> On June 30, 2017 at 10:24 PM Daniel Miller <dmil...@amfes.com> wrote: > > > On 6/30/2017 12:05 PM, Aki Tuomi wrote: > >> On June 30, 2017 at 9:49 PM Daniel Miller <dmil...@amfes.com> wrote: > >> > >> > >> I've made a preliminary auth policy server in Perl - and it sort of > >> works (mostly) - but I've got some questions on "proper" implementation. > >> > >> > > Hi! > > > > First of all, which version are you running, and can you get a bt full > > backtrace of the crash? > > > > Secondly, the endpoint does not need to be a proper web server, you can > > compare with https://github.com/PowerDNS/weakforced which is another > > implementation of auth policy server. > > > > Aki > > That link helped a lot - among other things forcing me to read. I > actually broke my policy server trying to "improve" it - I implemented a > 30-second auth delay on valid logins! Setting that back to 0 seems to > do the trick... > > I running Dovecot 2.2.28. For the bt - I'll be happy to if still > desired, but you'll have to give me instructions as I don't know how. > > As I continue tweaking this, if there's any interest I'll see about > sharing this. For my own needs I wanted a GeoIP based policy. My > thinking, skewed as it is, is that while SMTP needs to be relatively > open - as I have friends & business contacts in other countries - the > only people who access my IMAP server are somewhere in my country. > Therefore, simply restricting login attempts to only be from IP's in my > country will block the majority of botnets (at least, that's what I > think I'm seeing from my logs). > > Daniel
Hi! Please upgrade to at least 2.2.29, there are bugs fixed related to auth policy server, most likely your bug is fixed there too. Aki
