[SOGo] Fwd: webmail login attacks - captcha?
-- Forwarded message -- From: George C. Aquino Date: Thu, Apr 26, 2018 at 9:43 AM Subject: Re: [SOGo] webmail login attacks - captcha? To: users@sogo.nu Dear Sir, Good morning and glad to being connected within here and can you help me to log in correctly coz I could not do so far. Thnx, Gery. On Wed, Apr 25, 2018 at 1:00 PM, Christoph Kreutzer wrote: > Hi, > > If the IPs are all 127.0.0.1 in SOGos log, then you did not correctly > configure Apache to forward the IPs like proxies do. I think that is > mentioned in the manual. > > Christoph > > Am 24.04.2018 um 21:48 schrieb Sergio Cesar winc (ser...@winc.net) < > users@sogo.nu>: > > I wonder if one could user the webserver authentication and pass it to > SOGo or roundcube. Than fail2ban will catch the ip from the http log. > > SC > > > From: Sebastián Meyer > Sent: Tuesday, April 24, 9:51 AM > Subject: [SOGo] webmail login attacks - captcha? > To: users@sogo.nu > > > Hi, > > I have a couple of compromissed webmail accounts, passwords wheren't easy > to guess. > > I'd like to add an increasing delay for failed logins and a captcha, is it > possible? > > For IMAP and SMTP access I use fail2ban, but using it for for webmail > access DoS attacks would be unacceptable frequently, all logins are from > localhost (127.0.0.1) > > TIA, > > -- > Seb > -- > users@sogo.nu > https://inverse.ca/sogo/lists > > > -- > users@sogo.nu > https://inverse.ca/sogo/lists > > -- > users@sogo.nu > https://inverse.ca/sogo/lists > -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] webmail login attacks - captcha?
Dear Sir, Good morning and glad to being connected within here and can you help me to log in correctly coz I could not do so far. Thnx, Gery. On Wed, Apr 25, 2018 at 1:00 PM, Christoph Kreutzer wrote: > Hi, > > If the IPs are all 127.0.0.1 in SOGos log, then you did not correctly > configure Apache to forward the IPs like proxies do. I think that is > mentioned in the manual. > > Christoph > > Am 24.04.2018 um 21:48 schrieb Sergio Cesar winc (ser...@winc.net) < > users@sogo.nu>: > > I wonder if one could user the webserver authentication and pass it to > SOGo or roundcube. Than fail2ban will catch the ip from the http log. > > SC > > > From: Sebastián Meyer > Sent: Tuesday, April 24, 9:51 AM > Subject: [SOGo] webmail login attacks - captcha? > To: users@sogo.nu > > > Hi, > > I have a couple of compromissed webmail accounts, passwords wheren't easy > to guess. > > I'd like to add an increasing delay for failed logins and a captcha, is it > possible? > > For IMAP and SMTP access I use fail2ban, but using it for for webmail > access DoS attacks would be unacceptable frequently, all logins are from > localhost (127.0.0.1) > > TIA, > > -- > Seb > -- > users@sogo.nu > https://inverse.ca/sogo/lists > > > -- > users@sogo.nu > https://inverse.ca/sogo/lists > > -- > users@sogo.nu > https://inverse.ca/sogo/lists > -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] webmail login attacks - captcha?
Hi, If the IPs are all 127.0.0.1 in SOGos log, then you did not correctly configure Apache to forward the IPs like proxies do. I think that is mentioned in the manual. Christoph > Am 24.04.2018 um 21:48 schrieb Sergio Cesar winc (ser...@winc.net) > : > > I wonder if one could user the webserver authentication and pass it to SOGo > or roundcube. Than fail2ban will catch the ip from the http log. > > SC > > > From: Sebastián Meyer > Sent: Tuesday, April 24, 9:51 AM > Subject: [SOGo] webmail login attacks - captcha? > To: users@sogo.nu > > > Hi, > > I have a couple of compromissed webmail accounts, passwords wheren't easy to > guess. > > I'd like to add an increasing delay for failed logins and a captcha, is it > possible? > > For IMAP and SMTP access I use fail2ban, but using it for for webmail access > DoS attacks would be unacceptable frequently, all logins are from localhost > (127.0.0.1) > > TIA, > > -- > Seb > -- > users@sogo.nu > https://inverse.ca/sogo/lists > > > -- > users@sogo.nu > https://inverse.ca/sogo/lists -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] v2 on stretch
Hi Slávek, Thanks for your reply and insight. Strange that we are using the official apt repo, and have a lesser user experience than with your alternative repo. (which i did not know that existed, btw) Anyway, thanks again! MJ On 04/25/2018 02:36 AM, Slávek Banko (slavek.ba...@axis.cz) wrote: Hi, the problem is that in Debian Stretch, SOGo v3 packages are included in the official Debian distribution. If you select SOGo v2 packages from official Inverse repository, they will be updated to distribution packages and will cause conflicts. The solution would be if packages for SOGo v2 were set to "epoch" - in this way packages will be "newer" than SOGo v3 in Stretch - see packages in my alternative repository. Another solution is to modify the apt configuration to 'pin' packages for desired version or to set a higher priority for the Inverse repository. Cheers -- users@sogo.nu https://inverse.ca/sogo/lists