Hello Dovecot developers,
Apple has made and tested significant changes to Dovecot v1.1 and now
is ready to contribute them back to your open source project. The
changes include:
Scalability and performance: allow pop/imap mail processes to handle multiple clients larger listen queues
Stability and maintenance: fix to allow cross-compilation workarounds for Mac OS X bugs a couple general bug fixes symbol conflict resolution
Features: Open Directory integration back off after failed auth attempts Mac OS X-specific handle dynamic host name changes
I could contribute these as one giant patch or as a sequence of
discrete patches. How would you prefer to receive them?
three cheers to see apple working on this. hopefully we will see it on 10.6 os x server
looking forward to it.
if there is any tutorial on installing it in conjunction 10.5 server
it would be greatly appreciated.
rashantha de silva
On Dec 12, 2008, at 12:24 PM, Mike Abbott wrote:
Hello Dovecot developers,
Apple has made and tested significant changes to Dovecot v1.1 and
now is ready to contribute them back to your open source project.
The changes include:Scalability and performance: allow pop/imap mail processes to handle multiple clients larger listen queues
Stability and maintenance: fix to allow cross-compilation workarounds for Mac OS X bugs a couple general bug fixes symbol conflict resolution
Features: Open Directory integration back off after failed auth attempts Mac OS X-specific handle dynamic host name changes
I could contribute these as one giant patch or as a sequence of
discrete patches. How would you prefer to receive them?
amazing. we just finished hacking apple-user-mailattribute into our
dovecot ldap conf last month. do you have any sample confs posted?
our OD usage atm is very crude...
JL
On Dec 12, 2008, at 3:24 PM, Mike Abbott wrote:
Hello Dovecot developers,
Apple has made and tested significant changes to Dovecot v1.1 and
now is ready to contribute them back to your open source project.
The changes include:Scalability and performance: allow pop/imap mail processes to handle multiple clients larger listen queues
Stability and maintenance: fix to allow cross-compilation workarounds for Mac OS X bugs a couple general bug fixes symbol conflict resolution
Features: Open Directory integration back off after failed auth attempts Mac OS X-specific handle dynamic host name changes
I could contribute these as one giant patch or as a sequence of
discrete patches. How would you prefer to receive them?
On Fri, 2008-12-12 at 14:24 -0600, Mike Abbott wrote:
Hello Dovecot developers,
Apple has made and tested significant changes to Dovecot v1.1 and now
is ready to contribute them back to your open source project. The
changes include:
Sounds great!
I could contribute these as one giant patch or as a sequence of
discrete patches. How would you prefer to receive them?
Separate patches would be easiest. I'll most likely put only the bug fixes to v1.1 and the rest to v1.2.
On Dec 13, 2008, at 12:34 AM, Timo Sirainen wrote:
Hello Dovecot developers,
Apple has made and tested significant changes to Dovecot v1.1 and now is ready to contribute them back to your open source project. The changes include:
Sounds great!
Yes it does. Thanks, Apple!
I could contribute these as one giant patch or as a sequence of discrete patches. How would you prefer to receive them?
Separate patches would be easiest. I'll most likely put only the bug fixes to v1.1 and the rest to v1.2.
Timo, if I may make a request...Unless 1.2 will be released soon,
would you please also look into the possibility of integrating the
"back off after failed auth attempts" feature into the 1.1 code
base? I need that badly here, to the point that I was considering
writing such a patch myself. Hoards of little prepubescent
miscreants won't stop hammering on my pop3 port and it's driving me
bananas.
-Dave-- Dave McGuire Port Charlotte, FL
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Dave McGuire said the following on 13/12/08 06:41:
Timo, if I may make a request...Unless 1.2 will be released soon, would you please also look into the possibility of integrating the "back off after failed auth attempts" feature into the 1.1 code base? I need that badly here, to the point that I was considering writing such a patch myself. Hoards of little prepubescent miscreants won't stop hammering on my pop3 port and it's driving me bananas.
In the meantime you can use fail2ban.
Ciao, luigi
/ +--[Luigi Rosa]-- \
It is not the strongest of the species that survives, nor the most intelligent, but the one most responsive to change. --Charles Darwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklDS4IACgkQ3kWu7Tfl6ZSfjQCfai+yiXdvl0N9sOOYsNP3lnqh CPQAniqly2wWSxhIx2d11Zt0t+hczVzq =rWok -----END PGP SIGNATURE-----
On Dec 13, 2008, at 12:43 AM, Luigi Rosa wrote:
Timo, if I may make a request...Unless 1.2 will be released soon, would you please also look into the possibility of integrating the
"back off after failed auth attempts" feature into the 1.1 code base? I
need that badly here, to the point that I was considering writing such a patch myself. Hoards of little prepubescent miscreants won't stop hammering on my pop3 port and it's driving me bananas.In the meantime you can use fail2ban.
Thank you for the suggestion, but no, that doesn't work for me.
I'm not running a Linux box, I'm running Solaris...and I'm not
interested in running a firewall on my mail server.
I do appreciate the suggestion, though.
-Dave-- Dave McGuire Port Charlotte, FL
- Dave McGuire mcguire@neurotica.com:
Thank you for the suggestion, but no, that doesn't work for me. I'm not running a Linux box, I'm running Solaris...
It runs on Solaris.
and I'm not interested in running a firewall on my mail server.
You don't have to, you could simply nullroute the source IPs :)
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) snickebo@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job Having an email problem is painful, but character-building.
On Dec 13, 2008, at 2:44 AM, Ralf Hildebrandt wrote:
Thank you for the suggestion, but no, that doesn't work for me.
I'm not running a Linux box, I'm running Solaris...It runs on Solaris.
and I'm not interested in running a firewall on my mail server.
You don't have to, you could simply nullroute the source IPs :)
By having fail2ban manipulate the routing table a-la "route add
<etc>"?
-Dave-- Dave McGuire Port Charlotte, FL
- Dave McGuire mcguire@neurotica.com:
You don't have to, you could simply nullroute the source IPs :)
By having fail2ban manipulate the routing table a-la "route add <etc>"?
route add *host* reject yes, something like that.
-- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) snickebo@charite.de Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155 http://www.arschkrebs.de I'm looking for a job C is quirky, flawed, and an enormous success. -- Dennis M. Ritchie.
On Dec 13, 2008, at 3:13 AM, Ralf Hildebrandt wrote:
You don't have to, you could simply nullroute the source IPs :)
By having fail2ban manipulate the routing table a-la "route add
<etc>"?route add *host* reject yes, something like that.
Understood. I sorta like this idea. I will give it further
thought. Thank you!
-Dave-- Dave McGuire Port Charlotte, FL
Charles Marcus a écrit :
On 12/13/2008, Dave McGuire (mcguire@neurotica.com) wrote:
and I'm not interested in running a firewall on my mail server.
Wow.. I can't imagine NOT running a mail server without a firewall...
Different strokes for different folks I guess... :)
He said "_ON_ my mail server". he didn't say that he doesn't have a firewall between the mail server and the jungle notwork ;-p
On 12/13/2008, mouss (mouss@netoyen.net) wrote:
Wow.. I can't imagine NOT running a mail server without a firewall...
Different strokes for different folks I guess... :)
He said "_ON_ my mail server". he didn't say that he doesn't have a firewall between the mail server and the jungle notwork ;-P
I know... but I believe in layered security. I run a firewall in front of the mail (or other) server, but I also run one ON the mail (or other) server... ;-p
It's not like it costs anything extra.... :)
--
Best regards,
Charles
On Dec 13, 2008, at 9:07 AM, Charles Marcus wrote:
On 12/13/2008, mouss (mouss@netoyen.net) wrote:
Wow.. I can't imagine NOT running a mail server without a
firewall...Different strokes for different folks I guess... :)
He said "_ON_ my mail server". he didn't say that he doesn't have a firewall between the mail server and the jungle notwork ;-P
I know... but I believe in layered security. I run a firewall in front of the mail (or other) server, but I also run one ON the mail (or
other) server... ;-pIt's not like it costs anything extra.... :)
May I suggest you'all change the subject of your (new) thread. Many
of us are anxious to stay abreast of the Apple patch discussion and
you're taking it far afield.
Thank you,
B. Bodger
On Dec 13, 2008, at 10:07 AM, Charles Marcus wrote:
Wow.. I can't imagine NOT running a mail server without a
firewall...Different strokes for different folks I guess... :)
He said "_ON_ my mail server". he didn't say that he doesn't have a firewall between the mail server and the jungle notwork ;-P
I know... but I believe in layered security. I run a firewall in front of the mail (or other) server, but I also run one ON the mail (or
other) server... ;-p
My network security is handled elsewhere. I too believe in
layered security, but my desire to use the right tool for the job is
much stronger. My mail server is busy serving mail; my network
security is handled by equipment built and optimized for that job.
It's not like it costs anything extra.... :)
Well...that's the attitude that got us operating systems that need
a gigabyte of memory just to boot, and processors clocked at 3GHz
that give me the same useful performance as my 4MHz Z80 twenty years
ago. ;) Nothing is free.
-Dave-- Dave McGuire Port Charlotte, FL
My network security is handled elsewhere. I too believe in layered security, but my desire to use the right tool for the job is much stronger. My mail server is busy serving mail; my network security is handled by equipment built and optimized for that job.
It's not like it costs anything extra.... :) Well...that's the attitude that got us operating systems that need a gigabyte of memory just to boot, and processors clocked at 3GHz that give me the same useful performance as my 4MHz Z80 twenty years ago. ;) Nothing is free. I can see both sides of this. I have an old FreeBSD machine without filtering in the kernel where I've been forced to create null routes for hosts that insisted on hammering the machine. My first firewall was Mischler's IPRoute for DOS on a 386-16 with a floppy drive. I know that any machine nowadays is plenty powerful enough to do basic filtering with no adverse affects. We have NICs that can handle Gigabit speeds handling data across a 1.5Megabit T1.
My suggestion is to just use the simplest solution for your situation.
If you don't have packet filtering in the cable, use a null route. If
you have it, use it. If you're completely adverse to doing anything
other than mail on the mail server, give Apple a couple days to supply
the patches and run with that. Mike said the patches were against 1.1,
so it's not like anyone would absolutely need to use the beta 1.2 to get
these features. Even better if he can break the whole of the changes
into smaller patches.
Rick
On S 13 Dec, 2008, at 14:56 , Charles Marcus wrote:
On 12/13/2008, Dave McGuire (mcguire@neurotica.com) wrote:
and I'm not interested in running a firewall on my mail server.
Wow.. I can't imagine NOT running a mail server without a firewall...
you put in so many negatives there that the meaning came out the
opposite of what you wanted, I suppose.
g
On 12/13/2008, Dave McGuire (mcguire@neurotica.com) wrote:
Hoards of little prepubescent miscreants won't stop hammering on my pop3 port and it's driving me bananas.
Although I'm not necessarily arguing against such a feature being integrated directly into dovecot, you can fix you're problem now using something like fail2ban - and it will work for other applications too (like ssh)...
--
Best regards,
Charles
participants (13)
-
Bruce Bodger
-
Charles Marcus
-
Cor Bosman
-
Dave McGuire
-
Giuliano Gavazzi
-
Jurvis LaSalle
-
Luigi Rosa
-
Mike Abbott
-
mouss
-
Ralf Hildebrandt
-
rashantha de silva
-
Rick Romero
-
Timo Sirainen