similar to: auth_policy_server vs client_id and x-originating-ip

So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong? Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed curl -X POST -H "Content-Type: application/json" --data '{"login?:?ouruser?, "remote":

> > You are running some kind of proxy in front of it. No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail. > If you want it to show real client IP, you need to enable forwarding of > said data. With dovecot it's done by setting > > login_trusted_networks = your-upstream-host-or-net > > in backend config file. > OK I changed it and

I took suggestions from https://forge.puppet.com/fraenki/wforce to set these in /etc/dovecot/conf.d/95-auth.conf auth_policy_server_url = http://localhost:8084/ auth_policy_hash_nonce = our_password auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64" auth_policy_server_timeout_msecs = 2000 auth_policy_hash_mech = sha256 auth_policy_request_attributes =

Hi list I'm trying to setup dovecot 2.2.36 on a Centos6 to communicate with a wforce daemon on the remote side. wforce is latest released from git repo. Daemon part is working and I can successfully send queries from remote systems to wforce via curl For dovecot I configured in /etc/dovecot/conf.d/95-wforce.conf > auth_policy_server_url = http://REMOTE_IP:8084/ >

Hi Neil thanks for the hint with the dovecot config, adding this and I can see that > ... attrs={local_ip="XX.XX.XX.XX"} ... is now logged by wforce daemon. Then I tried to access that value from wforce with the following testcode > if (#lt.attrs > 0) > then > return 7, "ip_local", "ip_local", { test=test } > end but even if attrs are set

> > > On 12 April 2019 21:45 Robert Kudyba via dovecot <dovecot at dovecot.org> > wrote: > > > > > > > You are running some kind of proxy in front of it. > > > > No proxy. Just sendmail with users using emacs/Rmail or > Webmail/Squirrelmail. > > > > > If you want it to show real client IP, you need to enable forwarding > of

Hi I wonder if the information about the origin of report or allow can be accessed somehow. lt.remote gives the IP of the client trying to login but is there anything in lt which gives the ip of the system that connects to wforced? Thanks and have a good one -- tobi

From dovecot, you can add any additional attributes you like using the auth_policy_request_attributes configuration setting, e.g. By default in 2.3.1 this looks like: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s But you can add additional parameters: login=%{requested_username} pwhash=%{hashed_password} remote=%{rip}

In weakforced you have webserver("0.0.0.0:8084", "THIS-IS-THE-PASSWORD-FOR-WFORCE") Thus, you make the base64 blob as ~$ echo -n wforce:THIS-IS-THE-PASSWORD-FOR-WFORCE | base64 d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U= And in dovecot you put auth_policy_server_api_header = Authorization Basic d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U Aki > On 7

> > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > > > >

> On 12 April 2019 21:45 Robert Kudyba via dovecot <dovecot at dovecot.org> wrote: > > > > You are running some kind of proxy in front of it. > > No proxy. Just sendmail with users using emacs/Rmail or Webmail/Squirrelmail. > > > If you want it to show real client IP, you need to enable forwarding of said data. With dovecot it's done by setting > >

wforce is the username always. auth_policy_hash_nonce should be set to a pseudorandom value that is shared by your server(s). Weakforced does not need it for anything. auth_policy_server_api_header should be set to Authorization: Basic <echo -n wforce:our_password | base64> without the < >. Aki On 6.3.2019 20.42, Robert Kudyba via dovecot wrote: > I took suggestions

We have dovecot-1:2.3.3-1.fc29.x86_64 running on Fedora 29. I'd like to test wforce, from https://github.com/PowerDNS/weakforced. I see instructions at the Authentication policy support page, https://wiki2.dovecot.org/Authentication/Policy I see the Required Minimum Configuration: auth_policy_server_url = http://example.com:4001/ auth_policy_hash_nonce = localized_random_string But when I

Hello list A user reports failure to log in after password change. The client side error message indicates a lost or dropped connection by the server. A peek into the server logs reveales this: dovecot: imap(user at example.com)<53267><el0HoZGqHIdb0K2G>: Error: Failed to expand plugin setting plain_pass = 'asdf%?asdf': Unknown variable '%?' This looks a lot like a

> On 13 May 2019 18:54 Tobi via dovecot <dovecot at dovecot.org> wrote: > > > Hi list > > I'm trying to setup dovecot 2.2.36 on a Centos6 to communicate with a > wforce daemon on the remote side. wforce is latest released from git > repo. Daemon part is working and I can successfully send queries from > remote systems to wforce via curl > > For

Aha. Looks pretty cool, and it's really nice that it supports HTTP. On the other hand if I'm rate limiting the number of messages sent = number of times a client said RCPT TO, I guess it still has to be a postfix policy server? Anyway, thanks for pointing this out, I'm sure I'll use it :-) On 10/21/2017 02:16 PM, Aki Tuomi wrote: > Dovecot auth supports auth_policy_server

Hi, I used facebook connect in my application for login and registration process using authlogic + authlogic connect gem. It works good in local machine, but in server it shows the error message like this. { "error": { "type": "OAuthException", "message": "Missing client_id parameter." } } Pls provide some solution to fix

Hi experts. in the output of imapsync I found: Host2: found quota, presented in raw IMAP Sending: 7 GETQUOTAROOT INBOX Sent 22 bytes Read: * QUOTAROOT INBOX "User quota" * QUOTA "User quota" (STORAGE 420325 1953125) 7 OK Getquotaroot completed (0.001 + 0.000 secs). Host2: Quota current storage is 430412800 bytes. Limit is 2000000000 bytes. So

On 28.3.2019 22.34, Robert Kudyba via dovecot wrote: >>>>> Set >>>>> >>>>> ssl_client_ca_file=/path/to/cacert.pem to validate the certificate? >>>> >>>> Can this be the Lets Encrypt cert that we already have? In other >>>> words we have: >>>> ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

> On 25/08/2020 14:35 Robert Nowotny <rnowotny at rotek.at> wrote: > > > I get ZLIB Errors after dovecot upgrade from 2.3.10.1 to 2.3.11.3 > > > Aug 21 15:27:34 lxc-imap dovecot: imap(acsida)<63870><jZk...>: Error: Mailbox Sent: UID=40826: read(zlib(/home/vmail/virtualmailboxes/acsida/storage/m.2409)) failed: