Re: cyrus sasl Password lock after n failed attempts
On 12/10/2012, at 15:21, Ram r...@netcore.co.in wrote: Off late I have seen lots of attempts at getting in weak weak passwords. Is there a way I can implement password lock out within cyrus if there are more than n consecutive bad attempts I think a feature like this is likely to result in a denial of service to yourself :) I use sshguard which can parse many different program's outputs (not just SSH) for failed login attempts and then add a rule to a firewall to block the IP making the attempts. It has support for many different firewall types - I use PF but it does ipfw, ip tables, etc etc.. It is probably available as a package for your OS/distro or you can get it from http://www.sshguard.net/ -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
DBERROR's
I have an installation of Cyrus IMAP 2.2.13 on 32-bit linux, with the database copied over from an earlier version. It appears to work just fine, but is sometimes issuing error messages of the form: DBERROR: mystore: error storing (long nasty 8-bit string) DB_PAGE_NOTFOUND: Requested page not found The long nasty 8-bit strings vary; an example is B0 6F 92 D8 78 E8 BB 9F 2E 23 30 33 33 93 23 30 32 31 7E DC D3 A8 4D 47 BF 41 4B 63 35 23 30 32 31 A7 3D 7A 86 D0 83 9E 23 30 30 37 23 30 30 34 3A What's the error mean? Do I need to care? --ADthanksVANCE --akb Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: DBERROR's
On Fri, 2012-10-12 at 05:06 -0400, akb427 wrote: I have an installation of Cyrus IMAP 2.2.13 on 32-bit linux, with the database copied over from an earlier version. That is really very old. It appears to work just fine, but is sometimes issuing error messages of the form: DBERROR: mystore: error storing (long nasty 8-bit string) DB_PAGE_NOTFOUND: Requested page not found This is probably a Berkley DB thing. I'd convert your database from BDB to skiplist, and just get away from BDB forever. Then upgrade to at least 2.3, preferably 2.4. Berkley DB == bugs Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
lmtp over tcp configuation
Hi, I'm planing to split cyrus 2.2.13 from my incoming mail server running sendmail 8.14.3. Basically I set up an openvpn tunnel between the boxes and changed the CYRUSV2_MAILER_ARGS from FILE to TCP in the cyrusv2.m4 macro on sendmail side and activated lmtp in the cyrus.conf on the other side. First tests are running fine. Did I forget something? Any tuning hints? /etc/mail/sendmail.mc: [...] dnl # Default Mailer setup MAILER_DEFINITIONS define(`confLOCAL_MAILER', `cyrusv2')dnl MAILER(`local')dnl MAILER(`smtp')dnl MAILER(`cyrusv2')dnl /usr/share/sendmail/cf/mailer/cyrusv2.m4: [...] ifdef(`CYRUSV2_MAILER_ARGS',, `define(`CYRUSV2_MAILER_ARGS', `TCP [192.168.100.2] 2003')') [...] /etc/cyrus.conf: [...] lmtpcmd=lmtpd -a listen=192.168.200.1:lmtp prefork=0 maxchild=20 lmtpunixcmd=lmtpd listen=/var/run/cyrus/socket/lmtp prefork=0 maxchild=20 [...] System Ubuntu 10.04 LTS with sendmail8.14.3-9.1ubuntu1 cyrus-common-2.22.2.13-19squeeze3build0.10.04.1 Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus sasl Password lock after n failed attempts
On Fri, Oct 12, 2012 at 04:54:12PM +1030, Daniel O'Connor wrote: On 12/10/2012, at 15:21, Ram r...@netcore.co.in wrote: Of late I have seen lots of attempts at getting in weak weak passwords. Is there a way I can implement password lock out within cyrus if there are more than n consecutive bad attempts I think a feature like this is likely to result in a denial of service to yourself :) I use sshguard which can parse many different program's outputs (not just SSH) for failed login attempts and then add a rule to a firewall to block the IP making the attempts. It has support for many different firewall types - I use PF but it does ipfw, ip tables, etc etc.. It is probably available as a package for your OS/distro or you can get it from http://www.sshguard.net/ There is also fail2ban (python based) which is working well for me. It just depends on which tool you like best. -- Scott LambertKC5MLE Unix SysAdmin lamb...@lambertfam.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus