similar to: auth_policy in a non-authenticating proxy chain

Hi, I was looking into the new Authentication Policy feature: https://wiki2.dovecot.org/Authentication/Policy I had kinda hoped that I would be able to enfore this in a proxy running in front of several backends. This proxy does not authenticate. It use "nopassword". But I realize that the "succes" reported in the final authpolicy req. (command=report) is not what is

Hi ... After the below thread, I wrote a patch to select on a node-by-node basis which auth-policy request should be done from that node. To my surprise the exact same functionality then turned up in 2.2.34 with just slightly different option names:* * *auth_policy_check_before_auth*: Whether to do policy lookup before authentication is started *auth_policy_check_after_auth*: Whether to do

> On 14 Dec 2017, at 8.30, Peter Mogensen <apm at one.com> wrote: > However... since the proxy use "nopassword", ALL passdb lookups result > in "success", so the proxy will never report an authentication failure > to the authpolicy server. Why not authenticate the sessions at the proxy level already? Is there any reason not to do that? Sami

Has anyone been successful at using the TARPIT target in iptables under CentOS 4? I am using CentOS 4.3, fully updated with iptables-1.2.11-3.1.RHEL4 and kernel-2.6.9-34.107.plus.c4 Doing a locate on TARPIT returns: # locate TARPIT /lib/iptables/libipt_TARPIT.so This makes me think that the TARPIT target would be valid, however when I try to use it, I get the following reponse: # iptables

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 ------- Additional Comments From tools@die.net 2003-04-17 15:47 ------- Showing any ports open that are sent to it is the normal function of TARPIT target. The psd match will start routing all ports to it after it decides that an IP is portscanning, so this is the expected behavior. That being said, the psd match won't

*Christian Felsing wrote: * > Please consider to add server side private/public key encryption for incoming mails. > If client logs on, the password is used to unlock users server side private key. > If mail arrives from MTA or any other source, mail is encrypted with users public key. > Key pair should be located in LDAP or SQL server. PGP and S/MIME should be supported. >

Hi, I''ve been working the past 8 hrs combatting DDoS attacks on websites and dedicated servers I host for clients. They''re hitting one specific IP address, but coming from thousands of external IP addresses. I use: shorewall-4.0.10-3.noarch How can I tackle this? I''ve blocked many subnets in the blacklist file but it''s made very little difference. If

Hi, For the upcoming 2.3 development, I'd like to re-suggest this: It seems the use of login_trusted_networks is overloaded. Example: * It's used for indicating which hosts you trust to provide XCLIENT remote IP's. (like a proxy) * It's used for indicating from which hosts you trust logins enough to disable auth penalty. (like in a webmail) Often these two uses cases have a

I looked at the 1.3 whitelist documentation and realized that the ops example, while interesting in and of itself, did not do what I think a whitelist does. Back to symmetry, if a blacklist is a list of sites not allowed to connect in through the fire wall, maybe to a web server, for example, then a whitelist should be a list of machines that are allowed to access a service or services, again,

There is the mail_max_userip_connections setting, which helps for dealing with number of connections at any given time, but I'm looking for something that will help deal with users who configure their mail clients to connect too frequently. For example, I've seen users who configured their clients to check (IMAP) mail every 3 seconds. This is far too frequent and puts unnecessary load on

https://bugzilla.netfilter.org/show_bug.cgi?id=1097 Bug ID: 1097 Summary: TARPIT function does not work in ip6tables Product: netfilter/iptables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: ip6_tables (kernel) Assignee:

On 06/12/2015 12:18 PM, Jonathan Billings wrote: > On Sat, Jun 13, 2015 at 12:05:16PM -0600, jd1008 wrote: >> Mark, please be aware that noscript has also a whitelist >> that is not viewable by the user. >> The whitelist tab does NOT list the hidden white listed >> entries. > You mean the noscript.mandatory about:config entry? I looked at it on > my computer and

Dear Friend, I done configuration using RBLSMTPD with WHITELIST, but I don't know it is correct. Please check files below are corrects. Thanks Adriano === FILE WHITELIST.DOMINIO.RBL. ==== $ttl 900 whitelist.dominio.rbl. IN SOA host1.xxxxxx.com. root.xxxxx.com. ( 2006112002 ; serial; 3600 ; refresh period (1 hora); 900 ; retry time (15 minutos); 1800 ; expire tiem (30 minutos); 900 ;

On 06/12/2015 12:27 PM, Valeri Galtsev wrote: > On Sat, June 13, 2015 1:22 pm, jd1008 wrote: >> >> On 06/12/2015 12:18 PM, Jonathan Billings wrote: >>> On Sat, Jun 13, 2015 at 12:05:16PM -0600, jd1008 wrote: >>>> Mark, please be aware that noscript has also a whitelist >>>> that is not viewable by the user. >>>> The whitelist tab does NOT

Hello, On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not very useful. On such systems, /usr/lib64/* would need to be added to the pattern list. Although users can specify the -P option every time they launch ssh-agent, it might be nice to provide a means to specify a default whitelist at build-time. It's tempting to suggest that configure should automatically supply a

On 12/30/2016 02:40 AM, Damien Miller wrote: > On Wed, 28 Dec 2016, Iain Morgan wrote: > >> Hello, >> >> On RHEL 6/amd64, the stock value for DEFAULT_PKCS11_WHITELIST is not >> very useful. On such systems, /usr/lib64/* would need to be added to the >> pattern list. Although users can specify the -P option every time they >> launch ssh-agent, it might be

I have installed spamassassin, per the instructions on Scalix's wiki, and it is working, with some important caviats. So I asked for help on the spamassassin user list, and got some, but I think I am butting up against some Centos specific issues... This is what I am seeing in the maillog: Aug 17 14:39:59 z9m9z sendmail[13082]: l7HIdvGf013082: Milter add: header: X-Spam-Checker-Version:

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=78 Summary: -m psd -j TARPIT returns all ports open from nmap Product: iptables userspace Version: unspecified Platform: i386 OS/Version: RedHat Linux Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo:

On 06/12/2015 11:25 AM, m.roth at 5-cent.us wrote: > jd1008 wrote: >> On 06/12/2015 07:28 AM, g wrote: >>> On 06/10/2015 03:56 AM, Always Learning wrote: >>>> I displayed, as a web page, a list of search results created in PHP, >>>> from MySQL. >>> i am still using 24.8.0 and do not have to contend with all the >>> bugs introduced by moz

Hi, I am trying to use shorewall as a way for authenticated network access. I read about dynamic black lists, but is there a way to do dynamic white lists? I''ve looked through the doc, but couldn''t find it. Also, could someone please assist me on creating a rule so that all other failures (ie. the mac is not in the whitelist), requests get forwarded to a certain ip and port (so