similar to: Conditionally disabling auth policy

On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> wrote: > On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: > > I've been digging into the auth policy stuff with weakforced lately. > There > > are cases (IP ranges, so could be wrapped up in remote {} blocks) where > > it'd be nice to skip the auth policy (internal hosts that I can trust,

On Wed, Sep 27, 2017 at 10:06 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On 27.09.2017 20:14, Mark Moseley wrote: > > On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> > wrote: > > > >> On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: > >>> I've been digging into the auth policy stuff with weakforced

On Thu, Sep 28, 2017 at 9:34 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On September 28, 2017 at 7:20 PM Mark Moseley <moseleymark at gmail.com> > wrote: > > > > > > On Wed, Sep 27, 2017 at 10:06 PM, Aki Tuomi <aki.tuomi at dovecot.fi> > wrote: > > > > > > > > > > > On 27.09.2017 20:14, Mark Moseley

On 27.09.2017 20:14, Mark Moseley wrote: > On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> wrote: > >> On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: >>> I've been digging into the auth policy stuff with weakforced lately. >> There >>> are cases (IP ranges, so could be wrapped up in remote {} blocks) where >>>

> On September 28, 2017 at 7:20 PM Mark Moseley <moseleymark at gmail.com> wrote: > > > On Wed, Sep 27, 2017 at 10:06 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > > > > > On 27.09.2017 20:14, Mark Moseley wrote: > > > On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> > > wrote: > > > >

Hi Aki, I've configured in this way: vm-weakforced:~# printf 'wforce:super' | base64 d2ZvcmNlOnN1cGVy vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy With the same result... > WforceWebserver: HTTP

Hi, I'm trying to set Weakforced with Dovecot and I cannot log in policy server. This is the config: /root/weakforced/wforce/wforce.conf ----------------------------------- ... webserver("0.0.0.0:8084", "super") ... /etc/dovecot/conf.d/95-policy.conf ---------------------------------- auth_policy_server_url = http://localhost:8084/ #auth_policy_hash_nonce = wforce:super

On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: > I've been digging into the auth policy stuff with weakforced lately. There > are cases (IP ranges, so could be wrapped up in remote {} blocks) where > it'd be nice to skip the auth policy (internal hosts that I can trust, but > that are hitting the same servers as the outside world). > > Is there any way to disable auth

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I

On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those

Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... Wforce appears to start without errors. I added a file to dovecot's conf.d: 95-policy.conf: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = this_is_my_super_secret_something

I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =

So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong? Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed curl -X POST -H "Content-Type: application/json" --data '{"login?:?ouruser?, "remote":

Hi Tobi, This looks like you haven?t included the libmaxmind libraries before running configure. GeoIP support is only compiled in if it finds the right libs. This would be libmaxminddb-dev on Ubuntu for example. Neil >> Hi list >> >> hope it's okay to ask weakforced questions here as well, but I could not >> find a dedicated mailinglist for wforce. >>

Hi Tobi, it should just work, but depends on the OS version. ./configure ?help tells you all the configure options, including: --with-maxminddb-includedir path to maxminddb include directory [default=auto] --with-maxminddb-libdir path to maxminddb library directory [default=auto] Neil > On 14 May 2019, at 17:44, Tobi via dovecot <dovecot at dovecot.org>

Hi list I'm trying to setup dovecot 2.2.36 on a Centos6 to communicate with a wforce daemon on the remote side. wforce is latest released from git repo. Daemon part is working and I can successfully send queries from remote systems to wforce via curl For dovecot I configured in /etc/dovecot/conf.d/95-wforce.conf > auth_policy_server_url = http://REMOTE_IP:8084/ >

> > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > > > >

On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: >> Which is why a dnsbl for dovecot is a good idea. I do not believe the >> agents behind these login attempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >>

I've been playing with weakforced, so it fills in the 'fail2ban across a cluster' niche (not to mention RBLs). It seems to work well, once you've actually read the docs :) I was curious if anyone had played with it and was *very* curious if anyone was using it in high traffic production. Getting things to 'work' versus getting them to work *and* handle a couple hundred

dovecot-2.3.3-1.fc29.x86_64 Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207)