Re: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 22 Oct 2013, Marc Perkel wrote: I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is avail

Re: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

On 10/22/2013 10:27 PM, Robin wrote: > On 10/22/2013 3:22 PM, Noel Butler wrote: >> But I agree with you on the rest, since of those 500K IP's Marc claims >> to have I'd bet that 99% are hijacked innocent pc's/servers, and of >> them, >75% would likely be a one time usage. > > This accords with ou

Re: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

On 10/22/2013 3:22 PM, Noel Butler wrote: But I agree with you on the rest, since of those 500K IP's Marc claims to have I'd bet that 99% are hijacked innocent pc's/servers, and of them, >75% would likely be a one time usage. This accords with our own statistics. While it IS tempting to treat

Re: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

On 23/10/2013 05:45, Rick Romero wrote: IMHO, the problem with all out blocks on auth is the same as doing an all out block based on SPF - so many IPs are shared you can easily get false positives. Blocks using SPF will not be FP's, they will be by your internal decision, so will be a g

Re: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

22.10.2013 21:31, Marc Perkel: > I would like to have a list of IPs (hacker list) that I can do a lookup > on so that if anyone tries to authenticate to dovecot they always fail > if they are on my list. You could enable dovecot's tcpwrapper support for this. Kind Regards, Christian Schmidt --

Re: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

Quoting Marc Perkel : I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is available as a DNS blacklist. I'd like to have it work with both local

Re: [Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

Marc Perkel skrev den 2013-10-22 21:31: Anyone else interested in this? would you sell more ram later ? basicly you like to have fail2ban to a central server logging via syslog ? if yes create more rules to fail2ban and show it on a wiki

[Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list. I have the list - and the list is available as a DNS blacklist. I'd like to have it work with both local IP lists or RBL lookup

Re: [Dovecot] feature request: IMAP passdb prefetch

On 2.8.2013, at 18.20, Richard Platel wrote: > It'd be useful for us if the IMAP passdb could be used as a prefetch userdb. > > The remote IMAP server could respond with something like > > * OK key=value > * OK key=value > SEQ OK [CAPABILITY ...] Logged in. > > Or > > * OK > SEQ OK [CAPABILI

Re: [Dovecot] HTTP passdb (was: feature request: IMAP passdb prefetch)

(Cc'd to dovecot list anyway since other people might be interested) On 2.8.2013, at 18.34, Richard Platel wrote: >> Uh. Why not simply something completely different like HTTP-based passdb? > > I can't find info for HTTP on the wiki, can we set that up as a success/fail > passdb? We do our o

[Dovecot] feature request: IMAP passdb prefetch

> On 2.8.2013, at 18.20, Richard Platel wrote: > >> It'd be useful for us if the IMAP passdb could be used as a prefetch userdb. >> >> The remote IMAP server could respond with something like >> >> * OK key=value >> * OK key=value >> SEQ OK [CAPABILITY ...] Logged in. >> >> Or >> >> * OK >>

[Dovecot] feature request: IMAP passdb prefetch

It'd be useful for us if the IMAP passdb could be used as a prefetch userdb. The remote IMAP server could respond with something like * OK key=value * OK key=value SEQ OK [CAPABILITY ...] Logged in. Or * OK SEQ OK [CAPABILITY ...] Logged in. Would anyone else find this useful?

[Dovecot] feature request: pipe for custom quota dict queries

Just a followup to my previous post. I appears that a pipe for quota queries via dict is not supported right now. Because of the way we group things we need more flexibility. I'd like to propose that dovecot should support quota queries just like userdb dict queries. My expertise i

Re: [Dovecot] Feature request: Configure CONFIG_MODULE_DIR and AUTH_MODULE_DIR at runtime

If you start/stop dovecot with an initscript or some other related system, you can do what SuSE does, since this problem occurs in lots of situations, not just dovecot. Since you know where all the config files are, you could either have the initscript set up a directory with symlinks, as Timo

