similar to: identify 143 vs 993 clients

Hi, On 25/05/2020 23:04, Voytek wrote: > jumping here with a question, if I use 143 with STARTTLS, and, force > TLS/SSL in configuration, that's equivalent from security POV, isn't > it? and, same for 110 STARTTLS? Or am I missing something? Interesting point, after some googling, I think you are right, and as long as we have set "disable_plaintext_auth = yes" (and we

> Le 29 mai 2020 ? 11:17, Stuart Henderson <stu at spacehopper.org> a ?crit : > > On 2020-05-26, mj <lists at merit.unu.edu> wrote: >> Hi, >> >> On 25/05/2020 23:04, Voytek wrote: >>> jumping here with a question, if I use 143 with STARTTLS, and, force >>> TLS/SSL in configuration, that's equivalent from security POV, isn't

On 29/05/20 11:27 pm, mj wrote: > Thanks to all who participated in the interesting discussion. > > It seems my initial thought might have been best after all, and > discontinuing port 143 might be the safest way proceed. Yes and no. Some of the attack vectors mentioned are not reasonable and it really depends on the client. Thunderbird, for example, used to have settings for

> On 25/05/2020 21:48 mj <lists at merit.unu.edu> wrote: > > > Hi, > > I am trying to find a nice way to identify dovecot clients that are > still configured to use port 143 to connect to our mailserver, from the > dovecot logs. > I would then ask them to move over to 993, and finally disable port 143 > altogether. > > When looking at the dovecot

Hi, I would like to ask how exactly the "password server =" smb.conf option works. The man pages say that the option is to "restrict Samba to to do all its username/password validation using a specific remote server" I know that we should normally leave it empty, to have samba auto-discover the DCs. But my question is: Suppose it's defined it like: > password

Hi, I would like to have two seperate imap listeners, with different authentication settings, but the mailstore and userbase etc will be identical. I know I can do this: > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imap2 { > port = 144 > } > } But I'm unsure how to configure imap/143 with "driver =

On 26 May 2020 4:48:51 AM AEST, mj <lists at merit.unu.edu> wrote: >I would then ask them to move over to 993, and finally disable port 143 >altogether. > jumping here with a question, if I use 143 with STARTTLS, and, force TLS/SSL in configuration, that's equivalent from security POV, isn't it? and, same for 110 STARTTLS? Or am I missing something? thanks, V -- Sent

Thanks to all who participated in the interesting discussion. It seems my initial thought might have been best after all, and discontinuing port 143 might be the safest way proceed. Thanks again, valuable insights! MJ On 5/29/20 11:48 AM, Jean-Daniel wrote: > > >> Le 29 mai 2020 ? 11:17, Stuart Henderson <stu at spacehopper.org >> <mailto:stu at

On 10/16/2017 11:13 AM, Rowland Penny via samba wrote: > On Mon, 16 Oct 2017 16:53:17 +0200 > mj via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> dbcheck tells us we have two "dangling forward links" that I am >> trying to get rid of. On my test domain, I have simply done >> >> ldbedit -e nano -H

https://technet.microsoft.com/en-us/magazine/jj631606.aspx goes through the steps I remember taking in a windows environment. As you can see step 2 is to install ADFS this is what would need emulated with some web server. So I will try and google ADFS on apache or nginx or linux. I'll let you know if I find anything interesting. On Mon, Jun 6, 2016 at 1:53 PM, Jeff Sadowski <jeff.sadowski

Hi, To make our AD more robust, I'd like to provide more than one dns forwarder, like for example: dns forwarder = 8.8.8.8 8.8.4.4 However, this seems to break dns resolution completely (and without logging errors in the logs!): # Host test.com not found: 3(NXDOMAIN) With only one forwarder things work: $ test.com has address 208.64.121.161 Am I really allowed to specify only one

On 2020-05-26, mj <lists at merit.unu.edu> wrote: > Hi, > > On 25/05/2020 23:04, Voytek wrote: >> jumping here with a question, if I use 143 with STARTTLS, and, force >> TLS/SSL in configuration, that's equivalent from security POV, isn't >> it? and, same for 110 STARTTLS? Or am I missing something? > Interesting point, after some googling, I think you

It's very difficult at least. I can't instantly think any sensible way forward, but you might be able to get somewhere using %a variable. Aki > On December 31, 2016 at 11:38 AM mj <lists at merit.unu.edu> wrote: > > > Hi, > > Does the lack of replies mean that what I'm asking is not possible? > > (or am I missing something SO obvious that nobody

Hi James, Thanks for the quick reply. On 10/09/2017 08:52 PM, lingpanda101 via samba wrote: > You should be able to fix the 'replPropertyMetaData' errors with; > > samba-tool dbcheck --cross-ncs --fix --yes > 'fix_replmetadata_unsorted_attid' Yep, worked great! Fixed all of those replPropertyMetaData errors! :-) > The highwatermark doesn't necessarily

Or. maybe it is the holidays and people actually have a life? On December 31, 2016 4:38:53 AM EST, mj <lists at merit.unu.edu> wrote: >Hi, > >Does the lack of replies mean that what I'm asking is not possible? > >(or am I missing something SO obvious that nobody bothers to point it >out..?) > >MJ > >On 12/29/2016 09:23 PM, mj wrote: >> Hi, >>

On 07/25/2017 07:54 AM, mj wrote: > Since we implemented country blocking, Please don't do that. Balkanizing the Internet doesn't really benefit anyone, and makes innovation a lot more difficult. Instead, take a look at the fail2ban scenarios in this thread, which solve the actual problem with a precision tool, instead of a hammer. Doug

Ho Mourik Thanks for your reply, any other attribute which we can duplicate? Br. Umar On Fri, Jan 23, 2015 at 1:47 PM, mourik jan heupink - merit < heupink at merit.unu.edu> wrote: > Hi, > > In AD, the attribute mail can only exist once. > > MJ > > On 01/23/2015 05:27 AM, Umar Draz wrote: > >> Hi All >> >> I am tying to create a user in SAMBA 4

On 03/21/2018 10:34 PM, @lbutlr wrote: > The question is does it allow remote users to login with no password? Yes, and the answer is: no. > If not, then the message ie nearly notification that login without a password is potentially possible. Yes, but a worrying one. That's why i decided to post here. > I have no idea why you would have nopassword=y set in the first place, so it

Hi all, I need to add a windows nt4 (sp6a) server to our samba-4.1.6 active directory. I installed nt4 as a 'stand alone server'. So far it doesn't work, I get: When selecting to 'create a computer account in the domain': - the machine account for this computer either does not exist or is inaccessible If I create a computer account manually, and do not check 'create a

None of my computers have a UID/GID and my GPO works fine. Add the line i suggested to the share, and setup your rights Gr. Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens mourik jan c > heupink > Verzonden: dinsdag 17 november 2015 18:55 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Permission Issues with