Re: under some kind of attack
Hi Joseph
On 07/24/2017 04:51 AM, Joseph Tam wrote:> You are essentially writing your own
backend by taking over
> authentication. You'll be accepting user/password inputs into your
> checkpassword executable, then use the LDAP API (or some other system...snip
> and source address, which will be adversely affect performance on a
> busy server as authentication data cannot be cached.
While this sounds awesome, it can do much more than what I was/am after, and
appears lot more complicated to setup than what I had figured myself.
Shouldn't I be able to do something like this:
passdb {
driver = passwd-file
# application specific passwd-file should work from anywhere
# (so: no allow_nets)
args = /etc/dovecot/dovecot-application-specific
}
passdb {
# only allowed to use this from within local 192.168.1.0/24
args = /etc/dovecot/dovecot-ldap.conf.ext allow_nets=192.168.1.0/24
driver = ldap
}
Where I would generate lines in dovecot-application-specific using a script or
some webpage, and generate lines like:
username1:randomONE:vmail:vmail::/var/vmail/username1:
username1:randomTWO:vmail:vmail::/var/vmail/username1:
username2:randomTHREE:vmail:vmail::/var/vmail/username2:
username2:randomFOUR:vmail:vmail::/var/vmail/username2:
And the result would be: username1 can login from anywhere, using passwords
"randomONE" & "randomTWO", plus the password in ldap when coming from the
internal network.
We have only one domain, one 'set of users', one ldap database.and
In my tests, I can't get the allow_nets to work, so I'm doing something wrong.
Can anyone point out what is wrong with the above logic?
Or perhaps convert the above pseudo-conf into *real* dovecot.conf?
MJ
Re: [Dovecot] Question regarding Postfix and Dovecot
Hi Daniel,
I'm new to dovecot myself, but did you read this:
http://wiki2.dovecot.org/LDA/Postfix
I'm guessing that perhaps you need to configure your virtual transport?
So, in master.cf, include a line like:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail
argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
and configure virtual_transport = dovecot in main.cf
But again... I'm very new to all this myself, but perhaps it helps?
Regards,
MJ
Re: [Dovecot] Question regarding Postfix and Dovecot
Looking at your config, I notice
virtual_transport = virtual
However according to http://wiki2.dovecot.org/LDA/Postfix:
main.cf:
dovecot_destination_recipient_limit = 1
virtual_mailbox_domains = your.domain.here
virtual_transport = dovecot
master.cf:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail
argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
But again, I'm new to all this. Here postfix/dovecot/virtual works fine,
and all I did was follow the docs.
On 3/14/2013 11:53 AM, Daniel Reinhardt wrote:
Replying back to the list.
On Thu, Mar 14, 2013 at 10:51 AM, mourik jan c heupink <
heup...@merit.unu.edu> wrote:
please reply to the list
On 3/14/2013 11:38 AM, Daniel Reinhardt wrote:
Yes I have read everything on that, and yet postfix does not even see
the dovecot virtual transport.
On Thu, Mar 14, 2013 at 10:37 AM, mourik jan c heupink
mailto:heup...@merit.unu.edu>**> wrote:
Hi Daniel,
I'm new to dovecot myself, but did you read this:
http://wiki2.dovecot.org/LDA/_**_Postfix<http://wiki2.dovecot.org/LDA/__Postfix>
<http://wiki2.dovecot.org/LDA/**Postfix<http://wiki2.dovecot.org/LDA/Postfix>
I'm guessing that perhaps you need to configure your virtual
transport? So, in master.cf <http://master.cf>, include a line like:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail
argv=/usr/local/libexec/__**dovecot/dovecot-lda -f ${sender} -d
${recipient}
and configure virtual_transport = dovecot in main.cf <http://main.cf>
But again... I'm very new to all this myself, but perhaps it helps?
Regards,
MJ
--
Daniel Reinhardt
crypto...@cryptodan.net
<mailto:cryptodan@cryptodan.**net
http://www.cryptodan.net
301-875-7018(c)
410-455-0488(h)