Re: [Dovecot] Feature request: Configure CONFIG_MODULE_DIR and AUTH_MODULE_DIR at runtime

Den 2013-04-23 17:20:02 skrev Timo Sirainen : On 23.4.2013, at 17.58, Rickard Nilsson wrote: The problem is the service and auth modules, that dovecot tries to load from the compile-time set MODULE_DIR/{settings,auth}. This is a problem for me, because I can't set the module path during

Re: [Dovecot] Feature request: Configure CONFIG_MODULE_DIR and AUTH_MODULE_DIR at runtime

On 23.4.2013, at 17.58, Rickard Nilsson wrote: > I am running dovecot 2.1.16 on NixOS (http://nixos.org), and I have been > fighting the dynamically loaded dovecot modules/plugins a bit. > > The problem is that in Nix/NixOS all packages are completely isolated from > each other (each package h

[Dovecot] Feature request: Configure CONFIG_MODULE_DIR and AUTH_MODULE_DIR at runtime

Hi! I am running dovecot 2.1.16 on NixOS (http://nixos.org), and I have been fighting the dynamically loaded dovecot modules/plugins a bit. The problem is that in Nix/NixOS all packages are completely isolated from each other (each package has a separate /lib, /libexec, /bin etc, with onl

Re: [Dovecot] Feature request: add information to error message: client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 27 Nov 2012, Timo Sirainen wrote: On 2.11.2012, at 17.55, Steffen Kaiser wrote: Please add the information to this error, which socket has the problem and which uid access is and what is expected. For instance, when the quota dict reques

Re: [Dovecot] Feature request: add information to error message: client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions)

On 2.11.2012, at 17.55, Steffen Kaiser wrote: > Please add the information to this error, which socket has the problem and > which uid access is and what is expected. > > For instance, when the quota dict request fails, because of permission > problems, you get a very detailed info about the cu

[Dovecot] Feature request: add information to error message: client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please add the information to this error, which socket has the problem and which uid access is and what is expected. For instance, when the quota dict request fails, because of permission problems, you get a very detailed info about the current pr

Re: [Dovecot] Feature Request

Timo Sirainen wrote: > On 10.10.2012, at 5.40, Marc Perkel wrote: > > >>> It would be handy (for me) if there were a userdb where a directory > >>> structure defined the db. > >>> > >>> userdb stat { > >>> mail_location=maildir:/fakedir/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs > >>> } > >>> > >>> u

Re: [Dovecot] Feature Request

On 10.10.2012, at 5.40, Marc Perkel wrote: >>> It would be handy (for me) if there were a userdb where a directory >>> structure defined the db. >>> >>> userdb stat { >>> mail_location=maildir:/fakedir/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs >>> } >>> >>> userdb stat { >>> mail_location=maildir:

Re: [Dovecot] Feature Request

On 10/9/2012 7:29 PM, Timo Sirainen wrote: On 10.10.2012, at 4.34, Marc Perkel wrote: It would be handy (for me) if there were a userdb where a directory structure defined the db. userdb stat { mail_location=maildir:/fakedir/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs } userdb stat { mail_loca

Re: [Dovecot] Feature Request

On 10.10.2012, at 4.34, Marc Perkel wrote: > It would be handy (for me) if there were a userdb where a directory structure > defined the db. > > userdb stat { > mail_location=maildir:/fakedir/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs > } > > userdb stat { > mail_location=maildir:/email/%d/%n:INBOX

[Dovecot] Feature Request

It would be handy (for me) if there were a userdb where a directory structure defined the db. userdb stat { mail_location=maildir:/fakedir/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs } userdb stat { mail_location=maildir:/email/%d/%n:INBOX=/email/%d/%n:LAYOUT=fs } The idea being that if the first

Re: [Dovecot] Feature request

On 7.7.2012, at 17.26, Malloc Kilobyte wrote: > Appreciating all Dovecot rich features, I lack just one. And this is the > ability to customize the "quota exceeded, message rejected" message. I know > I can set it's default content using quota_exceeded_message parameter, but > i would also like to

Re: [Dovecot] Feature request

On Sat, Jul 7, 2012 at 4:35 PM, Reindl Harald wrote: > > > Am 07.07.2012 16:26, schrieb Malloc Kilobyte: > > Appreciating all Dovecot rich features, I lack just one. And this is the > > ability to customize the "quota exceeded, message rejected" message. I > know > > I can set it's default content

Re: [Dovecot] Feature request

Appreciating all Dovecot rich features, I lack just one. And this is the ability to customize the "quota exceeded, message rejected" message. I know no because SMTP mail delivery is not dovecot job.

