You can use fail2ban to parse your web server log. If 3 fails from the
same IP, then ban for x hours.
Filter on POST method and 403 status code and connect uri
- - [] "POST /SOGo/connect HTTP/1.1" 403 354
On 2018-04-27 22:17, Chris wrote:
On Fri, 27 Apr 2018 09:41:05 +0200
Christian Mack wro
On Fri, 27 Apr 2018 09:41:05 +0200
Christian Mack wrote:
> The other possibility would be to use one of CAS or SAML2
> authentication. Those two generate a session ticket, which is passed
> to SOGo for authentication.
> SOGo then accesses IMAP- and SIEVE-servers with that ticket.
> Because of that
Am 26.04.2018 um 20:19 schrieb Chris (chris2...@postbox.xyz):
> On Tue, 24 Apr 2018 19:48:06 + (UTC)
> Sergio Cesar winc wrote:
>
>> I wonder if one could user the webserver authentication and pass it
>> to SOGo or roundcube.
>
> I'm also very interested in this. Is it possible to pass userna
On Tue, 24 Apr 2018 19:48:06 + (UTC)
Sergio Cesar winc wrote:
> I wonder if one could user the webserver authentication and pass it
> to SOGo or roundcube.
I'm also very interested in this. Is it possible to pass username and
password from Apache proxy to SOGo? And is this working with CalDAV
nc.net) <
>> users@sogo.nu>:
>>
>> I wonder if one could user the webserver authentication and pass it to
>> SOGo or roundcube. Than fail2ban will catch the ip from the http log.
>>
>> SC
>>
>>
>> From: Sebastián Meyer
>> Sent: Tuesday
s it to
> SOGo or roundcube. Than fail2ban will catch the ip from the http log.
>
> SC
>
>
> From: Sebastián Meyer
> Sent: Tuesday, April 24, 9:51 AM
> Subject: [SOGo] webmail login attacks - captcha?
> To: users@sogo.nu
>
>
> Hi,
>
> I have a couple of compr
uld user the webserver authentication and pass it to SOGo
> or roundcube. Than fail2ban will catch the ip from the http log.
>
> SC
>
>
> From: Sebastián Meyer
> Sent: Tuesday, April 24, 9:51 AM
> Subject: [SOGo] webmail login attacks - captcha?
> To: users@sogo.nu
>
>
On 04/24/2018 09:48 PM, Sergio Cesar winc (ser...@winc.net) wrote:
I wonder if one could user the webserver authentication and pass it to
SOGo or roundcube. Than fail2ban will catch the ip from the http log.
SC
Yes, or perhaps use saml2 auth, and have your IdP take care of this.
MJ
--
use
W dniu 24.04.2018 o 16:51, Sebastián Meyer (sebast...@indomitux.com) pisze:
I have a couple of compromissed webmail accounts, passwords wheren't
easy to guess.
I'd like to add an increasing delay for failed logins and a captcha, is
it possible?
You can do that by these global settings:
SOGoMa
I wonder if one could user the webserver authentication and pass it to SOGo or
roundcube. Than fail2ban will catch the ip from the http log.
SC
From: Sebastián Meyer
Sent: Tuesday, April 24, 9:51 AM
Subject: [SOGo] webmail login attacks - captcha?
To: users@sogo.nu
Hi,
I
Hi,
I have a couple of compromissed webmail accounts, passwords wheren't
easy to guess.
I'd like to add an increasing delay for failed logins and a captcha, is
it possible?
For IMAP and SMTP access I use fail2ban, but using it for for webmail
access DoS attacks would be unacceptable freque
11 matches
Mail list logo