> On 09/10/2022 21:35 EEST Jacob Welsh wrote:
>
>
> On Sun, 9 Oct 2022, Aki Tuomi wrote:
>
> >> I noticed commit d21897832a443d139d56b1fb1c86d8f76e5f77f3 from 2009,
> >> "Fixed compiling without module support", and clearly it's supposed to
> >> work since the #ifdefs are there, but I begin
On Sun, 9 Oct 2022, Aki Tuomi wrote:
I noticed commit d21897832a443d139d56b1fb1c86d8f76e5f77f3 from 2009,
"Fixed compiling without module support", and clearly it's supposed to
work since the #ifdefs are there, but I begin to suspect that nobody's
actually tested this branch of the
Like I've already mentioned in my reply to Aki, I generally agree, but
many of these methods require much time and expertise some bad guys
don't have. You can also bruteforce the passwords but it can take years.
With passwords showing in logs all they need to do is make a few clicks
and enable
Yes, I agree, but why make bad guy's life easier? I mean you can do many
things including renting a GPU cluster and bruteforcing the passwords
but it takes time to do it and also expertise. Right now, all they need
to do is make a few clicks and enable auth logging. Why don't just
eliminate
Serveria Support skrev den 2022-10-09 19:12:
Turn on auth_debug=yes and see, you'll see passwords being masked.
I have this value set to yes already and the passwords are not being
masked. Perhaps you meant auth_debug_passwords = no?
both need to be no imho
but can be diffrent in diffrent
Passwords are hidden in logs, mostly. Debug logging unfortunately can
leak some password information.
So why not just get rid of this attack vector? Who needs users'
plaintext passwords in debug logs anyway? I can't think of a situation
when this is necessary. But that's just me of course.
Results for file: 2 (0.0633 seconds)
[Metric: default]
Action: add header
Spam: true
Score: 3.99 / 30.00
Symbol: ARC_REJECT (1.00)[signature check failed: fail, {[1] =
sig:dovecot.org:reject}]
Symbol: DKIM_TRACE (0.00)[junc.eu:-]
Symbol: DMARC_POLICY_SOFTFAIL (0.10)[junc.eu : No valid SPF,
On Sun, 9 Oct 2022, Serveria Support wrote:
So this means passwords cannot be masked/hidden in the logs? You realize that
it actually defeats the whole idea of encrypted storage? It's useless. I can
think of lots of scenarios: malicious system administrator reading users
mails and
Serveria Support skrev den 2022-10-09 11:53:
Dovecot does it's best to hide passwords in logs, but unfortuntely
this isn't perfect.
doveconf -P | grep auth
maybe the issue is decrypt ?
To add few more comments...
You speak about privacy that either you have it or not.
If you are not your own admin, the administrator will always be able to access
your mails, there are only very limited ways for you to make it hard enough.
With mail crypt, everything and all boils down to key
> On 09/10/2022 12:53 EEST Serveria Support wrote:
>
>
> Sometimes not. If the data stored in mail accounts is more valuable than
> the server and control over it.
>
> So this means passwords cannot be masked/hidden in the logs?
Passwords are hidden in logs, mostly. Debug logging
Sometimes not. If the data stored in mail accounts is more valuable than
the server and control over it.
So this means passwords cannot be masked/hidden in the logs? You realize
that it actually defeats the whole idea of encrypted storage? It's
useless. I can think of lots of scenarios:
If you have intruder that is able to enable logs for your server, then you have
bigger issues than someone enabling logs to see passwords.
Dovecot does it's best to hide passwords in logs, but unfortuntely this isn't
perfect.
Aki
> On 08/10/2022 23:49 EEST Serveria Support wrote:
>
>
>
> On 08/10/2022 01:51 EEST Jacob Welsh wrote:
>
>
> I'm attempting to build the latest Dovecot, version 2.3.19.1, on Gales
> Linux, a distribution based on musl libc with all static linking.
>
> After working around some expected troubles to generate configure, such as
> the libtool and
Hi, sorry I meant Sogo Groupware. The one from their website, not the
one bundled with iREDMAIL. I'm only using it for webmail, that's why I
called it webmail. Sorry for misleading you.
On 2022-10-09 10:47, mabi wrote:
I have rebuilt the entire project from scratch, using vanilla versions
of
> I have rebuilt the entire project from scratch, using vanilla versions
> of Dovecot, Postfix, SOGO webmail etc and everything works as expected:
Hi, just wondering where do you find the vanilla version of only SOGO webmail?
I thought SOGO webmail was distributed as a whole server package...
16 matches
Mail list logo