Re: [Dovecot] Feature request

On 07/07/2012 04:35 PM, Reindl Harald wrote: Am 07.07.2012 16:26, schrieb Malloc Kilobyte: Appreciating all Dovecot rich features, I lack just one. And this is the ability to customize the "quota exceeded, message rejected" message. I know I can set it's default content using quota_exceeded_me

Re: [Dovecot] Feature request

Am 07.07.2012 16:26, schrieb Malloc Kilobyte: > Appreciating all Dovecot rich features, I lack just one. And this is the > ability to customize the "quota exceeded, message rejected" message. I know > I can set it's default content using quota_exceeded_message parameter, but > i would also like t

[Dovecot] Feature request

Hi, I am implementig Dovecot as a part of my new e-mail server, which is aimed to be replacement for proprietary software I've been using sofar. Appreciating all Dovecot rich features, I lack just one. And this is the ability to customize the "quota exceeded, message rejected" message. I know

Re: [Dovecot] Feature request for maillog plugin

On 20.2.2012, at 11.29, Aydın Demirel wrote: > Is it possible to add the modification time That would be the same as IMAP INTERNALDATE / received-date. It would be possible to add this pretty easily. > and file name of the mail file to maillog plugin? This would be much more difficult, because

[Dovecot] Feature request for maillog plugin

Hi, Is it possible to add the modification time and file name of the mail file to maillog plugin? Thanks -- *Aydın Demirel Endersys Ltd. Sistem Destek Mühendisi/ System Support Engineer* * *> Phone : +90 216 470 9423 | GSM : +90 530 401 8203

[Dovecot] Feature request - search and tag protocol - notmuch-alike approach

Hi all, notmuch[1] becomes more and more popular. At least in geek community. But notmuch is local-only (except ssh)... It looks like it's hard (if even possible) to use IMAP as transport for notmuch-alike work flow. I think it would be great to create a new protocol based global search and messa

Re: [Dovecot] Newbie Question/Feature Request

On Sat, 2011-11-05 at 10:33 -0700, Michael Papet wrote: > open (CMD_OUT, " /usr/lib/dovecot/deliver -f somedude\@someplace.com -d > anotherdude\@destination.dom $stringified |"); > my $test = ; > print $test; > > The above code errors out because the expected behavior is $stringified is > suppo

[Dovecot] Newbie Question/Feature Request

Hi, I'm working on a plugin for qpsmtpd (a perl smtp frontend) that delivers mail via dovecot's LDA. I can only get mail delivered by writing the email to file, then calling 'deliver -d someone -f someone-else < /path/to/temp/email' All good, expected behavior. A perl snippet: local $/=undef

[Dovecot] dovecot quota feature request

Hi all, I'm going to implement before queue quota check with postfix to prevent bounce mail, the quota information is stored into mysql using dovecot quotadict, it would be nice that dovecot can have an option to switch the quota check with (used space < quota) instead of (used space+mail size

Re: [Dovecot] Feature request

On 12/13/2010 04:36 AM, Charles Marcus wrote: On 2010-12-13 6:24 AM, Willie Gillespie wrote: I'm going to guess that it's Thunderbird 3.x. It has an issue where sometimes it (somehow) decides that it needs to keep downloading all the messages over and over again until it fills the user's hard d

