Re: How to block a dictionary attack
Hi i use in this way fail2ban (http://www.fail2ban.org/). and not only for imap ... fail2ban is confugurable for other net services too. Kleo On Mon, 12 Apr 2010, ram wrote: I am seeing this pattern now very often. Every weekend someone tries to gain unauthorized access to the my imap servers by trying random username / passwords Yesterday by afternoon someone had tried half a million times on my servers from 62.141.37.141. I have written to the abuse contact address ... not that I expect any reply anyway I would like to configure cyrus such a way that if there are 10 failed logins from an ip address in 10 minutes and no successful logins just block the IP address. ( Or inject the ip into my firewall ) Is there something similar already available Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Vladimir `KLEO' Klejch Kleo'at'netbox'dot'cz ... ... ... ... Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
user_deny.db, very high load and Apple-Spotlight
Hi, we graded up to cyrus 2.3.16 a few weeks ago and since then the load average showed values from 200 to 300 a few times per day. The server has 16 cores, 64GB RAM an is attached to a SAN. This machine is quite powerfull. It serves about 5000 mailboxes. First we touched user_deny.db to get rid of these annoying IOERROR-messages. These messages where replaced by (annoying) 'fetching user_deny.db'-entries. A normal IMAP-user causes about 500 to 1500 of such messages in eight hours. But we found two users who 'generated' 500 (!) and 25 of such messages in this period. After phoning them we found out, that they where using Mac OS X and Thunderbird 3 (the one with 5 Mio messages) and Mail.app (the other one). Turning off the spotlight-search on IMAP-folders immediately turned the load average down to a normal value (about 0.2). I think we shouldn't advise 5000 users not to use Spotlight, we should deactivate user_deny.db. By the way, what is this database really good for? If we want someone not to use cyrus-service we deny this person by ldap for example. Kenneth Murchison stated in some mail on this list that user_deny.db is used once per login, that's definitely not true, it is used every time the client 'uses' an IMAP-folder and that can be pretty often! Maybe we can change this behaviour by some config? Is it possible to deactivate fetching user_deny.db-entries by some config-option or do we have to patch the sources? Regards, Mark -- Mark HeisterkampRRZN Tel: +49 511 762-5134 Schlosswender Str.5 Fax: +49 511 762-3003 D-30159 Hannover smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: How to block a dictionary attack
ram wrote: I am seeing this pattern now very often. Every weekend someone tries to gain unauthorized access to the my imap servers by trying random username / passwords Yesterday by afternoon someone had tried half a million times on my servers from 62.141.37.141. I have written to the abuse contact address ... not that I expect any reply anyway I use fail2ban which is nice, but I only serve through imaps and never see this. Eric Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
how to debug what happens inside mailboxes
Hello. I'm using cyrus 2.3.14 on a mailserver and a few users are complaining, that sometimes a message gets deleted from the mailbox after reading it. They are using some sort of outlook. Users are using imap to connect to their mailboxes. Is there a way to debug imap communication between outlook and cyrus imapd other then using tcpdump? Thanks Martin Kraus Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to debug what happens inside mailboxes
On 04/12/2010 10:05 AM, Martin Kraus wrote: Hello. I'm using cyrus 2.3.14 on a mailserver and a few users are complaining, that sometimes a message gets deleted from the mailbox after reading it. They are using some sort of outlook. Users are using imap to connect to their mailboxes. Is there a way to debug imap communication between outlook and cyrus imapd other then using tcpdump? Use telemetry: http://markmail.org/message/4kigyucxzlrn6lc6 Thanks Martin Kraus Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html attachment: boutilpj.vcf Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to debug what happens inside mailboxes
