Re: Username character disallowed by auth_username_chars: 0x13
> On November 29, 2017 at 5:58 AM Alexwrote: > > > Hi, I'm receiving the following messages in my mail logs that I > haven't seen before: > > Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): > Username character disallowed by auth_username_chars: 0x13 (username: > AB?) > Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): > Username character disallowed by auth_username_chars: 0x13 (username: > AB?) > > There's thousands of them, from hundreds of different IP addresses. I > suspect it's an exploit attempt, but does anyone know which? > > I've added a fail2ban entry, but I'd also like to make sure my dovecot > is not vulnerable. This is on a fc25 system with all updates. 0x13 is carriage return, so it could just be a mistake in the spam robots code. Aki
Re: Lua Auth
> On November 29, 2017 at 4:37 AM Mark Moseleywrote: > > > Just happened to be surfing the docs and saw this. This is beyond awesome: > > https://wiki2.dovecot.org/AuthDatabase/Lua > > Any words of wisdom on using it? I'd be putting a bunch of mysql logic in > it. Any horrible gotchas there? When it says 'blocking', should I assume > that means that a auth worker process will *not* accept any new auth > lookups until both auth_passdb_lookup() and auth_userdb_lookup() have > completed (in which I'd be doing several mysql calls)? If that's the case, > I assume that the number of auth workers should be bumped up. > > And is a 2.3 release fairly imminent? Hi! This feature was added very recently, and there is very little operational experience on it. As the docs should say, blocking=yes means that an auth worker is used, and yes, it will block each auth worker during authentication, but what we tried, it should perform rather nicely. The most important gotcha is to always test your lua code rigorously, because there is not much we can do to save you. It should be present in master branch, so if someone feels like trying it out, please let us know if you find any bugs or strangeness. It's not present in nightlies yet. We are planning on releasing 2.3.0 this year. Aki
Username character disallowed by auth_username_chars: 0x13
Hi, I'm receiving the following messages in my mail logs that I haven't seen before: Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) Nov 28 22:45:31 bwipropemail dovecot: auth: login(?,179.210.41.21): Username character disallowed by auth_username_chars: 0x13 (username: AB?) There's thousands of them, from hundreds of different IP addresses. I suspect it's an exploit attempt, but does anyone know which? I've added a fail2ban entry, but I'd also like to make sure my dovecot is not vulnerable. This is on a fc25 system with all updates.
Lua Auth
Just happened to be surfing the docs and saw this. This is beyond awesome: https://wiki2.dovecot.org/AuthDatabase/Lua Any words of wisdom on using it? I'd be putting a bunch of mysql logic in it. Any horrible gotchas there? When it says 'blocking', should I assume that means that a auth worker process will *not* accept any new auth lookups until both auth_passdb_lookup() and auth_userdb_lookup() have completed (in which I'd be doing several mysql calls)? If that's the case, I assume that the number of auth workers should be bumped up. And is a 2.3 release fairly imminent?
Re: XDOVECOT capability?
On 28.11.2017 20:04, Hogne Vevle wrote: > Hi! > > Here and there, I'm seeing mentions of a "XDOVECOT" capability - e.g. on > https://documentation.open-xchange.com/7.8.2/middleware/components/search/crossfolder_fts_in_mail.html > . > > However, I can't seem to find any documentation on what this actually does. > > We need to add this capability to our servers in order for certain > functionality of Open Xchange App Suite to work properly (as seen in the link > above), but we don't want to blindly update our entire Dovecot cluster just > because their docs tell us to :) > > Can someone, please, shed some light on what other effects we can expect to > see after enabling this capability, if any? Or is it simply a way of telling > clients that "Hey, I'm a Dovecot server" - nothing else? This last statement is correct. It is only used to assure the client that the functionality is there. The various features are enabled by their respective settings. br, Teemu > > Cheers, > > - Hogne >
Re: How to make dovecot access a MySQL database with a certain domain?