Re: [Dovecot] Feature request

On 2010-12-13 6:24 AM, Willie Gillespie wrote: > I'm going to guess that it's Thunderbird 3.x. It has an issue where > sometimes it (somehow) decides that it needs to keep downloading all the > messages over and over again until it fills the user's hard drive. Bug Number please? Never had that pa

Re: [Dovecot] Feature request

On Mon, 13 Dec 2010 06:16:56 -0500 Charles Marcus wrote: > On 2010-12-13 2:45 AM, Nikita Koshikov wrote: > > On Sat, 11 Dec 2010 10:23:43 -0500, Charles Marcus wrote: > >> Did you already try deleting the local copy of the Inbox? > > > The problem has solved. User account was recreated - that hel

Re: [Dovecot] Feature request

Charles Marcus wrote: Also - what version of Thunderbird is this? I'm going to guess that it's Thunderbird 3.x. It has an issue where sometimes it (somehow) decides that it needs to keep downloading all the messages over and over again until it fills the user's hard drive. I had it happen

Re: [Dovecot] Feature request

On 2010-12-13 2:45 AM, Nikita Koshikov wrote: > On Sat, 11 Dec 2010 10:23:43 -0500, Charles Marcus wrote: >> Did you already try deleting the local copy of the Inbox? > The problem has solved. User account was recreated - that helped. > Also, we have this problem with various dovecot (starting fr

Re: [Dovecot] Feature request

On Sat, 11 Dec 2010 10:23:43 -0500 Charles Marcus wrote: > On 2010-12-11 3:00 AM, Nikita Koshikov wrote: > > Hello Timo, and all. > > > > Preface: > > From time to time we have problems with thunderbird. The problem is > > that mail client begin to sync users inbox (or other folder) and this > >

Re: [Dovecot] Feature request

On 2010-12-11 3:00 AM, Nikita Koshikov wrote: > Hello Timo, and all. > > Preface: > From time to time we have problems with thunderbird. The problem is > that mail client begin to sync users inbox (or other folder) and this > process didn't stop. Last time we have this situation - our > monitoring

[Dovecot] Feature request

Hello Timo, and all. Preface: From time to time we have problems with thunderbird. The problem is that mail client begin to sync users inbox (or other folder) and this process didn't stop. Last time we have this situation - our monitoring system shows unusual amount of imap traffic send to one

Re: [Dovecot] Feature request - statistics for the COMPRESS imap protocol

On Wed, 2010-11-03 at 12:40 +, Ed W wrote: > Examining the raw data makes me suspect that we are missing the header > data in the logged output? I'm trying to follow the code in > imap_zlib_plugin.c, but I can't see how the logging works? > > Can you please help? Here: http://hg.dovecot.or

Re: [Dovecot] Feature request - statistics for the COMPRESS imap protocol

Hi It would also appear at first glance that the rawlog doesn't work as I might expect when using COMPRESS ? I see something like this in my logs (but nothing further): 6 compress deflate 2v??uQ??s??? Yeah, rawlog logs the data it sees from imap process. The compression is started

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 14/10/10 10:58, Ed W wrote: > On 14/10/2010 09:48, Tom Hendrikx wrote: >> >> # Everytime you remove this line, god kills a kitten >> include :global "global-spam.sieve"; > > My suggestion was to do the reverse of this, ie have the global script > include the local script - does that work also?

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 14/10/2010 09:48, Tom Hendrikx wrote: # Everytime you remove this line, god kills a kitten include :global "global-spam.sieve"; My suggestion was to do the reverse of this, ie have the global script include the local script - does that work also? The use case there would be if you didn'

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 14/10/10 10:32, Ed W wrote: > On 13/10/2010 08:43, Stephan Bosch wrote: >> Op 12-10-2010 5:47, Jerrale G schreef: >>> We have used the great managesieve you have merged together, with >>> sieve, to create pigeonhole. However, when a user creates a custom >>> script through a GUI of ours, the

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 13/10/2010 08:43, Stephan Bosch wrote: Op 12-10-2010 5:47, Jerrale G schreef: We have used the great managesieve you have merged together, with sieve, to create pigeonhole. However, when a user creates a custom script through a GUI of ours, the default, as we expected, would be ignored.

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

Op 12-10-2010 5:47, Jerrale G schreef: We have used the great managesieve you have merged together, with sieve, to create pigeonhole. However, when a user creates a custom script through a GUI of ours, the default, as we expected, would be ignored. Maybe you could add a retain_sieve_global=ye

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 10/12/2010 1:07 PM, Eray Aslan wrote: On 12.10.2010 18:16, Jerrale G wrote: We have a lot of users liking both you It's not me but Stephan Bosch you are looking for. Sorry for the misunderstanding. Pigeonhole would be even nicer with a "skelton directory" specified to copy a user's scrip

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 12.10.2010 18:16, Jerrale G wrote: > We have a lot of users liking both you It's not me but Stephan Bosch you are looking for. Sorry for the misunderstanding. > Pigeonhole would be even nicer with a "skelton directory" specified to > copy a user's scripts from it, to their sieve_dir folder, o

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 10/12/2010 11:16 AM, Jerrale G wrote: On 10/12/2010 2:55 AM, Eray Aslan wrote: On 12.10.2010 06:47, Jerrale G wrote: Maybe you could add a retain_sieve_global=yes|no setting OR be more complex by having the sieve_global_dir copied to the users sieve_dir on first managesieve script save, if

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 10/12/2010 2:55 AM, Eray Aslan wrote: On 12.10.2010 06:47, Jerrale G wrote: Maybe you could add a retain_sieve_global=yes|no setting OR be more complex by having the sieve_global_dir copied to the users sieve_dir on first managesieve script save, if another setting to do this was set to yes.

Re: [Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

On 12.10.2010 06:47, Jerrale G wrote: > Maybe you could add a retain_sieve_global=yes|no setting OR be > more complex by having the sieve_global_dir copied to the users > sieve_dir on first managesieve script save, if another setting to do > this was set to yes. This way the administrators can crea

[Dovecot] Pigeonhole feature request: automatically copy sieve_global_path (default script) to user's sieve_dir

We have used the great managesieve you have merged together, with sieve, to create pigeonhole. However, when a user creates a custom script through a GUI of ours, the default, as we expected, would be ignored. Maybe you could add a retain_sieve_global=yes|no setting OR be more complex by havin

Re: [Dovecot] Feature request for maildir style boxes

On 6.10.2010, at 0.56, David Ford wrote: > what is the purpose in dovecot assuming that it should set a gid other > than the userid:gid it's operating under? Shared mailboxes. > security minded folks make explicit permissions on directories to > prevent software from errantly setting loose owner

Re: [Dovecot] Feature request for maildir style boxes

On 10/05/2010 07:35 PM, Timo Sirainen wrote: > On 6.10.2010, at 0.26, David Ford wrote: >> it's a bug in dovecot to assume a) the user wants this gid change even >> without setgid, and b) that it can change the gid to an arbitrary value >> of a parent directory. >> >> other software runs as :net-

Re: [Dovecot] Feature request for maildir style boxes

On 6.10.2010, at 0.26, David Ford wrote: > it's a bug in dovecot to assume a) the user wants this gid change even > without setgid, and b) that it can change the gid to an arbitrary value > of a parent directory. > > other software runs as :net-mail, and it's use and operation > is not applicable

Re: [Dovecot] Feature request for maildir style boxes

On 10/05/2010 07:17 PM, Timo Sirainen wrote: > It can't do delivery as net-mail group if they're 0700. dovecot runs as my userid; david:david so it has permissions for accessing anything in .maildir/ and below. this is why it gets EPERM errors when it tries to set the group id of net-mail. it's

Re: [Dovecot] Feature request for maildir style boxes

On 6.10.2010, at 0.09, David Ford wrote: > On 10/05/2010 06:44 PM, Timo Sirainen wrote: >> On 5.10.2010, at 23.38, David Ford wrote: >> >>> net-mail group is used by sendmail, procmail, dovecot, and additional >>> programs that read/write in the users mail directory. >> Can you give some specifi

Re: [Dovecot] Feature request for maildir style boxes

On 10/05/2010 06:44 PM, Timo Sirainen wrote: > On 5.10.2010, at 23.38, David Ford wrote: > >> net-mail group is used by sendmail, procmail, dovecot, and additional >> programs that read/write in the users mail directory. > Can you give some specific examples? > i did. sendmail accesses .forward

Re: [Dovecot] Feature request for maildir style boxes

On 5.10.2010, at 23.38, David Ford wrote: > net-mail group is used by sendmail, procmail, dovecot, and additional > programs that read/write in the users mail directory. Can you give some specific examples? >drwxr-x--- david net-mail /home/david/.maildir >drwx-- david david /ho

Re: [Dovecot] Feature request for maildir style boxes

net-mail group is used by sendmail, procmail, dovecot, and additional programs that read/write in the users mail directory. without permissions such as below and using typical permissions, other users can cd into a users .maildir and identify all folders a user is subscribed to (personal informat

Re: [Dovecot] Feature request for maildir style boxes

On 5.10.2010, at 20.13, David Ford wrote: >drwxr-x--- david net-mail /home/david/.maildir >drwx-- david david /home/david/.maildir/cur Can you give me some use case for what the net-mail is used for? > to something like: ( "new_files_inherit_parent_gid = true" ) I hate settings

Re: [Dovecot] Feature request for maildir style boxes

What if you create the topmost mail directory (and everyting below) with setgid set (or use BSD mkdir semantics)?

[Dovecot] Feature request for maildir style boxes

greetings, i'd like to ask for a certain feature request. dovecot:maildir_uidlist_recreate() to set the gid of new files based on the parent directory group ownership and normally that's desired, an appropriate security method. on our server, we use directory permissions to more s

Re: [Dovecot] Feature request - statistics for the COMPRESS imap protocol

On 2.10.2010, at 15.46, Ed W wrote: > It would also appear at first glance that the rawlog doesn't work as I might > expect when using COMPRESS ? I see something like this in my logs (but > nothing further): > >6 compress deflate >2v??uQ??s??? Yeah, rawlog logs the data it sees from i

Re: [Dovecot] Feature request - statistics for the COMPRESS imap protocol

It would also appear at first glance that the rawlog doesn't work as I might expect when using COMPRESS ? I see something like this in my logs (but nothing further): 6 compress deflate 2v??uQ??s??? I'm trying to figure out why a client isn't working correctly (Profimail on N97), bu

Re: [Dovecot] Feature request - statistics for the COMPRESS imap protocol

make a feature request that this might become available in some future version (pretty please?) So, you mean the byte counts or compression percentage? Byte counts both compressed and uncompressed would be favourite! (However, I expect there would be at least one person on the world who wan

Re: [Dovecot] Feature request - statistics for the COMPRESS imap protocol

On Fri, 2010-10-01 at 18:16 +0100, Ed W wrote: > Unless I have failed to read the manual for the second time in two > days (?), it doesn't seem to be possible to get COMPRESS statistics at > logout time from the IMAP protocol? Assuming not, then can I make a > feature reques

[Dovecot] Feature request - statistics for the COMPRESS imap protocol

Unless I have failed to read the manual for the second time in two days (?), it doesn't seem to be possible to get COMPRESS statistics at logout time from the IMAP protocol? Assuming not, then can I make a feature request that this might become available in some future version (pretty p

Re: [Dovecot] Feature request: usernames and passwords

Justin Krejci wrote: Check out splunk (or similar) for multiple disparate event log correlations. I'm not really looking for solutions right now. I just wanted to comment on the "stealth" techniques in use by those running botnets. When I do look for solutions, I prefer open source tool

Re: [Dovecot] Feature request: usernames and passwords

: Dovecot Mailing List Subject: Re: [Dovecot] Feature request: usernames and passwords I should note that the patterns of attack we are seeing are extremely sophisticated. They are going out of their way to be "stealth" with respect to detection strategies. We do still see the focused b

