similar to: Auth Policy Server/wforce/weakforced

Hi Aki, I've configured in this way: vm-weakforced:~# printf 'wforce:super' | base64 d2ZvcmNlOnN1cGVy vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy With the same result... > WforceWebserver: HTTP

On 8/4/2017 12:48 PM, Daniel Miller wrote: > On 8/3/2017 6:11 AM, Teemu Huovila wrote: >> >> On 02.08.2017 23:35, Daniel Miller wrote: >>> Is there explicit documentation available for the (probably trivial) >>> configuration needed for Dovecot and Wforce? I'm probably missing >>> something that should be perfectly obvious... >>>

Hi, I'm trying to set Weakforced with Dovecot and I cannot log in policy server. This is the config: /root/weakforced/wforce/wforce.conf ----------------------------------- ... webserver("0.0.0.0:8084", "super") ... /etc/dovecot/conf.d/95-policy.conf ---------------------------------- auth_policy_server_url = http://localhost:8084/ #auth_policy_hash_nonce = wforce:super

So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong? Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed curl -X POST -H "Content-Type: application/json" --data '{"login?:?ouruser?, "remote":

I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =

Hi list I'm trying to setup dovecot 2.2.36 on a Centos6 to communicate with a wforce daemon on the remote side. wforce is latest released from git repo. Daemon part is working and I can successfully send queries from remote systems to wforce via curl For dovecot I configured in /etc/dovecot/conf.d/95-wforce.conf > auth_policy_server_url = http://REMOTE_IP:8084/ >

On 02.08.2017 23:35, Daniel Miller wrote: > Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... > > Wforce appears to start without errors. I added a file to dovecot's conf.d: > > 95-policy.conf: > auth_policy_server_url =

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I

Did you miss the closing quote from api_header? Also, can you turn on auth_debug=yes? Aki > On 16 January 2019 at 12:05 alberto bersol <alberto at bersol.info> wrote: > > > Hi Aki, > > I've configured in this way: > > vm-weakforced:~# printf 'wforce:super' | base64 > d2ZvcmNlOnN1cGVy > > vm-weakforced:~# cat

In weakforced you have webserver("0.0.0.0:8084", "THIS-IS-THE-PASSWORD-FOR-WFORCE") Thus, you make the base64 blob as ~$ echo -n wforce:THIS-IS-THE-PASSWORD-FOR-WFORCE | base64 d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U= And in dovecot you put auth_policy_server_api_header = Authorization Basic d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U Aki > On 7

Hi! You configure it like this: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOkJydHpUNlRuTkZ4UUU=" the authorization blob is basically printf 'wforce:super' | base64 Aki > On 16 January 2019 at 10:06 alberto bersol <alberto at bersol.info> wrote: > >

We are sorry to report that we have a bug in dovecot, which merits a CVE. See details below. If you haven't configured any auth_policy_* settings you are ok. This is fixed with https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae and https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc Important vulnerability in Dovecot

wforce is the username always. auth_policy_hash_nonce should be set to a pseudorandom value that is shared by your server(s). Weakforced does not need it for anything. auth_policy_server_api_header should be set to Authorization: Basic <echo -n wforce:our_password | base64> without the < >. Aki On 6.3.2019 20.42, Robert Kudyba via dovecot wrote: > I took suggestions

> On 13 May 2019 18:54 Tobi via dovecot <dovecot at dovecot.org> wrote: > > > Hi list > > I'm trying to setup dovecot 2.2.36 on a Centos6 to communicate with a > wforce daemon on the remote side. wforce is latest released from git > repo. Daemon part is working and I can successfully send queries from > remote systems to wforce via curl > > For

> > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > > > >

dovecot-2.3.3-1.fc29.x86_64 Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207)

On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those

> On Mar 28, 2019, at 10:29 AM, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > >> On 28 March 2019 16:08 Robert Kudyba via dovecot <dovecot at dovecot.org> wrote: >> >> >> dovecot-2.3.3-1.fc29.x86_64 >> >> Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed:

On 28.3.2019 22.34, Robert Kudyba via dovecot wrote: >>>>> Set >>>>> >>>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate? >>>> >>>> Can this be the Lets Encrypt cert that we already have? In other >>>> words we have: >>>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

Hi I wonder if the information about the origin of report or allow can be accessed somehow. lt.remote gives the IP of the client trying to login but is there anything in lt which gives the ip of the system that connects to wforced? Thanks and have a good one -- tobi