similar to: Password encription

CRAM-MD5 should not be used. Its not terribly secure. ---Aki TuomiDovecot oy -------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 11:58 (GMT+02:00) To: Aki Tuomi <aki.tuomi at dovecot.fi> Cc: Dovecot Mailing List <dovecot at dovecot.org> Subject: Re: Password encription Thx Aki, with CRAP-MD5 as scheme and mechanism?

Thx Aki, with CRAP-MD5 as scheme and mechanism it's works corretlly. 2017-10-25 10:52 GMT+02:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > PLAIN and LOGIN. > > > > --- > Aki Tuomi > Dovecot oy > > -------- Original message -------- > From: "j.emerlik" <j.emerlik at gmail.com> > Date: 25/10/2017 11:41 (GMT+02:00) > To: Dovecot Mailing

PLAIN and LOGIN. ---Aki TuomiDovecot oy -------- Original message --------From: "j.emerlik" <j.emerlik at gmail.com> Date: 25/10/2017 11:41 (GMT+02:00) To: Dovecot Mailing List <dovecot at dovecot.org> Subject: Password encription Hi, which authentication mechanism should I use for SHA-256 password schama ? Regards, Jack

The use of salt, today, is to prevent the attacker from directly seeing who has same passwords. Of course it also will make a rainbow table attack less useful, but then again, no one uses rainbow tables anymore since it takes about few minutes to brute force a password in the cloud or on your home computer GPU. SHA512-CRYPT uses by default 4000 rounds on dovecot, to make it more computationally

On 27.10.2017 08:37, @lbutlr wrote: > On 25 Oct 2017, at 03:11, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: >> SHA512-CRYPT and PLAIN/LOGIN with SSL. > I?m happy with SHA256-CRYPT and PLAIN/LOGIN. > Yes. SHA256-CRYPT is good too. It was just recommendation over using CRAM-MD5, use anything with salt. Aki

Aki Tuomi wrote: > The use of salt, today, is to prevent the attacker from directly seeing > who has same passwords. Of course it also will make a rainbow table > attack less useful, Not just less useful, but almost infeasible. Given the use of random salts, you would have to generate (number of possible salts) rainbow tables. This drastically changes the CPU/storage tradeoffs. >

Hi, which authentication mechanism should I use for SHA-256 password schama ? Regards, Jack

Hy everybody, I'm using rsync to backup/synchronize folders to/from USB connected external hard drives. But I can't find an answer to a doubt. Does rsync use encription also for local tranfers? For "local transfer" I mean a transfer that doesn't go through a network like folders synchronization with external hard drives. I'm asking because the speed of local transfers

> On October 27, 2017 at 11:27 PM Joseph Tam <jtam.home at gmail.com> wrote: > > > Aki Tuomi wrote: > > > The use of salt, today, is to prevent the attacker from directly seeing > > who has same passwords. Of course it also will make a rainbow table > > attack less useful, > > Not just less useful, but almost infeasible. Given the use of random

Hello Fach, I have used openvpn for a while and in the new release thereis a feature called "server mode" that makes posible to have a full network of vpn links besides a single TUN/TAP adaptor (a pure software NIC) in the server. I haven't used that feature, but I think this is what you need. Also openvpn runs on linux, *bsd, solaris, windows, and maybe in other OS. Miguel >

Op 7/7/2017 om 1:18 PM schreef j.emerlik: > Solved temporary by replacing X-Spam-Status to X-Spam-Flag. > > X-Spam-Flag in my system is added only to SPAM e-mail, anyway it looks like > a bug. Can you show your configuration (output from `dovecot -n`)? An example message may also be useful. Regards, Stephan. > Regards, > Jack > > > 2017-07-07 12:41 GMT+02:00

No, it's entirely my own. If all you want to do is write client IP addresses to a database then your script will probably fit in 20 lines of code or so. On 10/20/2017 05:04 PM, j.emerlik wrote: > Which one policy server are you using ? > Someone from that list : http://www.postfix.org/addon.html > > 2017-10-20 16:53 GMT+02:00 Gedalya <gedalya at gedalya.net>: > >>

Yes, I'am sure. I've only global as: ============== require "fileinto"; if header :contains "X-Spam-Status" "YES" { fileinto "INBOX.Junk"; } if header :contains "X-Spam-Level" "********************" { discard; stop; } and default as: ============== require "fileinto"; if header :contains

Hello!.. I have been trying to get samba working for some time now! .. I have a linux box (runing samba) and a NT domain (Nt and winx clients)... I can see the samba box in the network neighborhood, I can see the dir's in the samba box... but I cannot acces the foldes... when I try it asks for a user name and pass... however it does not mater what combination of windows or linux pass's I

Hi, Just that is my question: Are the connection between DC encripted?. I'm planning to create a secondary DC on a external dedicated server and i want to know if the connections are secure, because is not a good idea to have authentication data traveling through internet without any kind of encription... My main DC have ldap through ssl activated and working fine, but i don't know if

I need to save that to database because I have more then one mail server and them must share each other failed login attempts information. I'll try check how Dovecot Authentication Policy works. --JAcek 2017-06-12 16:50 GMT+02:00 Leonardo Rodrigues <leolistas at solutti.com.br>: > Em 12/06/17 09:39, j.emerlik escreveu: > >> Failed login attempts information may be useful

On 10/20/2017 04:50 PM, j.emerlik wrote: > I understand that Dovecot SASL does not support the Post-Login scripts. Yea, perhaps not. The concept it follows for POP3/IMAP is a wrapper for the executable launched to perform the actual service, and there is no such service when dovecot is only a SASL auth server for an external program. On the other hand a postfix policy server can let you

"j.emerlik" <j.emerlik at gmail.com> writes: > I would like to prepare postlogin a script that allow imap connection to > roundcube for all but restrict imap access for selected users. "from" roundcube? > Is possible in condition IF use IP addresses as range or with mask (because > I've more than one web servers) ? Of course -- many ways to skin this

Aha. Looks pretty cool, and it's really nice that it supports HTTP. On the other hand if I'm rate limiting the number of messages sent = number of times a client said RCPT TO, I guess it still has to be a postfix policy server? Anyway, thanks for pointing this out, I'm sure I'll use it :-) On 10/21/2017 02:16 PM, Aki Tuomi wrote: > Dovecot auth supports auth_policy_server

Or you can implement a policy server yourself. :)The protocol is not complicated, json over http. See?https://wiki.dovecot.org/Auth/Policy ---Aki TuomiDovecot oy -------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 21/05/2018 19:13 (GMT+02:00) To: Marc Perkel <marc at perkel.com>, dovecot at dovecot.org Subject: Re: Dovecot blacklist?