similar to: weakforced

On Tue, Jul 18, 2017 at 10:40 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On 19.07.2017 02:38, Mark Moseley wrote: > > I've been playing with weakforced, so it fills in the 'fail2ban across a > > cluster' niche (not to mention RBLs). It seems to work well, once you've > > actually read the docs :) > > > > I was curious if

On 19.07.2017 02:38, Mark Moseley wrote: > I've been playing with weakforced, so it fills in the 'fail2ban across a > cluster' niche (not to mention RBLs). It seems to work well, once you've > actually read the docs :) > > I was curious if anyone had played with it and was *very* curious if anyone > was using it in high traffic production. Getting things to

Below is an answer by the current weakforced main developer. It overlaps partly with Samis answer. ---snip--- > Do you have any hints/tips/guidelines for things like sizing, both in a > per-server sense (memory, mostly) and in a cluster-sense (logins per sec :: > node ratio)? I'm curious too how large is quite large. Not looking for > details but just a ballpark figure. My

On Wed, Sep 27, 2017 at 10:06 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On 27.09.2017 20:14, Mark Moseley wrote: > > On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> > wrote: > > > >> On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: > >>> I've been digging into the auth policy stuff with weakforced

On Thu, Sep 28, 2017 at 9:34 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On September 28, 2017 at 7:20 PM Mark Moseley <moseleymark at gmail.com> > wrote: > > > > > > On Wed, Sep 27, 2017 at 10:06 PM, Aki Tuomi <aki.tuomi at dovecot.fi> > wrote: > > > > > > > > > > > On 27.09.2017 20:14, Mark Moseley

Hi, I'm trying to set Weakforced with Dovecot and I cannot log in policy server. This is the config: /root/weakforced/wforce/wforce.conf ----------------------------------- ... webserver("0.0.0.0:8084", "super") ... /etc/dovecot/conf.d/95-policy.conf ---------------------------------- auth_policy_server_url = http://localhost:8084/ #auth_policy_hash_nonce = wforce:super

On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> wrote: > On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: > > I've been digging into the auth policy stuff with weakforced lately. > There > > are cases (IP ranges, so could be wrapped up in remote {} blocks) where > > it'd be nice to skip the auth policy (internal hosts that I can trust,

Hi Aki, I've configured in this way: vm-weakforced:~# printf 'wforce:super' | base64 d2ZvcmNlOnN1cGVy vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy With the same result... > WforceWebserver: HTTP

I've been digging into the auth policy stuff with weakforced lately. There are cases (IP ranges, so could be wrapped up in remote {} blocks) where it'd be nice to skip the auth policy (internal hosts that I can trust, but that are hitting the same servers as the outside world). Is there any way to disable auth policy, possibly inside a remote{}? auth_policy_server_url complains that it

Dear List, I have two questions about how to do predictions using lrm, specifically how to predict the ordinal response for each observation *individually*. I'm very new to cumulative odds models, so my apologies if my questions are too basic. I have a dataset with 4000 observations. Each observation consists of an ordinal outcome y (i.e., rating of a stimulus with four possible

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I

Hi! You configure it like this: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOkJydHpUNlRuTkZ4UUU=" the authorization blob is basically printf 'wforce:super' | base64 Aki > On 16 January 2019 at 10:06 alberto bersol <alberto at bersol.info> wrote: > >

Did you miss the closing quote from api_header? Also, can you turn on auth_debug=yes? Aki > On 16 January 2019 at 12:05 alberto bersol <alberto at bersol.info> wrote: > > > Hi Aki, > > I've configured in this way: > > vm-weakforced:~# printf 'wforce:super' | base64 > d2ZvcmNlOnN1cGVy > > vm-weakforced:~# cat

Hi Tobi, This looks like you haven?t included the libmaxmind libraries before running configure. GeoIP support is only compiled in if it finds the right libs. This would be libmaxminddb-dev on Ubuntu for example. Neil >> Hi list >> >> hope it's okay to ask weakforced questions here as well, but I could not >> find a dedicated mailinglist for wforce. >>

Hi Tobi, it should just work, but depends on the OS version. ./configure ?help tells you all the configure options, including: --with-maxminddb-includedir path to maxminddb include directory [default=auto] --with-maxminddb-libdir path to maxminddb library directory [default=auto] Neil > On 14 May 2019, at 17:44, Tobi via dovecot <dovecot at dovecot.org>

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 6 March 2019 18:25 Robert Kudyba via dovecot <dovecot@dovecot.org> wrote: </div> <div> <br> </div> <div> <br>

On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: >> Which is why a dnsbl for dovecot is a good idea. I do not believe the >> agents behind these login attempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >>

Hi, Since upgrading our mail servers to Postfix/Dovecot, we've seen a rather large increase in botnet brute force password attacks. I guess our old servers were too slow to suit their needs. Now, when they hit upon a valid user, it's easy to see what passwords they are trying (we've enabled auth_debug_passwords and set auth_verbose_passwords = plain). We can easily have log

I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =

wforce is the username always. auth_policy_hash_nonce should be set to a pseudorandom value that is shared by your server(s). Weakforced does not need it for anything. auth_policy_server_api_header should be set to Authorization: Basic <echo -n wforce:our_password | base64> without the < >. Aki On 6.3.2019 20.42, Robert Kudyba via dovecot wrote: > I took suggestions