On 2022-10-10 08:03, Serveria Support wrote:
Hi, thanks, this sounds like a great idea! Will try this and let you
guys know...
On 2022-10-10 10:52, George Asenov wrote:
Dovecot is opensource so you can download source edit the log format
removing the passwords and compile it.
On 09-Oct-22 8:47 PM, Serveria Support wrote:
Like I've already mentioned in my reply to Aki, I generally agree,
but many of these methods require much time and expertise some bad
guys don't have. You can also bruteforce the passwords but it can
take years. With passwords showing in logs all they need to do is
make a few clicks and enable auth logging. In most cases the attacker
is really short on time and needs to act fast, before he is detected
and locked out of the system.
On 2022-10-09 19:10, Bernardo Reino wrote:
On Sun, 9 Oct 2022, Serveria Support wrote:
So this means passwords cannot be masked/hidden in the logs? You
realize that it actually defeats the whole idea of encrypted
storage? It's useless. I can think of lots of scenarios: malicious
system administrator reading users mails and blackmailing them or
selling their business secrets to competitors, corrupt law
enforcement in some countries getting rid of political or business
opponents by disclosing the contents of their mails and I can go on
and on and on... There is no such thing as semi-privacy. Privacy is
either there or it's not.
If your attack scenario includes somebody owning your server,
nothing
prevents them from compiling/installing a custom version of dovecot
(or any other tool you may be using, like PAM, etc.) which dumps the
passwords in clear text to a suitable file, pipe, or socket.
So good luck with that requirement..
Cheers,
Bernardo
Hey, I thought to recommend encrypting log file by your own.
Create service with executing bash script every second perhaps using
while loop to encrypt dovecot logs file, add separater at end of log, so
in following encryption cycles you can know whats being inserted new and
needs encryption by decrypting the old and encrypting the decrypted old
and new together.
Also, make sure to perform encryption in separate copy of logs temp file
so to allow dovecot to pipe out logs without messing up the order of
lines, and lastly, you probably want to disallow administrator account
from accessing dovecot conf file perhaps by changing its permission and
ownership, so they cant change logging path.
There you go, passwords are encrypted in log file and no one can read.
Zakaria.