The @localhost part is correct if you connecting to mysql at 127.0.0.1. It's the rdns of the connecting client. Are you sure that the user postfix has access rights to postfix database? Can you connect on cli using something like mysql -upostfix -ppostfix postfix ? Am 28. November 2017 19:08:12 MEZ schrieb Spike98: >I am trying to make a mail server with Postfix using the Dovecot >software. At the time of wanting to access my server from a mail >client, it does not let me access and see the logs of my server with >the command: > >$ service dovecot status >with the following error: > >dovecot: auth-worker(2769): Error: mysql(127.0.0.1): Connect failed to >database (postfix): Access denied for user 'postfix'@'localhost' (using >password: YES) - waiting for 125 seconds before retry > >From what I understand of this error is that it is trying to enter >'postfix' @ 'localhost' instead of the domain that I specify when I >made the database that is mydomain.com > >How can you make dovecot go to MySQL with post...@mydomain.com instead >of localhost > >This is my Dovecot configuration > >/etc/dovecot/dovecot-sql.conf.ext > >driver=mysql > >default_pass_scheme=PLAIN-MD5 > >connect=host=127.0.0.1 dbname=postfix user=postfix password=postfix > >password_query=SELECT username,domain,password FROM usuarios WHERE >username='%n' AND domain='%d' > >user_query=SELECT 1007 as uid, 1007 as gid, >concat("maildir:/var/vmail",domain,'/',username,'/') as mail FROM >usuarios WHERE username='%n' AND domain='%d' > >iterate_query=SELECT username,domain FROM usuarios -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
Re: How to make dovecot access a MySQL database with a certain domain?
Replace 127.0.0.1 with the domain name. On Tue, Nov 28, 2017 at 10:08 AM Spike98wrote: > I am trying to make a mail server with Postfix using the Dovecot software. > At the time of wanting to access my server from a mail client, it does not > let me access and see the logs of my server with the command: > > $ service dovecot status > with the following error: > > dovecot: auth-worker(2769): Error: mysql(127.0.0.1): Connect failed to > database (postfix): Access denied for user 'postfix'@'localhost' (using > password: YES) - waiting for 125 seconds before retry > > From what I understand of this error is that it is trying to enter > 'postfix' @ 'localhost' instead of the domain that I specify when I made > the database that is mydomain.com > > How can you make dovecot go to MySQL with post...@mydomain.com instead of > localhost > > This is my Dovecot configuration > > /etc/dovecot/dovecot-sql.conf.ext > > driver=mysql > > default_pass_scheme=PLAIN-MD5 > > connect=host=127.0.0.1 dbname=postfix user=postfix password=postfix > > password_query=SELECT username,domain,password FROM usuarios WHERE > username='%n' AND domain='%d' > > user_query=SELECT 1007 as uid, 1007 as gid, > concat("maildir:/var/vmail",domain,'/',username,'/') as mail FROM usuarios > WHERE username='%n' AND domain='%d' > > iterate_query=SELECT username,domain FROM usuarios
Re: Imapsieve plugin?
Thanks jeff. That answers my question. This is where the question came from: https://words.bombast.net/rspamd-with-postfix-dovecot-debian-stretch/ I was working on the sieve configuration and saw all the calls to imap-sieve etc. On 11/27/2017 11:27 PM, Jeff wrote: On 11/27/17 2:41 AM, Bruce wrote: Debian stretch. Dovecot 2.2.27 I was working with a document that references the imapsieve plugin. It references the /etc/dovecot/conf.d/90-imapsieve.conf file. The only reference I've found for it is https://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/IMAPSieve#Configuration. I've got dovecot-managedsieve and dovecot-sieve already installed. Am I missing something obvious here? Bruce M. While you might be missing an empty file or commented-out example, dovecot.conf generally includes !include conf.d/*.conf !include_try local.conf which will read in the contents of those files. I personally like to keep everything in local.conf, or at least out of the distro-supplied files so I'm not surprised after an upgrade. I don't see the 90-imapsieve.conf file in the git repo either https://github.com/dovecot/core/tree/master/doc/example-config/conf.d Jeff
How to make dovecot access a MySQL database with a certain domain?