Re: [Dovecot] Feature request: usernames and passwords

Only a wild guess: Did you set: disable_plaintext_auth = no? I've the default (disable_plaintext_auth = yes + ssl*) settings. _Sometimes_ I find log entries like: dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): rip=1.2.3.4, lip=5.6.7.8, mpid=0 Oh, and only pop3-login, no

Re: [Dovecot] Feature request: usernames and passwords

Pascal Volk wrote: On 07/21/2010 03:06 PM Leonardo Rodrigues wrote: i was thinking on something like ... 1) after N tries (lets say 10 for example) of wrong username/password combinations, dovecot could start delaying the answers for wrong authentications coming from that specific I

Re: [Dovecot] Feature request: usernames and passwords

Em 21/07/2010 10:30, Eduardo M KALINOWSKI escreveu: I think none of this is dovecot's function. Let's keep the UNIX filosophy: one tool does one function, and does that function well. Dovecot is an execellent mail server. It should not be turned into a monster Windows-like application that do

Re: [Dovecot] Feature request: usernames and passwords

Em 21/07/2010 10:32, Pascal Volk escreveu: Install dovecot 2.0.rc3 and try to 'break in'. You will see how dovecot slows down your 'attack'. When you test it with your botnet ( ;-) ), use `doveadm penalty` to see current penalties. wooow nice to hear that i have not tried 2.0RC ye

Re: [Dovecot] Feature request: usernames and passwords

On Wed, 21 Jul 2010 14:29:10 +0300 Thanos Chatziathanassiou articulated: > A relatively recent development that spammers got wind of is users that > have username==password, with/without the domain. > I am tracking numerous 1-off attempts from bots to gain access to > mailboxes this way. > Situ

Re: [Dovecot] Feature request: usernames and passwords

On 07/21/2010 03:06 PM Leonardo Rodrigues wrote: > > i was thinking on something like ... > > 1) after N tries (lets say 10 for example) of wrong username/password > combinations, dovecot could start delaying the answers for wrong > authentications coming from that specific IP address or I

Re: [Dovecot] Feature request: usernames and passwords

On Qua, 21 Jul 2010, Leonardo Rodrigues wrote: i completly agree that dovecot is not the place for enforcing password policies nor checking them. but, still on the subject, maybe dovecot could have some features for helping sysadmins to avoid/mitigate brute-force attacks. As told,

Re: [Dovecot] Feature request: usernames and passwords

On 07/21/2010 02:35 PM Thanos Chatziathanassiou wrote: > Correct. Should be fairly easy to do - just need a compatible crypt() > function in SQL. Never thought of that. MySQL's encrypt() is your friend: select encrypt('foo', 'ab'); select encrypt('foo', '$1$01234567'); select encrypt('foo', '$5$r

Re: [Dovecot] Feature request: usernames and passwords

Em 21/07/2010 10:08, Martijn de Munnik escreveu: the original message says about bot brute-force attacks, but we can be facing REAL brute-force attacks against a specific account and i think that some features to help mitigate those could indeed be interesting. And if those features e

Re: [Dovecot] Feature request: usernames and passwords

Op 21 jul 2010, om 15:06 heeft Leonardo Rodrigues het volgende geschreven: > Em 21/07/2010 09:18, Timo Sirainen escreveu: >> >> I think this is one of the tons of different possible password policies >> and isn't really Dovecot's job. It really should be enforced while >> setting the password, n

Re: [Dovecot] Feature request: usernames and passwords

Em 21/07/2010 09:18, Timo Sirainen escreveu: I think this is one of the tons of different possible password policies and isn't really Dovecot's job. It really should be enforced while setting the password, not while checking it. i completly agree that dovecot is not the place for enfo

Re: [Dovecot] Feature request: usernames and passwords

Thanos Chatziathanassiou wrote: > A relatively recent development that spammers got wind of is users > that have username==password, with/without the domain. I am tracking > numerous 1-off attempts from bots to gain access to mailboxes this > way. Situation isn't made any better if you're also usin

