> On Apr 30, 2019, at 10:37 PM, andre via dovecot wrote:
>
> You can easily do this without a new feature in Dovecot.
>
> - Create a post login script, for instance, in bash.
> - install grepcidr on your server.
>
> Your post login script can use grepcidr to check for white or black list.
>
> On Apr 30, 2019, at 2:35 PM, Sami Ketola via dovecot
> wrote:
>
> Just create another passdb for these premium users before the actual passdb
> and add skip = authenticated to the actual passdb.
Dear Sami,
Thank you for the suggestion.
Adding more passdb is not ideal at all, if we have
> On Apr 30, 2019, at 2:32 PM, Malcolm via dovecot wrote:
>
> On 4/29/2019 11:20 PM, Zhang Huangbin via dovecot wrote:
>> I understand what "allow" means. But it will be very handy to support
>> something like "!a.b.c.d" to allow all but just exclude few
>> IPs/networks. Isn't it? :)
> I'm
On 30 Apr 2019, at 12:11, Aki Tuomi via dovecot wrote:
> On 30 April 2019 21:06 @lbutlr via dovecot < dovecot@dovecot.org> wrote:
>>
>> dovecot-2.3.5.1 is vulnerable:
>> dovecot -- json encoder crash
>> CVE: CVE-2019-10691
>
> We don't usually mention fixes for previous releases again.
Ah, I
> On April 30, 2019 at 12:06 PM "@lbutlr via dovecot"
> wrote:
>
> pkg adult shows the following, not mentioned in the changes:
>
> dovecot-2.3.5.1 is vulnerable:
> dovecot -- json encoder crash
> CVE: CVE-2019-10691
> WWW:
>
On 30 April 2019 21:06 @lbutlr via dovecot <
dovecot@dovecot.org> wrote:
On 30 Apr 2019, at 07:21, Aki Tuomi via dovecot <
dovecot@dovecot.org> wrote:
We are pleased to release Dovecot v2.3.6.
On 30 Apr 2019, at 07:21, Aki Tuomi via dovecot wrote:
> We are pleased to release Dovecot v2.3.6.
pkg adult shows the following, not mentioned in the changes:
dovecot-2.3.5.1 is vulnerable:
dovecot -- json encoder crash
CVE: CVE-2019-10691
WWW:
> On 30 April 2019 17:20 James via dovecot wrote:
>
>
> On 30/04/2019 14:21, Aki Tuomi via dovecot wrote:
>
> > https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz
>
> Trivial but...
>
> "mail-index-transaction-update.c", line 198: void function cannot return
> value
>
>
> Thanks.
Sorry for the top posting, I have not setup my new phone yet.
Here the script sample:
https://github.com/progmaticltd/homebox/blob/dev/install/playbooks/roles/dovecot/files/access-check-whitelist.sh
André.
Tue Apr 30 15:33:51 GMT+01:00 2019 andre :
>
> Hello, Zhang.
>
> You can easily do
Hello, Zhang.
You can easily do this without a new feature in Dovecot.
- Create a post login script, for instance, in bash.
- install grepcidr on your server.
Your post login script can use grepcidr to check for white or black list.
https://wiki.dovecot.org/PostLoginScripting
I have
On 30/04/2019 14:21, Aki Tuomi via dovecot wrote:
https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz
Trivial but...
"mail-index-transaction-update.c", line 198: void function cannot return
value
Thanks.
--- ../original/src/lib-index/mail-index-transaction-update.c 2019-04-30
Hi!
We are pleased to release Pigeonhole 0.5.6 for Dovecot 2.3.6.
Tarball
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.6.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig
Binary packages can be found from
Hi!
We are pleased to release Pigeonhole 0.5.6 for Dovecot 2.3.6.
Tarball
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.6.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.6.tar.gz.sig
Binary packages can be found from
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3212 (Bug ID)
Vulnerability type: CWE-476
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Researcher credits: Marcelo Coelho
Solution
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3212 (Bug ID)
Vulnerability type: CWE-476
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Researcher credits: Marcelo Coelho
Solution
Hi!
We are pleased to release Dovecot v2.3.6.
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11494: Submission-login
Hi!
We are pleased to release Dovecot v2.3.6.
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.6.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
---
* CVE-2019-11494: Submission-login
On 30 Apr 2019, at 00:20, Zhang Huangbin via dovecot
wrote:
> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot wrote:
>>
>> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot
>> wrote:
>>> Recently we need to allow some users to login from everywhere except some
>>> IP/networks,
>>
>>
Hi,
In my LMTP config, I have
lmtp_hdr_delivery_address = none.
Under 2.2, Received headers looked like this:
Received: from smtp.example.com
by lmtp.example.com with LMTP id +IVdKS81cFwWagAAGhmRSA
; Fri, 22 Feb 2019 17:45:19 +
After the update to 2.3, they look like this:
> On 30 Apr 2019, at 4.56, Zhang Huangbin via dovecot
> wrote:
>
> Dear all,
>
> We use `allow_nets`[1] to restrict login clients, it works fine.
> Recently we need to allow some users to login from everywhere except some
> IP/networks, how can we accomplish this with "allow_nets"?
>
>
On 4/29/2019 11:20 PM, Zhang Huangbin via dovecot wrote:
I understand what "allow" means. But it will be very handy to
support something like "!a.b.c.d" to allow all but just exclude few
IPs/networks. Isn't it? :)
I'm not sure why:
iptables -A INPUT -p tcp --match multiport --syn ! -s
> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot wrote:
>
> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot
> wrote:
>> Recently we need to allow some users to login from everywhere except some
>> IP/networks,
>
> Can you use firewall rules for this?
I suppose not. We don't
24 matches
Mail list logo
