similar to: Mail account brute force / harassment

> Am 11.04.2019 um 12:43 schrieb Marc Roos via dovecot <dovecot at dovecot.org>: > > Please do not assume anything other than what is written, it is a > hypothetical situation > > > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you > - it will continue bothering other servers and admins > - you get the

On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot <dovecot at dovecot.org> wrote: > > > Say for instance you have some one trying to constantly access an > account > > > Has any of you made something creative like this: > > * configure that account to allow to login with any password > * link that account to something like /dev/zero that generates infinite

All your approaches are not well thought out. The best solutions are always the simplest ones. KISS principle dictates so. On Thu, 11 Apr 2019 at 15:01, Marc Roos <M.Roos at f1-outsourcing.eu> wrote: > > How long have we been using the current strategy? Do we have less or > more abuse clouds operating? > > "Let the others bother with their own problems." is a bit

Please do not assume anything other than what is written, it is a hypothetical situation A. With the fail2ban solution - you 'solve' that the current ip is not able to access you - it will continue bothering other servers and admins - you get the next abuse host to give a try. B. With 500GB dump - the owner of the attacking server (probably hacked) will notice it will be

Say for instance you have some one trying to constantly access an account Has any of you made something creative like this: * configure that account to allow to login with any password * link that account to something like /dev/zero that generates infinite amount of messages (maybe send an archive of virusses?) * transferring TB's of data to this harassing client. I think it would be

On 11 Apr 2019, at 04:43, Marc Roos via dovecot <dovecot at dovecot.org> wrote: > B. With 500GB dump > - the owner of the attacking server (probably hacked) will notice it > will be forced to take action. Unlikely. What is very likely is that your ISP shuts you don for network abuse. > If abuse clouds are smart (most are) they would notice that attacking my > servers, will

On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the fail2ban solution > - you 'solve' that the current ip is not able to access you It is only a solution if there are subsequent attempts from the same address. I currently have several thousand addresses blocked due to dovecot login failures. My firewall is set to log these so I can see that few repeat, those

Yes indeed, we have already own dnsbl's for smtp and ssh/ftp access. How do you have one setup for dovecot connections? -----Original Message----- From: James via dovecot [mailto:dovecot at dovecot.org] Sent: donderdag 11 april 2019 13:25 To: dovecot at dovecot.org Subject: Re: Mail account brute force / harassment On 11/04/2019 11:43, Marc Roos via dovecot wrote: > A. With the

On Fri, 16 Oct 2020 at 13:15, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > On 16/10/2020 13:11 Odhiambo Washington <odhiambo at gmail.com> wrote: > > > > > > > > > > > > On Fri, 16 Oct 2020 at 08:19, Aki Tuomi <aki.tuomi at open-xchange.com> > wrote: > > > > On 15/10/2020 18:14 Odhiambo Washington <odhiambo

On Fri, 16 Oct 2020 at 08:19, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > On 15/10/2020 18:14 Odhiambo Washington <odhiambo at gmail.com> wrote: > > > > > > Here is what I see on the error.log: > > > > Oct 15 17:37:58 imap(technical at mydomain.name)<62260><9ucgmLax7s3F6FH2>: > Error: Mailbox INBOX: Cache /var/spool/virtual/

> On 19/10/2020 09:16 Odhiambo Washington <odhiambo at gmail.com> wrote: > > > Bump! > > > On Fri, 16 Oct 2020 at 13:26, Odhiambo Washington <odhiambo at gmail.com> wrote: > > > > > > > > On Fri, 16 Oct 2020 at 13:15, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > > > On 16/10/2020 13:11

> On 19/10/2020 09:48 Odhiambo Washington <odhiambo at gmail.com> wrote: > > > > > > On Mon, 19 Oct 2020 at 09:27, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > > > > On 19/10/2020 09:16 Odhiambo Washington <odhiambo at gmail.com> wrote: > > > > > > > > > Bump! > > > > > > >

On 11.04.2019 13:25, James via dovecot wrote: > On 11/04/2019 11:43, Marc Roos via dovecot wrote: > >> A. With the fail2ban solution >> ?? - you 'solve' that the current ip is not able to access you > > It is only a solution if there are subsequent attempts from the same > address.? I currently have several thousand addresses blocked due to > dovecot login

On Mon, 17 Jun 2019 at 20:45, Aki Tuomi via dovecot <dovecot at dovecot.org> wrote: > > > On 17 June 2019 18:59 Odhiambo Washington via dovecot < > dovecot at dovecot.org> wrote: > > > > > > I'm using mdbox. > > > > What's the consequence of deleting dovecot.index.* from all folders? > > > > All mail gets lost or I can

On Thu, 20 Dec 2018 at 15:23, Aki Tuomi <aki.tuomi at open-xchange.com> wrote: > > On 20 December 2018 at 14:10 Odhiambo Washington < odhiambo at gmail.com> > wrote: > > > You've made this more difficult to understand, even :-) > > So the answer is: > Set the following in 10-auth.conf > > 1. disable_plaintext_auth = no > 2. auth_mechanisms =

On 22 January 2018 at 23:10, Matthias Fechner <idefix at fechner.net> wrote: > Dear Odhiambo, > > Am 22.01.2018 um 19:58 schrieb Odhiambo Washington: > > ...and I am still unable to successfully compile 2.3RC on FreeBSD 8.4 and > 9.3 > ....and my reports were ignored, so should I assume support for those has > been dropped? > > Support for FreeBSD 8.4 stopped

You might consider adding "stop;" after the fileinto, otherwise a second match might process the message again, moving it elsewhere, etc. Tom. On 10/30/2020 5:47 AM, Odhiambo Washington wrote: > > Answering to myself, > > The issue was as a result of a config parameter for SOGo: > > Changed > NGImap4ConnectionStringSeparator = "/"; > > to >

try with 2.2.33.1 ---Aki TuomiDovecot oy -------- Original message --------From: Odhiambo Washington <odhiambo at gmail.com> Date: 13/10/2017 10:42 (GMT+02:00) To: Dovecot Mailing List <dovecot at dovecot.org> Cc: dovecot-news at dovecot.org Subject: Re: v2.2.33 released On 10 October 2017 at 18:28, Timo Sirainen <tss at iki.fi> wrote: >

So is yours. Why not say what SHOULD be done? Since we were discussing logging, including only the lines about logging seem to be a reasonable response to the original open-ended question. ?Please include the complete output of ?dovecot -n?? would get your point across instead of just letting you be a snarky ass. On Mon, Mar 19, 2018 at 1:14 PM Odhiambo Washington <odhiambo at gmail.com>

Here is what I see on the error.log: Oct 15 17:37:58 imap(technical at mydomain.name)<62260><9ucgmLax7s3F6FH2>: Error: Mailbox INBOX: Cache /var/spool/virtual/ mydomain.name/technical/mdbox/mailboxes/INBOX/dbox-Mails/dovecot.index.cache: Deleting corrupted cache record uid=798: UID 798: Broken physical size in mailbox INBOX: read(/var/spool/virtual/