlik wrote:
> Which one policy server are you using ?
> Someone from that list : http://www.postfix.org/addon.html
>
> 2017-10-20 16:53 GMT+02:00 Gedalya <gedalya at gedalya.net>:
>
>>
2017 Oct 16
2
Filtering by country
Is it possible to filter out logins by country (I would like to limit dovecot instance users to log in only from specific countries)???
Anvar?Kuchkartaev?
anvar at anvartay.com?