Re: [Dovecot] Disabled pop3-login

2013-08-26 Thread Gedalya 

On 08/26/2013 12:43 AM, LuKreme wrote:

On 25 Aug 2013, at 18:00 , Reindl Harald h.rei...@thelounge.net wrote:


Am 26.08.2013 01:42, schrieb LuKreme:

In my dovecot.conf I do not have pop3-login anabled (since I do not support 
pop3)

but you do not have it disabled

protocols = imap

First, that is imap. Second, the string pop3 does not appear anywhere in the 
output of dovecot.conf. Third, there is no protocols line in dovecot.conf either.

Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically 
even though IMAP already works fine?


It sounds like that's exactly what he's saying.
All dovecot configuration values have defaults. Reindl is saying that 
the default for protocols includes pop3, and your experience seems to 
prove he's right.
If you do set that configuration item, it will include only what you 
specify.

Re: [Dovecot] Disabled pop3-login

2013-08-26 Thread Axel Luttgens 
Le 26 août 2013 à 06:43, LuKreme a écrit :

 [...]
 First, that is imap. Second, the string pop3 does not appear anywhere in 
 the output of dovecot.conf. Third, there is no protocols line in dovecot.conf 
 either.
 
 Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically 
 even though IMAP already works fine?

Hello,

You have to override the defaults currently in use.

In the case of setting protocols, which you haven't changed as shown by the 
output of doveconf -n, you should see something like this:

$ doveconf protocols
protocols = imap pop3 lmtp

Axel

Re: [Dovecot] Disabled pop3-login

2013-08-26 Thread Reindl Harald 

Am 26.08.2013 06:43, schrieb LuKreme:
 On 25 Aug 2013, at 18:00 , Reindl Harald h.rei...@thelounge.net wrote:
 
 Am 26.08.2013 01:42, schrieb LuKreme:
 In my dovecot.conf I do not have pop3-login anabled (since I do not support 
 pop3)

 but you do not have it disabled

 protocols = imap
 
 First, that is imap

i know that, dovecot knows that

but protocols lists *all* enabled and if you only enable imap then you have 
only imap

 Second, the string pop3 does not appear anywhere in the output of 
 dovecot.conf

so what - but it appears in the *defaults* because you hardly would
be able to get software like dovecot or postfix running at all if
you would need to write *every* config line in the config with
correct values

[root@srv-rhsoft:~]$ doveconf -d | grep protocols
protocols = imap pop3 lmtp
ssl_protocols = !SSLv2

[root@srv-rhsoft:~]$ doveconf -n | grep protocols
protocols = imap



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Disabled pop3-login

2013-08-26 Thread /dev/rob0 
On Mon, Aug 26, 2013 at 02:28:02AM -0400, Gedalya wrote:
 On 08/26/2013 12:43 AM, LuKreme wrote:
 On 25 Aug 2013, at 18:00 , Reindl Harald h.rei...@thelounge.net 
 wrote:
 Am 26.08.2013 01:42, schrieb LuKreme:
 In my dovecot.conf I do not have pop3-login anabled (since I do 
 not support pop3)
 but you do not have it disabled
 
 protocols = imap
 First, that is imap. Second, the string pop3 does not appear 
 anywhere in the output of dovecot.conf. Third, there is no 
 protocols line in dovecot.conf either.
 
 Are you saying that to DISABLE pop3-login I have to ENABLE IMAP 
 specifically even though IMAP already works fine?
 
 It sounds like that's exactly what he's saying.
 All dovecot configuration values have defaults. Reindl is saying 
 that the default for protocols includes pop3, and your experience 
 seems to prove he's right. If you do set that configuration item, 
 it will include only what you specify.

The original doveconf -n in the OP indicated that managesieve is 
desired, so that should also be in the protocols line:

protocols = imap sieve
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if /dev/rob0 is in the Subject:

[Dovecot] Disabled pop3-login

2013-08-25 Thread LuKreme 
In my dovecot.conf I do not have pop3-login anabled (since I do not support 
pop3):

 # doveconf -n
# 2.2.5: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE i386  
auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
disable_plaintext_auth = no
first_valid_uid = 89
log_path = /var/log/dovecot
login_log_format_elements = user=%u %r %m %c
mail_location = maildir:~/Maildir
mail_max_userip_connections = 50
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox NotJunk {
auto = subscribe
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox Sent Messages {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
mode = 0666
  }
}
service imap-login {
  inet_listener imaps {
port = 993
ssl = yes
  }
}
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
  driver = passwd
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  default_fields = uid=vpopmail gid=vchkpw mail_location=/usr/local/virtual/%u
  driver = sql
}

but I see thousands (tens of thousands) of

dovecot:Aug 18 14:26:06 pop3-login: Info: Aborted login (auth failed, 1 
attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150, 
lip=75.148.117.93, session=+VcroT7kUgBKX1KW
dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed, 1 
attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150, 
lip=75.148.117.93, session=kbNdoT7kWwBKX1KW
dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed, 1 
attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150, 
lip=75.148.117.93, session=rRWQoT7kWgBKX1KW
dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed, 1 
attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150, 
lip=75.148.117.91, session=feCpoT7kfwBKX1KW
dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed, 1 
attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150, 
lip=75.148.117.93, session=lmTCoT7kiQBKX1KW
dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed, 1 
attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150, 
lip=75.148.117.91, session=5oPcoT7ktABKX1KW

Yes, I need to install fail2ban or something on this new machine, but still...


-- 
Mom: There was more than one lobster present at the birth of Jesus?
Daughter: Duh.

Re: [Dovecot] Disabled pop3-login

2013-08-25 Thread Reindl Harald 


Am 26.08.2013 01:42, schrieb LuKreme:
 In my dovecot.conf I do not have pop3-login anabled (since I do not support 
 pop3)

but you do not have it disabled

protocols = imap



signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Disabled pop3-login

2013-08-25 Thread Tamsy 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
LuKreme wrote the following on 26.08.2013 06:42:
 In my dovecot.conf I do not have pop3-login anabled (since I do not support 
 pop3):

  # doveconf -n
 # 2.2.5: /usr/local/etc/dovecot/dovecot.conf
 # OS: FreeBSD 9.1-RELEASE i386 
 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
 disable_plaintext_auth = no
 first_valid_uid = 89
 log_path = /var/log/dovecot
 login_log_format_elements = user=%u %r %m %c
 mail_location = maildir:~/Maildir
 mail_max_userip_connections = 50
 managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
 namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
 special_use = \Drafts
   }
   mailbox Junk {
 auto = subscribe
 special_use = \Junk
   }
   mailbox NotJunk {
 auto = subscribe
   }
   mailbox Sent {
 special_use = \Sent
   }
   mailbox Sent Messages {
 special_use = \Sent
   }
   mailbox Trash {
 special_use = \Trash
   }
   prefix =
 }
 passdb {
   driver = pam
 }
 passdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   driver = sql
 }
 service auth {
   unix_listener /var/spool/postfix/private/auth {
 mode = 0666
   }
 }
 service imap-login {
   inet_listener imaps {
 port = 993
 ssl = yes
   }
 }
 ssl_cert = /etc/ssl/certs/dovecot.pem
 ssl_key = /etc/ssl/private/dovecot.pem
 userdb {
   driver = passwd
 }
 userdb {
   args = /etc/dovecot/dovecot-sql.conf.ext
   default_fields = uid=vpopmail gid=vchkpw
mail_location=/usr/local/virtual/%u
   driver = sql
 }

 but I see thousands (tens of thousands) of

 dovecot:Aug 18 14:26:06 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=+VcroT7kUgBKX1KW
 dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=kbNdoT7kWwBKX1KW
 dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=rRWQoT7kWgBKX1KW
 dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.91, session=feCpoT7kfwBKX1KW
 dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.93, session=lmTCoT7kiQBKX1KW
 dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed,
1 attempts in 17 secs): user=john, method=PLAIN, rip=74.95.82.150,
lip=75.148.117.91, session=5oPcoT7ktABKX1KW

 Yes, I need to install fail2ban or something on this new machine, but
still...


Besides of the above, if you are not going to use POP3 at all I would
close port 110 and port 995 with DROP to let to go these accesses to
nowhere.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
 
iQEcBAEBAgAGBQJSGqVsAAoJEKYXVM1dyOfZYEIH+wT//iSbLbn7mwruVTm7N7vC
G4NIUduFeW/s+zFJ+36QwPHG+gGnSM0uDk0upfeytjh0IMh0ADRZGhKQ/A3wnQy+
qNsu1Cvy5GsBag1mi4gJndJoPPZe8JAMaHncbm6lAN3s5wDFGtqyT7V/4BYUSsmV
NkeWayP/r6NK9LCKsV2jnxJvdSyn20iiViMRYWRqNViPyvmlUKEpkjSqbGhDPpv4
DYCKBx1DO17j2S2nbpeqYEuQoZNkHVWi10UzLBFt05Ubt0AIMMIGcTOcPzZftn5a
UL1d8M7JvGDd50u9B4/Xh8zdr8PKZT05kpPqMe0rVDNkwHpUe9Se/oyfXNwU2tk=
=rKgv
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Disabled pop3-login

2013-08-25 Thread Reindl Harald 


Am 26.08.2013 02:46, schrieb Tamsy:
 LuKreme wrote the following on 26.08.2013 06:42:
 In my dovecot.conf I do not have pop3-login anabled (since I do not support 
 pop3):

as said already, it's one line in dovecot.conf
protocols = imap

 Besides of the above, if you are not going to use POP3 at all I would
 close port 110 and port 995 with DROP to let to go these accesses to
 nowhere

besides the fact that unused services should not listen at all
this advice in case of firewalls is wrong - close *any* port
as default and open *only* the one you are using

not the other direction DROP specific ones you do not want

frankly, there are 65535 possible ports





signature.asc
Description: OpenPGP digital signature

Re: [Dovecot] Disabled pop3-login

2013-08-25 Thread Tamsy 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
 
Reindl Harald wrote the following on 26.08.2013 07:56:


 Am 26.08.2013 02:46, schrieb Tamsy:
 LuKreme wrote the following on 26.08.2013 06:42:
 In my dovecot.conf I do not have pop3-login anabled (since I do not
support pop3):

 as said already, it's one line in dovecot.conf
 protocols = imap

 Besides of the above, if you are not going to use POP3 at all I would
 close port 110 and port 995 with DROP to let to go these accesses to
 nowhere

 besides the fact that unused services should not listen at all
 this advice in case of firewalls is wrong - close *any* port
 as default and open *only* the one you are using

 not the other direction DROP specific ones you do not want

 frankly, there are 65535 possible ports



Reindl is correct like almost always. But isn't it the basics anyway
when going for IPtables, to drop all at first and open one by one as
needed? Obviously LuKreme has at least port left 110 open and what I
ment is to close it right away to let these thousands (tens of
thousands) accesses to go nowhere




-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (MingW32)
 
iQEcBAEBAgAGBQJSGqtuAAoJEKYXVM1dyOfZvKYH/2MSgMAyq6hyt1g8SmEkdVpC
XL4SYjg2Fj0TYo6NjMSUTo7FWwz+8rO3cvqKeoMUzv4vwzzdHnG52LVRq71NrwwY
nbL1IKN/HsQp7SfF9Gy+H5l9tkTiXrPZU6/6Ku0DQ7JtLCsi6Q0KP9+66ZnW+uqH
T82Z0KlJDVizFxeSPb4MiNmIj/AaOe+brFX8iXisXuSG4toZFkL2VtWaVYsIW3+V
+9ao+8mw4IJt/9F9t40YUsINqokWkbhG5VZKdln93lUd4m/+LbTUPwEMG+PAsmHE
MoysHKbmBniPvLvIlj7oNIeZROYuxSm1fndHlXewlq/vD/Qt9TBHYN3S/UmtN3I=
=IuF8
-END PGP SIGNATURE-



0x5DC8E7D9.asc
Description: application/pgp-keys

Re: [Dovecot] Disabled pop3-login

2013-08-25 Thread LuKreme 

On 25 Aug 2013, at 18:00 , Reindl Harald h.rei...@thelounge.net wrote:

 Am 26.08.2013 01:42, schrieb LuKreme:
 In my dovecot.conf I do not have pop3-login anabled (since I do not support 
 pop3)
 
 but you do not have it disabled
 
 protocols = imap

First, that is imap. Second, the string pop3 does not appear anywhere in the 
output of dovecot.conf. Third, there is no protocols line in dovecot.conf 
either.

Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically 
even though IMAP already works fine?

-- 
FRIDAYS ARE NOT PANTS OPTIONAL Bart chalkboard Ep. AABF23