I am trying to make a mail server with Postfix using the Dovecot software. At the time of wanting to access my server from a mail client, it does not let me access and see the logs of my server with the command: $ service dovecot status with the following error: dovecot: auth-worker(2769): Error: mysql(127.0.0.1): Connect failed to database (postfix): Access denied for user 'postfix'@'localhost' (using password: YES) - waiting for 125 seconds before retry From what I understand of this error is that it is trying to enter 'postfix' @ 'localhost' instead of the domain that I specify when I made the database that is mydomain.com How can you make dovecot go to MySQL with post...@mydomain.com instead of localhost This is my Dovecot configuration /etc/dovecot/dovecot-sql.conf.ext driver=mysql default_pass_scheme=PLAIN-MD5 connect=host=127.0.0.1 dbname=postfix user=postfix password=postfix password_query=SELECT username,domain,password FROM usuarios WHERE username='%n' AND domain='%d' user_query=SELECT 1007 as uid, 1007 as gid, concat("maildir:/var/vmail",domain,'/',username,'/') as mail FROM usuarios WHERE username='%n' AND domain='%d' iterate_query=SELECT username,domain FROM usuarios
XDOVECOT capability?
Hi! Here and there, I'm seeing mentions of a "XDOVECOT" capability - e.g. on https://documentation.open-xchange.com/7.8.2/middleware/components/search/crossfolder_fts_in_mail.html . However, I can't seem to find any documentation on what this actually does. We need to add this capability to our servers in order for certain functionality of Open Xchange App Suite to work properly (as seen in the link above), but we don't want to blindly update our entire Dovecot cluster just because their docs tell us to :) Can someone, please, shed some light on what other effects we can expect to see after enabling this capability, if any? Or is it simply a way of telling clients that "Hey, I'm a Dovecot server" - nothing else? Cheers, - Hogne
Re: ManageSieve: authenticate "EXTERNAL" not behaving correctly
Op 28-10-2017 om 17:18 schreef Stephan Bosch: Op 10/26/2017 om 1:32 PM schreef Marc Weustink: Hi, I've enabled client certificate authentication for imap and managesieve. When I use Thunderbird with the sieve plugin it tries to login, but times out. Initially I reported this to the sieve plugin, but we came to the conclusion that it managesieve is misbehaving. https://github.com/thsmi/sieve/issues/94 Thunderbird (win10-64) 52.4.0 (32bit) Sieve 0.2.3k Dovecot (Ubuntu 16.04.3 LTS) 2.2.33.1-1 (sid) What happens is the following (p=plugin sends m=managesieve sends) p:authenticate "EXTERNAL" "" m:"" The response is unexpected. According to RFC 5804 an empty challenge/response is sent as an empty string. So I would expect: p:authenticate "EXTERNAL" "" m:OK "Logged in." With the use of gnutls-cli I could reproduce (c=I send m=managesieve sends) gnutls-cli --starttls --x509keyfile marc_mail.key --x509certfile marc_mail.crt -p sieve 172.17.1.4 ... m:OK "TLS negotiation successful." c:authenticate "EXTERNAL" "" m:"" c:"" m:OK "Logged in." However if I try the "imap" syntax (rfc4959) I get logged in at once ... m:OK "TLS negotiation successful." c:authenticate "EXTERNAL" "=" m:OK "Logged in." Note that this is an imap only extention, "=" is an invalid base64 encoding. Will get back on this later. This was actually a Dovecot problem. Merged yesterday: https://github.com/dovecot/core/commit/451698c60d7b3a763742c8e99503ab30596036f0 https://github.com/dovecot/core/commit/e4b72bd73bfffda7906faa248eab31f936cfc6fa https://github.com/dovecot/core/commit/ad3e5fb08578161731085cfc025659753d2682cb https://github.com/dovecot/core/commit/981f260cfa17a22faf4ff047e479e63cad01aa65 Regards, Stephan.