On Mon, Apr 12, 2010 at 10:12:13AM -0300, Patrick Boutilier wrote: On 04/12/2010 10:05 AM, Martin Kraus wrote: Hello. I'm using cyrus 2.3.14 on a mailserver and a few users are complaining, that sometimes a message gets deleted from the mailbox after reading it. They are using some sort of outlook. Users are using imap to connect to their mailboxes. Is there a way to debug imap communication between outlook and cyrus imapd other then using tcpdump? Use telemetry: http://markmail.org/message/4kigyucxzlrn6lc6 That is exactly what I need. Thanks. Is there some sort of documentation for such features in cyrus? I can't seem to find anything beyond basic setup and what is in manual pages. Stuff like annotations (through which I managed to delete 30GB of emails), global sieve skripts, snmp configuration etc? thanks mk Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to debug what happens inside mailboxes
On Mon, 2010-04-12 at 15:32 +0200, Martin Kraus wrote: On Mon, Apr 12, 2010 at 10:12:13AM -0300, Patrick Boutilier wrote: On 04/12/2010 10:05 AM, Martin Kraus wrote: Hello. I'm using cyrus 2.3.14 on a mailserver and a few users are complaining, that sometimes a message gets deleted from the mailbox after reading it. They are using some sort of outlook. Users are using imap to connect to their mailboxes. Is there a way to debug imap communication between outlook and cyrus imapd other then using tcpdump? Use telemetry: http://markmail.org/message/4kigyucxzlrn6lc6 That is exactly what I need. Thanks. Is there some sort of documentation for such features in cyrus? I can't seem to find anything beyond basic setup and what is in manual pages. Stuff like annotations (through which I managed to delete 30GB of emails), global sieve skripts, snmp configuration etc? I maintain a chapter on Cyrus admin in WMOGAG http://docs.opengroupware.org/Members/whitemice/wmogag/file_view The rest of the document may not apply to you, but that chapter should be pretty general. Feedback and recommendations are very welcome. It certainly isn't complete, but [not to toot my own horn] it is more complete than anything else I have found. -- Adam Tauno Williams awill...@whitemice.org LPIC-1, Novell CLA http://www.whitemiceconsulting.com OpenGroupware, Cyrus IMAPd, Postfix, OpenLDAP, Samba Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: user_deny.db, very high load and Apple-Spotlight
Mark Heisterkamp heisterk...@rrzn.uni-hannover.de wrote: Kenneth Murchison stated in some mail on this list that user_deny.db is used once per login, that's definitely not true, it is used every time the client 'uses' an IMAP-folder and that can be pretty often! Some clients open a new login session every time they open a new folder. Enable telemetry if you want to check what these clients do. Joseph Brennan Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to debug what happens inside mailboxes
On 12/04/10 15:32 +0200, Martin Kraus wrote: On Mon, Apr 12, 2010 at 10:12:13AM -0300, Patrick Boutilier wrote: Use telemetry: http://markmail.org/message/4kigyucxzlrn6lc6 That is exactly what I need. Thanks. Is there some sort of documentation for such features in cyrus? I can't seem to find anything beyond basic setup and what is in manual pages. Stuff like annotations (through which I managed to delete 30GB of emails), global sieve skripts, snmp configuration etc? Here's an attempt at documenting annotations: http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusAnnotations Since, presumably, these are based on a draft version of RFC 5464, they should not be considered Gospel. -- Dan White Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: how to debug what happens inside mailboxes
That is exactly what I need. Thanks. Is there some sort of documentation for such features in cyrus? I can't seem to find anything beyond basic setup and what is in manual pages. Stuff like annotations (through which I managed to delete 30GB of emails), global sieve skripts, snmp configuration etc? There's some stuff on the cyrus wiki, I'm sure more contributions are always welcome :) http://cyrusimap.web.cmu.edu/ leads to http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WebHome which leads to the pages: http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusTroubleshooting http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusFAQ Rob Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sync_client segmentation fault when using TLS
On 08 Apr 2010, at 16:32, Matt Selsky wrote: Can you add this patch to bugzilla? Is this the same as: https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3174 My patch for that is below. :wes sync_client-tls-capability-response.diff Description: Binary data Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html