It's working beautifully!
Is there any way to get it to log failed login attempts with the
user's IP address?
I'd like to setup fail2ban to stop dictionary attacks, however even
with debugging, the most I've been able to get it to say is:
Dec 5 12:11:30 machinename dovecot: auth: Debug:
On 5.12.2011, at 19.16, Terry Carmen wrote:
It's working beautifully!
Is there any way to get it to log failed login attempts with the user's IP
address?
auth_verbose=yes
I'd like to setup fail2ban to stop dictionary attacks, however even with
debugging, the most I've been able to get
I'll post a writeup on the wiki on monday.
I moved it to http://wiki2.dovecot.org/HowTo/ImapcProxy
Thanks!
I didn't realize I was in the wrong wiki.
Terry
- Message from Timo Sirainen t...@iki.fi -
Date: Mon, 5 Dec 2011 21:49:15 +0200
From: Timo Sirainen t...@iki.fi
Reply-To: Dovecot Mailing List dovecot@dovecot.org
Subject: Re: [Dovecot] MS Exchange IMAP Proxy (Logging Auth Failures?)
To: Terry Carmen te
Terry Carmen te...@cnysupport.com wrote on 5.12.2011 22:05:08:
...cut ...
Dec 5 15:30:05 it dovecot: auth: Debug: client out:
FAIL#0111#011user=username
The last line *almost* gets me enough for a fail2ban filter, but not
quite, since there's no IP address.
Is there something else I can turn
On 5.12.2011, at 23.05, Terry Carmen wrote:
The log looks like this:
..
All of the lines are debug level. Find the info log. doveadm log find
usually finds it for you.
- Message from Timo Sirainen t...@iki.fi -
Date: Mon, 5 Dec 2011 23:24:23 +0200
From: Timo Sirainen t...@iki.fi
Reply-To: Dovecot Mailing List dovecot@dovecot.org
Subject: Re: [Dovecot] MS Exchange IMAP Proxy (Logging Auth Failures?)
To: Terry Carmen te
On 6.12.2011, at 0.39, Terry Carmen wrote:
I checked lib-imap-client/imapc-connection.c and found where the
Authenticating as message comes from, but don't see anyplace where the
I believe I found the section of code that does the imapc authentication, but
don't see anyplace where auth
- Message from Timo Sirainen t...@iki.fi -
Date: Tue, 6 Dec 2011 00:48:02 +0200
From: Timo Sirainen t...@iki.fi
Subject: Re: [Dovecot] MS Exchange IMAP Proxy (Logging Auth Failures?)
To: Terry Carmen te...@cnysupport.com
Cc: dovecot@dovecot.org
On 6.12.2011, at 0.39
It's working!
I'll post a writeup on the wiki on monday.
The last problem was it seems to need a writable home directory for
mail_home even though all the mail is pass-through.This was included
in Timo's original config, although I had accidentally removed it.
In any case many thanks to
OK, I'm making headway. it didn't like the config because there were
no quotes around the Exchange server's FQDN, however when I added the
quotes, I got:
Dec 2 18:26:33 host dovecot: auth: Error:
imapc('exchangeserver.example.com':143):
dns_lookup('exchangeserver.example.com') failed:
On 3.12.2011, at 1.42, Terry Carmen wrote:
Dec 2 18:35:09 host dovecot: imap(myusername): Error: user myusername:
Couldn't drop privileges: User is missing UID (see mail_uid setting)
myusername is not a local user, but exists only on the exchange server. Any
thoughts?
You still need a
On 3.12.2011, at 1.42, Terry Carmen wrote:
Dec 2 18:35:09 host dovecot: imap(myusername): Error: user
myusername: Couldn't drop privileges: User is missing UID (see
mail_uid setting)
myusername is not a local user, but exists only on the exchange
server. Any thoughts?
You still need a
Terry Carmen te...@cnysupport.com (Mi 30 Nov 2011 21:36:46 CET):
useful in protecting Exchange (from this,
http://www.cvedetails.com/cve/CVE-2007-0221/ for example), or am I
barking up the wrong tree?
If Dovecot isn't helpful for this, can anybody point me to a better resource?
Some time
Thanks! I'll take a look.
Terry
- Message from Stan Hoeppner s...@hardwarefreak.com -
Date: Wed, 30 Nov 2011 22:44:35 -0600
From: Stan Hoeppner s...@hardwarefreak.com
Reply-To: s...@hardwarefreak.com
Subject: Re: [Dovecot] MS Exchange IMAP Proxy
To: dovecot
I need to make the IMAP interface of an Exchange 2000 server available
on the net, however I would like to give it a little protection, and
believe Dovecot's IMAP proxy might be appropriate.
Does anybody have a *really simple* config that would allow IMAP
pass-through to a single Exchange
On Wed, 30 Nov 2011 15:36:46 -0500
Terry Carmen articulated:
I need to make the IMAP interface of an Exchange 2000 server
available on the net, however I would like to give it a little
protection, and believe Dovecot's IMAP proxy might be appropriate.
Does anybody have a *really simple*
- Message from Jerry dovecot.u...@seibercom.net -
Date: Wed, 30 Nov 2011 17:14:06 -0500
From: Jerry dovecot.u...@seibercom.net
Reply-To: dovecot@dovecot.org
Subject: Re: [Dovecot] MS Exchange IMAP Proxy
To: dovecot@dovecot.org
On Wed, 30 Nov 2011 15:36:46 -0500
Terry
An Exchange 2000 server is ancient. I wouldn't waste time with it
unless there was no possible way to get an updated version; ie, Exchange
server 2010.
The client won't pay for an Exchange update just to support a handful of
external IMAP users.
It works perfectly well internally,
On 30.11.2011, at 22.36, Terry Carmen wrote:
Does Dovecot do any cleanup of the IMAP commands that would be useful in
protecting Exchange (from this, http://www.cvedetails.com/cve/CVE-2007-0221/
for example), or am I barking up the wrong tree?
v2.1 with imapc backend can be used to do this.
- Message from Timo Sirainen t...@iki.fi -
Date: Thu, 1 Dec 2011 04:47:30 +0200
From: Timo Sirainen t...@iki.fi
Subject: Re: [Dovecot] MS Exchange IMAP Proxy
To: Terry Carmen te...@cnysupport.com
Cc: dovecot@dovecot.org
On 30.11.2011, at 22.36, Terry Carmen wrote
If the client is inept enough to run Exchange 2000 for only a
handful of users, you're probably wasting your time attempting to
sanitize IMAP commands.
If your contract with them mandates that you secure their server,
you'll most likely have to replace their broken software.
There are
On 11/30/2011 2:36 PM, Terry Carmen wrote:
I need to make the IMAP interface of an Exchange 2000 server available
on the net, however I would like to give it a little protection, and
believe Dovecot's IMAP proxy might be appropriate.
Does anybody have a *really simple* config that would
23 matches
Mail list logo
