similar to: weakforced: Possible to access the ip address of report/allow?

Hi Neil thanks for the hint with the dovecot config, adding this and I can see that > ... attrs={local_ip="XX.XX.XX.XX"} ... is now logged by wforce daemon. Then I tried to access that value from wforce with the following testcode > if (#lt.attrs > 0) > then > return 7, "ip_local", "ip_local", { test=test } > end but even if attrs are set

Hi Tobi, This looks like you haven?t included the libmaxmind libraries before running configure. GeoIP support is only compiled in if it finds the right libs. This would be libmaxminddb-dev on Ubuntu for example. Neil >> Hi list >> >> hope it's okay to ask weakforced questions here as well, but I could not >> find a dedicated mailinglist for wforce. >>

Hi Tobi, it should just work, but depends on the OS version. ./configure ?help tells you all the configure options, including: --with-maxminddb-includedir path to maxminddb include directory [default=auto] --with-maxminddb-libdir path to maxminddb library directory [default=auto] Neil > On 14 May 2019, at 17:44, Tobi via dovecot <dovecot at dovecot.org>

Hello, I would like to host my mails and I would like to retrieve my existing mailbox content from my ISP My ISP ====== I don't have root access on the server The server seem to use Dovecot according to the banner. My machine ========== I have root access on the server I use Dovecot 2.2.21 I use Maildir I read this page multiple times but it's not clear to me

I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =

So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong? Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed curl -X POST -H "Content-Type: application/json" --data '{"login?:?ouruser?, "remote":

From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g. By default in 2.3.1 this looks like: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s But you can add additional parameters: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip}

Hi list I'm trying to setup dovecot 2.2.36 on a Centos6 to communicate with a wforce daemon on the remote side. wforce is latest released from git repo. Daemon part is working and I can successfully send queries from remote systems to wforce via curl For dovecot I configured in /etc/dovecot/conf.d/95-wforce.conf > auth_policy_server_url = http://REMOTE_IP:8084/ >

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I

Hi Neil according to yum list installed I have > libmaxminddb-devel.x86_64 1.2.0-1.el7 @epel but I checked the saved output from my former ./configure command and found > checking for GEOIP... no but even running a new autoreconf -i and ./configure after a make clean it still shows that GEOIP is not found. Does the lib has to explicitly specified as argument

> > You are running some kind of proxy in front of it. No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail. > If you want it to show real client IP, you need to enable forwarding of > said data. With dovecot it's done by setting > > login_trusted_networks = your-upstream-host-or-net > > in backend config file. > OK I changed it and

Hi Aki, I've configured in this way: vm-weakforced:~# printf 'wforce:super' | base64 d2ZvcmNlOnN1cGVy vm-weakforced:~# cat /etc/dovecot/conf.d/95-policy.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = some random string auth_policy_server_api_header = "Authorization: Basic d2ZvcmNlOnN1cGVy With the same result... > WforceWebserver: HTTP

> > > On 12 April 2019 21:45 Robert Kudyba via dovecot <dovecot at dovecot.org> > wrote: > > > > > > > You are running some kind of proxy in front of it. > > > > No proxy. Just sendmail with users using emacs/Rmail or > Webmail/Squirrelmail. > > > > > If you want it to show real client IP, you need to enable forwarding > of

Is there explicit documentation available for the (probably trivial) configuration needed for Dovecot and Wforce? I'm probably missing something that should be perfectly obvious... Wforce appears to start without errors. I added a file to dovecot's conf.d: 95-policy.conf: auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = this_is_my_super_secret_something

Hi, I'm trying to set Weakforced with Dovecot and I cannot log in policy server. This is the config: /root/weakforced/wforce/wforce.conf ----------------------------------- ... webserver("0.0.0.0:8084", "super") ... /etc/dovecot/conf.d/95-policy.conf ---------------------------------- auth_policy_server_url = http://localhost:8084/ #auth_policy_hash_nonce = wforce:super

wforce is the username always. auth_policy_hash_nonce should be set to a pseudorandom value that is shared by your server(s). Weakforced does not need it for anything. auth_policy_server_api_header should be set to Authorization: Basic <echo -n wforce:our_password | base64> without the < >. Aki On 6.3.2019 20.42, Robert Kudyba via dovecot wrote: > I took suggestions

> > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > > > >

dovecot-2.3.3-1.fc29.x86_64 Mar 28 10:04:47 auth: Panic: file http-client-request.c: line 283 (http_client_request_unref): assertion failed: (req->refcount > 0) Mar 28 10:04:47 auth: Error: Raw backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xe34fb) [0x7fe76e0834fb] -> /usr/lib64/dovecot/libdovecot.so.0(+0xe3597) [0x7fe76e083597] -> /usr/lib64/dovecot/libdovecot.so.0(+0x51207)

In weakforced you have webserver("0.0.0.0:8084", "THIS-IS-THE-PASSWORD-FOR-WFORCE") Thus, you make the base64 blob as ~$ echo -n wforce:THIS-IS-THE-PASSWORD-FOR-WFORCE | base64 d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U= And in dovecot you put auth_policy_server_api_header = Authorization Basic d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U Aki > On 7

On 28.3.2019 22.34, Robert Kudyba via dovecot wrote: >>>>> Set >>>>> >>>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate? >>>> >>>> Can this be the Lets Encrypt cert that we already have? In other >>>> words we have: >>>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem