similar to: Dovecot blacklist?

Displaying 20 results from an estimated 8000 matches similar to: "Dovecot blacklist?"

2018 May 21
1
Dovecot blacklist?
Or you can implement a policy server yourself. :)The protocol is not complicated, json over http. See?https://wiki.dovecot.org/Auth/Policy ---Aki TuomiDovecot oy -------- Original message --------From: Aki Tuomi <aki.tuomi at dovecot.fi> Date: 21/05/2018 19:13 (GMT+02:00) To: Marc Perkel <marc at perkel.com>, dovecot at dovecot.org Subject: Re: Dovecot blacklist?
2018 May 21
0
Dovecot blacklist?
https://github.com/PowerDNS/weakforced cn be used for this. ---Aki TuomiDovecot oy -------- Original message --------From: Marc Perkel <marc at perkel.com> Date: 21/05/2018 19:09 (GMT+02:00) To: dovecot at dovecot.org Subject: Dovecot blacklist? Just wondering if there is an easy way to have dovecot do a blacklist lookup as a negative authentication so that if the IP is on a blacklist
2018 May 21
1
SSL error after upgrading to 2.31
After upgrading to 2.31 I'm getting this error. Not sure what I'm doing wrong. No (No signatures could be verified because the chain contains only one certificate and it is not self signed.) ssl = yes ssl_cert = </etc/exim/certs/ctyme.com.crt ssl_key = </etc/exim/certs/ctyme.com.key ssl_ca = </etc/exim/certs/ca.crt local mail.ctyme.com { ? protocol imap { ??? ssl_cert =
2017 Dec 19
3
detect suspicious logins
does anyone know of a linux module (maybe similar to fail2ban) that could be installed which would monitor email logs (sign ins) and alert the user to any suspicious activity on their account? i suspect it would need to log geo location, device type and ip address to a database. it seems like a module like this would be very useful and should exist already? thanks in advance
2020 Apr 22
2
Recommendations on intrusion prevention/detection?
> On 22. Apr 2020, at 19.14, Michael Peddemors <michael at linuxmagic.com> wrote: > The three most common attack vectors, (and attack volumes have never been higher) are: > > * Sniffed unencrypted credentials > (Assume every home wifi router and CPE equipment are compromised ;) > * Re-used passwords where data is exposed from another site's breach > (Users WANT to
2013 Oct 22
4
Odd Feature Request - RBL blacklist lookup to prevent authentication
I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is available as a DNS blacklist. I'd like to have it work with both local IP lists or RBL lookup. The idea is so hackers from known IP addresses never succeed. If Dovecot provides the feature
2018 May 18
2
Disconnecting unauthenticated IMAP entities faster?
Hello, given the 2015 revision date, I was curious if anyone can confirm https://wiki2.dovecot.org/Timeouts is still accurate where the 'before login' IMAP timeout remains hard coded? We're having an issue where blocks of IP's from China and similar locations are crawling IP ranges trying common login credentials, and hanging the connections open in the process. We have clients
2020 Apr 22
1
Recommendations on intrusion prevention/detection?
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 22/04/2020 19:56 Benny Pedersen < <a href="mailto:me@junc.eu">me@junc.eu</a>> wrote: </div> <div> <br>
2019 Mar 06
2
how to enable PowerDNS/Weakforced with Fedora and sendmail
We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I
2019 Apr 12
2
Mail account brute force / harassment
On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: >> Which is why a dnsbl for dovecot is a good idea. I do not believe the >> agents behind these login attempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >>
2019 Apr 11
1
Mail account brute force / harassment
> Am 11.04.2019 um 12:43 schrieb Marc Roos via dovecot <dovecot at dovecot.org>: > > Please do not assume anything other than what is written, it is a > hypothetical situation > > > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you > - it will continue bothering other servers and admins > - you get the
2006 Jun 06
8
Using MySQL to store email?
So Timo, Have you considered the idea of storing all the email in a MySQL database? Seems to me that MySQL could somplify all the backend stuff that everyone struggles with and with replication one could create very massive and reliable systems. What would it take to use MySQL that way?
2019 Apr 11
5
Mail account brute force / harassment
On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot <dovecot at dovecot.org> wrote: > > > Say for instance you have some one trying to constantly access an > account > > > Has any of you made something creative like this: > > * configure that account to allow to login with any password > * link that account to something like /dev/zero that generates infinite
2016 Jun 27
2
Suggestion: Split login_trusted_networks
Hi, For the upcoming 2.3 development, I'd like to re-suggest this: It seems the use of login_trusted_networks is overloaded. Example: * It's used for indicating which hosts you trust to provide XCLIENT remote IP's. (like a proxy) * It's used for indicating from which hosts you trust logins enough to disable auth penalty. (like in a webmail) Often these two uses cases have a
2017 Jun 30
2
Auth Policy Server
I've made a preliminary auth policy server in Perl - and it sort of works (mostly) - but I've got some questions on "proper" implementation. It appears the communication is HTTP based - is the intent to talk to a "proper" webserver, or is a simple dedicated daemon appropriate (which is what I made)? Should connections be maintained, or terminated after each
2018 Mar 30
1
mail_max_userip_connections from userdb query
Hello. Is still true that mail_max_userip_connections cannot be overriden in userdb query? Want lower global and raise for some logins. https://www.dovecot.org/pipermail/dovecot/2017-July/108520.html -- Arkadiusz Mi?kiewicz, arekm / ( maven.pl | pld-linux.org )
2019 Apr 11
5
Mail account brute force / harassment
On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those
2017 Oct 20
2
Post-login scripting
No, it's entirely my own. If all you want to do is write client IP addresses to a database then your script will probably fit in 20 lines of code or so. On 10/20/2017 05:04 PM, j.emerlik wrote: > Which one policy server are you using ? > Someone from that list : http://www.postfix.org/addon.html > > 2017-10-20 16:53 GMT+02:00 Gedalya <gedalya at gedalya.net>: > >>
2017 Oct 16
2
Filtering by country
Is it possible to filter out logins by country (I would like to limit dovecot instance users to log in only from specific countries)??? Anvar?Kuchkartaev? anvar at anvartay.com?
2007 May 13
10
Thinking Outside the Box - Extending IMAP
Here's some thoughts I'd like to throw out there. I know it's not standard IMAP protocol but someone has to try new ideas first and I want to see what people (Timo) think of this. IMAP establishes a connection between the client and the server. Wouldn't it be great if it could be a conduit to let custom Thunderbird plugins talk to custom server application over the IMAP