similar to: detect suspicious logins

On Tue, 19 Dec 2017 17:13:10 +0000 Matthew Broadhead <matthew.broadhead at nbmlaw.co.uk> wrote: > does anyone know of a linux module (maybe similar to fail2ban) that > could be installed which would monitor email logs (sign ins) and > alert the user to any suspicious activity on their account? i > suspect it would need to log geo location, device type and ip address > to a

the server is using CentOS 7 and that is the package that comes through yum. everything is up to date. i am hesitant to install a new package manually as that could cause other compatibility issues? is there another way to test the configuration on the server? On 21/10/2016 01:07, Stephan Bosch wrote: > Op 10/20/2016 om 7:38 PM schreef Matthew Broadhead: >> do i need to provide

is there something more i need to be doing my end? On 25/10/2016 09:11, Matthew Broadhead wrote: > are there any instructions or tests i can make to check the sieve > configuration? or does the magic all happen internally and there are > no settings to change? > > On 21/10/2016 10:22, Matthew Broadhead wrote: >> the server is using CentOS 7 and that is the package that

do i need to provide more information? On 19/10/2016 14:49, Matthew Broadhead wrote: > /var/log/maillog showed this > Oct 19 13:25:41 ns1 postfix/smtpd[1298]: 7599A2C19C6: > client=unknown[127.0.0.1] > Oct 19 13:25:41 ns1 postfix/cleanup[1085]: 7599A2C19C6: > message-id=<edc55a9b-eb49-3945-dc60-0e1d51a78e97 at nbmlaw.co.uk> > Oct 19 13:25:41 ns1 postfix/qmgr[1059]:

Op 19-10-2016 om 13:47 schreef Matthew Broadhead: > i am not 100% sure how to give you the information you require. > > my current setup in /etc/postfix/master.cf is > flags=DRhu user=vmail:mail argv=/usr/libexec/dovecot/deliver -d > ${recipient} > so recipient would presumably be user at domain.tld? or do you want the > real email address of one of our users? is there

On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot <dovecot at dovecot.org> wrote: > > > Say for instance you have some one trying to constantly access an > account > > > Has any of you made something creative like this: > > * configure that account to allow to login with any password > * link that account to something like /dev/zero that generates infinite

> Am 11.04.2019 um 12:43 schrieb Marc Roos via dovecot <dovecot at dovecot.org>: > > Please do not assume anything other than what is written, it is a > hypothetical situation > > > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you > - it will continue bothering other servers and admins > - you get the

Could you send your configuration (output from `dovecot -n`)? Also, please provide an example scenario; i.e., for one problematic delivery provide: - The values of the variables substituted below. - The incoming e-mail message. - The Sieve script (or at least that vacation command). Regards, Stephan. Op 19-10-2016 om 11:42 schreef Matthew Broadhead: > hi, does anyone have any ideas

On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those

Hi all, If I may, one more question on this subject: I would like to create a fail2ban filer, that scans for these lines: > Jul 20 11:10:09 auth: Info: ldap(user1,60.166.35.162,<cDFXHbxUQgA8piOi>): invalid credentials (given password: password) > Jul 20 11:10:19 auth: Info: ldap(user2,61.53.66.4,<V+nyHbxU+wA9NUIE>): invalid credentials (given password: password) (as you can

On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> wrote: > On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: > > I've been digging into the auth policy stuff with weakforced lately. > There > > are cases (IP ranges, so could be wrapped up in remote {} blocks) where > > it'd be nice to skip the auth policy (internal hosts that I can trust,

Thanks Michael. I have forwarded that link to the Geronimo JavaMail team in case they think of anything their end. But in the documentation you sent it seems that Dovecot should respond in the case of LIST / "*" if my understanding is correct Is there any way to adjust this behaviour in the settings? I am struggling to search for a solution to the problem given the limited

Hi Michael, Geronimo JavaMail hard defaults to / separator. If the separator is manually set to undefined it automatically calculates the separator correctly. However neither through JavaMail or by command line does LIST "." "*" or LIST . "*" produce any root listing of default folder on my Dovecot installation. Only LIST "" "*" produces a

Matthew Broadhead <matthew.broadhead at nbmlaw.co.uk> wrote: >> does anyone know of a linux module (maybe similar to fail2ban) that >> could be installed which would monitor email logs (sign ins) and alert >> the user to any suspicious activity on their account? I just monitor straight from the logs using homebrew utilties. @lbutlr" <kremels at kreme.com>

i am using CentOS 7 centos-release-7-3.1611.el7.centos.x86_64 with dovecot dovecot-2.2.10-7.el7.x86_64. i am trying to set up AntiSpam with IMAPSieve but the package seems to be lacking sieve_imapsieve. is there anything i can do? i am not really interested in compiling from source because i like to receive security updates automatically. 2017-02-24 21:57:00auth: Error:

On Wed, Sep 27, 2017 at 10:06 PM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On 27.09.2017 20:14, Mark Moseley wrote: > > On Wed, Sep 27, 2017 at 10:03 AM, Marcus Rueckert <darix at opensu.se> > wrote: > > > >> On 2017-09-27 16:57:44 +0000, Mark Moseley wrote: > >>> I've been digging into the auth policy stuff with weakforced

Also, please provide an example scenario; i.e., for one problematic delivery provide: - The values of the variables substituted in the dovecot-lda command line; i.e., provide that command line. - The incoming e-mail message. Regards, Stephan. Op 19-10-2016 om 12:43 schreef Matthew Broadhead: > dovecot is configured by sentora control panel to a certain extent. if > you want those

Hi, i am using dovecot-2.2.10-7.el7.x86_64 on centos-release-7-3.1611.el7.centos.x86_64. if i follow this tutorial https://delog.wordpress.com/2011/05/10/access-imap-server-from-the-command-line-using-openssl/ i can login to my server and successfully list the folders using tag LIST "" "*" * LIST (\HasNoChildren) "." INBOX tag OK List completed. no folders are

On Thu, Sep 28, 2017 at 9:34 AM, Aki Tuomi <aki.tuomi at dovecot.fi> wrote: > > > On September 28, 2017 at 7:20 PM Mark Moseley <moseleymark at gmail.com> > wrote: > > > > > > On Wed, Sep 27, 2017 at 10:06 PM, Aki Tuomi <aki.tuomi at dovecot.fi> > wrote: > > > > > > > > > > > On 27.09.2017 20:14, Mark Moseley

> On August 5, 2016 at 6:47 PM "Michael A. Peters" <mpeters at domblogger.net> wrote: > > > On 08/05/2016 08:41 AM, Robert Blayzor wrote: > > Is there a way to configure Dovecot to perhaps filter/enforce which passwords are accepted before authenticating? > > > > Ie: Reject immediately (without a database lookup) if password is not X characters in