similar to: auth_policy in a non-authenticating proxy chain

Hi ... After the below thread, I wrote a patch to select on a node-by-node basis which auth-policy request should be done from that node. To my surprise the exact same functionality then turned up in 2.2.34 with just slightly different option names:* * *auth_policy_check_before_auth*: Whether to do policy lookup before authentication is started *auth_policy_check_after_auth*: Whether to do

> On 14 Dec 2017, at 8.30, Peter Mogensen <apm at one.com> wrote: > However... since the proxy use "nopassword", ALL passdb lookups result > in "success", so the proxy will never report an authentication failure > to the authpolicy server. Why not authenticate the sessions at the proxy level already? Is there any reason not to do that? Sami

On 09/15/2018 10:41 AM, Aki Tuomi wrote: > Point of sending the success ones is to maintain whitelist as well as > blacklist so you know which ones you should not tarpit anymore. We > know it does scale as we have very large deployments using the whole > three request per login model. > > "Success" in a proxy which is not it self authenticating is only whether it know

My auth process is dumping core. This happens several times per day but dovecot can operate normally for hours between errors. The crash occurs in src/auth/auth-policy.c, line 356: t at 1 (l at 1) program terminated by signal SEGV (no mapping at the fault address) Current function is auth_policy_parse_response 356 context->request->policy_refusal = FALSE;

I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =

So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong? Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed curl -X POST -H "Content-Type: application/json" --data '{"login?:?ouruser?, "remote":

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I

Hi, I can see dovecot is doing a passdb query when handling the LMTP RCPT command. That's kinda unexpected for me. I would have thought it only did a userdb lookup. I have disabled lmtp_proxy to be sure it didn't do a passdb lookup to check the proxy field. Is this expected? Doesn't the LDA only do userdb lookups? /Peter

Hi, >> My target supports only f64 at the moment. >> Question: How can I tell LLVM that float is the same as double on my >> target? May be by assigning the same register class to both MVT::f32 ?> and MVT::f64? >Just don't assign a register class for the f32 type. This is what the >X86 backend does when it is in "floating point stack mode". This will

> > That is a reasonable way to do it. Another reasonable way would be > > to lower them in the instruction selector itself though the use of > > custom expanders. In practice, using instructions with "call foo" > in > them instead of lowering to calls may be simpler. > > Hmm, let me see. Just to check that I understand your proposal > correctly:

On 9/2/19 3:03 PM, Sami Ketola wrote: >> On 2 Sep 2019, at 15.25, Peter Mogensen via dovecot <dovecot at dovecot.org> wrote: ... >> Is there anyway for dsync to avoid moving Gigabytes of data for could >> just be "moved" by moving the mount? > > > Not tested but you can probably do something like this in the target server: > > doveadm backup -u

On Thursday 17 of November 2016, Aki Tuomi wrote: > On 17.11.2016 10:14, Arkadiusz Mi?kiewicz wrote: > > Hello. > > > > dovecot 2.2.26.0 > > > > When testing nopassword extra field > > (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 > > dovecot doesn't allow any password (while it should) and returns > > > >

> On 25/08/2020 14:35 Robert Nowotny <rnowotny at rotek.at> wrote: > > > I get ZLIB Errors after dovecot upgrade from 2.3.10.1 to 2.3.11.3 > > > Aug 21 15:27:34 lxc-imap dovecot: imap(acsida)<63870><jZk...>: Error: Mailbox Sent: UID=40826: read(zlib(/home/vmail/virtualmailboxes/acsida/storage/m.2409)) failed:

Hi, My IMAP backend server is lacking SSO authentication, so I am trying to set up Dovecot in front of it as an authenticating proxy. Fortunately, my backend server provides a way to ignore the password provided and will simply trust the username given to be authenticated, using plain login authentication. I'm struggling with setting this up, as it seems to me that as soon as I enable

Hi, I'm now ready to implement the FP support for my embedded target. My target supports only f64 at the moment. Question: How can I tell LLVM that float is the same as double on my target? May be by assigning the same register class to both MVT::f32 and MVT::f64? But FP is supported only in the emulated mode, because the target does not have any hardware support for FP. Therefore each FP

Hi, We are trying to implement a highly secure mail server with user authentication restricted to SSL certificates only (not using passwords at all). Still, user information is stored in a LDAP directory. In this configuration LDAP is used to check whether the user is registered (and probably supply quota and other info), and actual authentication is done by SSL layer. According to wiki, a

Hello. dovecot 2.2.26.0 When testing nopassword extra field (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields) with CRAM-MD5 dovecot doesn't allow any password (while it should) and returns " Authentication failed" while in logs: Nov 17 08:22:34 auth-worker(1551): Info: sql(pepe,127.0.0.1,<Y8amDXpBptV/AAAB>): Requested CRAM-MD5 scheme, but we have a NULL password

On Mon, 9 Oct 2006, Roman Levenstein wrote: > I'm now ready to implement the FP support for my embedded target. cool. > My target supports only f64 at the moment. > Question: How can I tell LLVM that float is the same as double on my > target? May be by assigning the same register class to both MVT::f32 > and MVT::f64? Just don't assign a register class for the f32 type.

I am in troubles with compiling sieve scripts larger than 1MB. I see in logs following errors: Aug 19 13:10:26 mail dovecot: lmtp(z.z at xxx.xxx)<22117><uNBGHKIIPV9lVgAA5ldI4A>: Error: sieve: autoreply: line 16818: quoted string started at line 3 is too long (longer than 1048576 bytes) Aug 19 13:10:26 mail dovecot: lmtp(z.z at xxx.xxx)<22117><uNBGHKIIPV9lVgAA5ldI4A>:

Hi! I have a few questions regarding Dovecot proxy: 1. 1.1 If I understand correctly, setting 'nopassword' in the proxy passdb file, authentication is completely up to the destination host. Setting 'nopassword' in no way means the proxy becomes an open relay. Is this correct? 1.2 Are there any security implications when using 'nopassword' on the proxy? 2. 2.1 I would