[Dovecot] Disabled pop3-login
In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3):
# doveconf -n
# 2.2.5: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE i386
auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
disable_plaintext_auth = no
first_valid_uid = 89
log_path = /var/log/dovecot
login_log_format_elements = user=<%u> %r %m %c
mail_location = maildir:~/Maildir
mail_max_userip_connections = 50
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox NotJunk {
auto = subscribe
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
}
service imap-login {
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl_cert =
but I see thousands (tens of thousands) of
dovecot:Aug 18 14:26:06 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session=<+VcroT7kUgBKX1KW> dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session=<kbNdoT7kWwBKX1KW> dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session=<rRWQoT7kWgBKX1KW> dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150, lip=75.148.117.91, session=<feCpoT7kfwBKX1KW> dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150, lip=75.148.117.93, session=<lmTCoT7kiQBKX1KW> dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150, lip=75.148.117.91, session=<5oPcoT7ktABKX1KW>
Yes, I need to install fail2ban or something on this new machine, but still...
-- Mom: There was more than one lobster present at the birth of Jesus? Daughter: Duh.
On 25 Aug 2013, at 18:00 , Reindl Harald h.reindl@thelounge.net wrote:
Am 26.08.2013 01:42, schrieb LuKreme:
In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3)
but you do not have it disabled
protocols = imap
First, that is imap. Second, the string "pop3" does not appear anywhere in the output of dovecot.conf. Third, there is no protocols line in dovecot.conf either.
Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically even though IMAP already works fine?
-- FRIDAYS ARE NOT "PANTS OPTIONAL" Bart chalkboard Ep. AABF23
On 08/26/2013 12:43 AM, LuKreme wrote:
On 25 Aug 2013, at 18:00 , Reindl Harald h.reindl@thelounge.net wrote:
Am 26.08.2013 01:42, schrieb LuKreme:
In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3) but you do not have it disabled
protocols = imap First, that is imap. Second, the string "pop3" does not appear anywhere in the output of dovecot.conf. Third, there is no protocols line in dovecot.conf either.
Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically even though IMAP already works fine?
It sounds like that's exactly what he's saying. All dovecot configuration values have defaults. Reindl is saying that the default for protocols includes pop3, and your experience seems to prove he's right. If you do set that configuration item, it will include only what you specify.
On Mon, Aug 26, 2013 at 02:28:02AM -0400, Gedalya wrote:
On 08/26/2013 12:43 AM, LuKreme wrote:
Am 26.08.2013 01:42, schrieb LuKreme:
In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3) but you do not have it disabled
protocols = imap First, that is imap. Second, the string "pop3" does not appear anywhere in the output of dovecot.conf. Third, there is no
On 25 Aug 2013, at 18:00 , Reindl Harald h.reindl@thelounge.net wrote: protocols line in dovecot.conf either.
Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically even though IMAP already works fine?
It sounds like that's exactly what he's saying. All dovecot configuration values have defaults. Reindl is saying that the default for protocols includes pop3, and your experience seems to prove he's right. If you do set that configuration item, it will include only what you specify.
The original "doveconf -n" in the OP indicated that managesieve is desired, so that should also be in the protocols line:
protocols = imap sieve
http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Le 26 août 2013 à 06:43, LuKreme a écrit :
[...] First, that is imap. Second, the string "pop3" does not appear anywhere in the output of dovecot.conf. Third, there is no protocols line in dovecot.conf either.
Are you saying that to DISABLE pop3-login I have to ENABLE IMAP specifically even though IMAP already works fine?
Hello,
You have to override the defaults currently in use.
In the case of setting "protocols", which you haven't changed as shown by the output of "doveconf -n", you should see something like this:
$ doveconf protocols
protocols = imap pop3 lmtpAxel
Am 26.08.2013 06:43, schrieb LuKreme:
On 25 Aug 2013, at 18:00 , Reindl Harald h.reindl@thelounge.net wrote:
Am 26.08.2013 01:42, schrieb LuKreme:
In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3)
but you do not have it disabled
protocols = imap
First, that is imap
i know that, dovecot knows that
but protocols lists *all* enabled and if you only enable imap then you have only imap
Second, the string "pop3" does not appear anywhere in the output of dovecot.conf
so what - but it appears in the *defaults* because you hardly would be able to get software like dovecot or postfix running at all if you would need to write *every* config line in the config with correct values
[root@srv-rhsoft:~]$ doveconf -d | grep protocols protocols = imap pop3 lmtp ssl_protocols = !SSLv2
[root@srv-rhsoft:~]$ doveconf -n | grep protocols protocols = imap
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3):
# doveconf -n # 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE i386 auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN disable_plaintext_auth = no first_valid_uid = 89 log_path = /var/log/dovecot login_log_format_elements = user=<%u> %r %m %c mail_location = maildir:~/Maildir mail_max_userip_connections = 50 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox NotJunk { auto = subscribe } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } service auth { unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } ssl_cert =
but I see thousands (tens of thousands) of
dovecot:Aug 18 14:26:06 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
dovecot:Aug 18 14:26:10 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
dovecot:Aug 18 14:26:13 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
dovecot:Aug 18 14:26:15 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
dovecot:Aug 18 14:26:16 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
dovecot:Aug 18 14:26:18 pop3-login: Info: Aborted login (auth failed, 1 attempts in 17 secs): user=<john>, method=PLAIN, rip=74.95.82.150,
LuKreme wrote the following on 26.08.2013 06:42: lip=75.148.117.93, session=<+VcroT7kUgBKX1KW> lip=75.148.117.93, session=<kbNdoT7kWwBKX1KW> lip=75.148.117.93, session=<rRWQoT7kWgBKX1KW> lip=75.148.117.91, session=<feCpoT7kfwBKX1KW> lip=75.148.117.93, session=<lmTCoT7kiQBKX1KW> lip=75.148.117.91, session=<5oPcoT7ktABKX1KW>
Yes, I need to install fail2ban or something on this new machine, but
still...
