On 04/03/2023 17:10 EET Sacha wrote:
Hi,
We have growing imap-login processes until we reach the max processes.
This occurs when a particular user have a login error due to our LDAP misconfiguration:
---Mar 4 14:59:33
Dovecot tries to hide passwords in logs so you're probably safe.
Remember that there is no automatic password change for mail crypt. If user's password is changed, it will require corresponding update for user's master key.
Aki
Hi,
We have growing imap-login processes until we reach the max processes.
This occurs when a particular user have a login error due to our LDAP
misconfiguration:
---
Mar 4 14:59:33 hera dovecot[2226963]: auth: Error:
plain(john.doe,XX.XX.XX.XX,<13C0eBP2354lqXpO>): user not found from any
Hi,
Yeah, I just realized myself that what I did there was probably not the
smartest thing to do, as I indeed figured dovecot would probably just use that
as a plain text string. ;-) I've now opted to do the following (I'm using
PostgreSQL BTW):
password_query = SELECT \
email as user, passwor
Hi,
just to mention this. If you use the stored password hash, it equals to using a plain text string. Depending on your threat model it might or not be an issue that admins have access to the password used to encrypt mails.
Aki
Hi again,
I was able to solve both questions. I was overthinking things.
A solution to the first question about mail_attribute_dict was simply to use
other available variables to point to the virtual user's maildir paths. Like
so: /var/mail/%d/%u/dovecot-attributes
As for the second question:
