similar to: Delay on failed pw attempts

Hi, Certain IMAP folder problems started popping up with Squirrelmail with the 1.1beta10 version of Dovecot (and possibly earlier versions). Looked into it and I am seeing odd behavior with the LIST command. Here is how to reproduce problem, unless I'm missing something obvious: a001 login dean <password> a001 OK Logged in. a002 list "" * * LIST (\NoInferiors \UnMarked)

Hi, I am getting a lot of warnings since upgrading to 1.1rc10 (from rc4): mbox /home2/seta/Mail/Sent: Can't find next message offset for uid=12 Almost always, it is the Sent or Trash folders that are giving these. Users aren't experiencing any problems, but the errors continue to come. Is this something I should be concerned about? Here is output of "dovecot -n": #

Hi, Installed Dovecot 1.1.3 today and started receiving panic errors on a few of our users: dovecot: [ID 107833 mail.crit] Panic: IMAP(xx): file mail-index-transaction-view.c: line 204: unreached When I upgraded, I deleted all of our users index files so it started with a clean slate. We are running mbox format over NFS with fsquota plugin on Solaris 8. Here is output of dovecot -n:

Hi, Looks like there are still some Solaris rmdir() warnings being logged to syslog in 1.1.rc1 in nfs_flush_file_handle_cache_dir(): Feb 23 13:09:51 sx3 dovecot: [ID 107833 mail.error] IMAP(ran04): \ nfs_flush_file_handle_cache_dir: rmdir(/var/mail) failed: Device busy Manual for rmdir on Solaris states: EBUSY The directory to be removed is the mount point for a mounted

Hi, I'm still running into consistent crashing when moving files between folders when dirsize quotas are enabled. This is running Dovecot1.0rc19. Please let me know if I'm posting this to the wrong list. Here is the gdb backtrace: #0 0x377fc in mbox_file_seek (mbox=0xc8560, view=0xc94c0, seq=1, deleted_r=0xffbef157) at mbox-file.c:167 167 if (data == NULL) { (gdb) bt

Hi, I've been trying to get dirsize quotas to work properly with 1.0rc19 and Dovecot consistently crashes when attempting to do file copies once a user is over quota. Dovecot works fine for us for regular mbox based IMAP, but as soon as I add the following two entries in their respective locations in dovecot.conf: mail_plugins = quota imap_quota (in the imap{} section) quota =

Hi, We are still getting, on a daily basis, users who cannot move messages to Trash or expunge Trash due to these errors: Mar 28 10:43:57 tm2 dovecot: [ID 107833 mail.error] IMAP(kss021): mbox sync: UID inserted in the middle of mailbox /home/kss021/Mail/Trash (3137 > 536, seq=2, idx_msgs=76) Our users have no other access to their mailbox other than Dovecot, and we are using mbox

hi All, I happened to login to one of my servers today and saw 96000 failed login attempts. shown below is the address its coming from. I added it to my firewall to drop. Failed password for root from 123.183.209.135 port 14299 ssh2 FYI - others might be seeing it also. Jerry

Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed "iptables-block.sh" and distribute it to any

There's an article on slashdot about the Duqu team wiping all their intermediary c&c servers on 20 Oct. Interestingly, the report says that they were all (?) not only linux, but CentOS. There's a suggestion of a zero-day exploit in openssh-4.3, but both the original article, and Kaspersky labs (who have a *very* interesting post of the story) consider that highly unlikely, and the

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta11.tar.gz http://dovecot.org/releases/1.1/beta/dovecot-1.1.beta11.tar.gz.sig This one should be the last beta release before the first v1.1 release candidate. I'll try to stay away from this list and Dovecot in general for the next 1,5 weeks. I've several exams coming up and I should have started studying for them days ago already.. :)

And if you're really security conscious consider using port knocking (knock server - amazingly easy to set up. Or use fwknop, a little more difficult to set up but not much. Finally, for the hard core who really like pain - write the iptables rules yourself). ----- Original Message ----- From: "Pete Biggs" <pete at biggs.org.uk> To: "centos" <centos at

dovecot version: 1.0.13 (RPM from http://atrpms.net/) protocol: IMAP dovecot -n: # 1.0.13: /etc/dovecot.conf log_path: /var/log/dovecot/dovecot.log listen: *removed* ssl_cert_file: /etc/pki/dovecot/certs/dovecot.pem ssl_key_file: /etc/pki/dovecot/private/dovecot.pem login_dir: /usr/local/var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login mail_privileged_group: mail

I feel like I'm going totally crazy. Is it just me, or have embedded From_ lines really been breaking mbox messages since (at least) dovecot 1.0? I found a whole lot of broken messages in an old mailbox of mine and when I looked closer at it, it seemed like Dovecot was ignoring the Content-Length header and truncating the messages at the first embedded From_ line instead. Figuring

http://dovecot.org/releases/1.1/dovecot-1.1.8.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.8.tar.gz.sig Most importantly mbox bugfixes. v1.1 should finally be as stable with mboxes as it was with v1.0. Hopefully we'll also soon have the first v1.2 beta release and the final v1.2.0 somewhat soon after that. - mbox: Several bugfixes. Fixes "next message unexpectedly lost"

http://dovecot.org/releases/1.1/dovecot-1.1.8.tar.gz http://dovecot.org/releases/1.1/dovecot-1.1.8.tar.gz.sig Most importantly mbox bugfixes. v1.1 should finally be as stable with mboxes as it was with v1.0. Hopefully we'll also soon have the first v1.2 beta release and the final v1.2.0 somewhat soon after that. - mbox: Several bugfixes. Fixes "next message unexpectedly lost"

Hi Everyone, Before I begin, I'd just like to mention: I love dovecot. Thank you :) Anyway, today I had 8000 login attempts to my dovecot server in an hour before blocking the IP with my firewall. After googling, I didn't see very much discussion on the topic. There was some mention of blocksshd which was supposed to support dovecot in the next release (but doesn't appear to) and

This is a small 12 line system, internal extensions 150 - 180. I didn't have a phone on 151. Here's the sip.conf stanza: ;;[151] ;;type=friend ;;context=longdistance ;;callerid="Conf Room" <151> ;;secret=0000 ;;host=dynamic ;;qualify=yes ;;dtmfmode=rfc2833 ;;allow=all ;;defaultuser=151 ;;nat=yes ;;canreinvite=no There's no DISA. And then somehow (how???) ip address

Jorge Bastos <mysql.jorge at decimal.pt> wrote: > What do you see in the logs? > My guess is that someone is trying a brute force auth against you, Thanks Jorge, I think this is the answer. I'm using dovecot for exim4 SMTP authentication. The exim4 logs show brute force attacks. -- Edward.