Besides of the above, if you are not going to use POP3 at all I would close port 110 and port 995 with DROP to let to go these accesses to nowhere. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32)
iQEcBAEBAgAGBQJSGqVsAAoJEKYXVM1dyOfZYEIH+wT//iSbLbn7mwruVTm7N7vC G4NIUduFeW/s+zFJ+36QwPHG+gGnSM0uDk0upfeytjh0IMh0ADRZGhKQ/A3wnQy+ qNsu1Cvy5GsBag1mi4gJndJoPPZe8JAMaHncbm6lAN3s5wDFGtqyT7V/4BYUSsmV NkeWayP/r6NK9LCKsV2jnxJvdSyn20iiViMRYWRqNViPyvmlUKEpkjSqbGhDPpv4 DYCKBx1DO17j2S2nbpeqYEuQoZNkHVWi10UzLBFt05Ubt0AIMMIGcTOcPzZftn5a UL1d8M7JvGDd50u9B4/Xh8zdr8PKZT05kpPqMe0rVDNkwHpUe9Se/oyfXNwU2tk= =rKgv -----END PGP SIGNATURE-----
Am 26.08.2013 02:46, schrieb Tamsy:
LuKreme wrote the following on 26.08.2013 06:42:
In my dovecot.conf I do not have pop3-login anabled (since I do not support pop3):
as said already, it's one line in dovecot.conf protocols = imap
Besides of the above, if you are not going to use POP3 at all I would close port 110 and port 995 with DROP to let to go these accesses to nowhere
besides the fact that unused services should not listen at all this advice in case of firewalls is wrong - close *any* port as default and open *only* the one you are using
not the other direction DROP specific ones you do not want
frankly, there are 65535 possible ports
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Reindl Harald wrote the following on 26.08.2013 07:56:
Am 26.08.2013 02:46, schrieb Tamsy:
LuKreme wrote the following on 26.08.2013 06:42:
In my dovecot.conf I do not have pop3-login anabled (since I do not
support pop3):
as said already, it's one line in dovecot.conf protocols = imap
Besides of the above, if you are not going to use POP3 at all I would close port 110 and port 995 with DROP to let to go these accesses to nowhere
besides the fact that unused services should not listen at all this advice in case of firewalls is wrong - close *any* port as default and open *only* the one you are using
not the other direction DROP specific ones you do not want
frankly, there are 65535 possible ports
Reindl is correct like almost always. But isn't it the basics anyway when going for IPtables, to drop all at first and open one by one as needed? Obviously LuKreme has at least port left 110 open and what I ment is to close it right away to let these thousands (tens of thousands) accesses to go nowhere....
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32)
iQEcBAEBAgAGBQJSGqtuAAoJEKYXVM1dyOfZvKYH/2MSgMAyq6hyt1g8SmEkdVpC XL4SYjg2Fj0TYo6NjMSUTo7FWwz+8rO3cvqKeoMUzv4vwzzdHnG52LVRq71NrwwY nbL1IKN/HsQp7SfF9Gy+H5l9tkTiXrPZU6/6Ku0DQ7JtLCsi6Q0KP9+66ZnW+uqH T82Z0KlJDVizFxeSPb4MiNmIj/AaOe+brFX8iXisXuSG4toZFkL2VtWaVYsIW3+V +9ao+8mw4IJt/9F9t40YUsINqokWkbhG5VZKdln93lUd4m/+LbTUPwEMG+PAsmHE MoysHKbmBniPvLvIlj7oNIeZROYuxSm1fndHlXewlq/vD/Qt9TBHYN3S/UmtN3I= =IuF8 -----END PGP SIGNATURE-----
participants (6)
-
/dev/rob0
-
Axel Luttgens
-
Gedalya
-
LuKreme
-
Reindl Harald
-
Tamsy