Re: [Dovecot] Feature request: usernames and passwords

Timo Sirainen wrote: On Wed, 2010-07-21 at 14:57 +0300, Thanos Chatziathanassiou wrote: Timo Sirainen wrote: On 21.7.2010, at 12.29, Thanos Chatziathanassiou wrote: Would it be possible to deny login if username==password with a (non?)polite/custom message to go change your

Re: [Dovecot] Feature request: usernames and passwords

On Wed, 2010-07-21 at 14:57 +0300, Thanos Chatziathanassiou wrote: > Timo Sirainen wrote: > > On 21.7.2010, at 12.29, Thanos Chatziathanassiou wrote: > > > > > >> Would it be possible to deny login if username==password with a > >> (non?)polite/custom message to go change your password to somet

Re: [Dovecot] Feature request: usernames and passwords

Timo Sirainen wrote: On 21.7.2010, at 12.29, Thanos Chatziathanassiou wrote: Would it be possible to deny login if username==password with a (non?)polite/custom message to go change your password to something less obvious ? What passdb do you use? passwd-file with md5-crypt thou

Re: [Dovecot] Feature request: usernames and passwords

On 21.7.2010, at 12.29, Thanos Chatziathanassiou wrote: > Would it be possible to deny login if username==password with a > (non?)polite/custom message to go change your password to something less > obvious ? What passdb do you use?

[Dovecot] Feature request: usernames and passwords

A relatively recent development that spammers got wind of is users that have username==password, with/without the domain. I am tracking numerous 1-off attempts from bots to gain access to mailboxes this way. Situation isn't made any better if you're also using dovecot as SMTP AUTH provider for I

Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]

On Fri, 2010-02-19 at 06:10 -0500, Charles Marcus wrote: > > > I certainly wouldn't want to accept a message in this case, user > > might be 1K under quota, but get 20m file now that might be a > > whoopie doo :) but what if 130K users did same. > > Well, I'd argue that if you're allowing mess

Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 19 Feb 2010, Charles Marcus wrote: Ahh... so, this would only be a [potential] problem in the case of [a] user[s] that didn't login for a long time... and I guess you could even deal with that by some kind of nightly cron job... A cron job

Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]

On 2010-02-19 3:16 AM, Steffen Kaiser wrote: > On Thu, 18 Feb 2010, Charles Marcus wrote: >> On 2010-02-18 11:09 AM, Steffen Kaiser wrote: >>> Actually, I once had a system where the request was "we do not >>> send over quota notices, all mails have to arrive". Hence, >>> deliver should have no quo

Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]

On 2010-02-18 4:53 PM, Noel Butler wrote: >>> Personally I think the best way would be, if the user isn't over >>> quota at the time of a message delivery, deliver that message, >>> *regardless* of whether or not it puts the user over quota. >> Wonder if there's anyone who wouldn't want this behav

Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 18 Feb 2010, Charles Marcus wrote: On 2010-02-18 11:09 AM, Steffen Kaiser wrote: Actually, I once had a system where the request was "we do not send over quota notices, all mails have to arrive". Hence, deliver should have no quota - well,

Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]

On Thu, 2010-02-18 at 16:20 +0200, Timo Sirainen wrote: > On Thu, 2010-02-18 at 09:05 -0500, Charles Marcus wrote: > > Personally I think the best way would be, if the user isn't over quota > > at the time of a message delivery, deliver that message, *regardless* of > > whether or not it puts the

Re: [Dovecot] Poll: Quota near full behavior? [Was: Feature request? Make deliver quota inclusive!]

On 2010-02-18 11:09 AM, Steffen Kaiser wrote: > Actually, I once had a system where the request was "we do not send over > quota notices, all mails have to arrive". Hence, deliver should have no > quota - well, a very high quota actually -, but a quite strick IMAP quota. So simply leaving everythi

<    1   2   3   >