Mail account brute force / harassment
Robert Kudyba
rkudyba at fordham.edu
Fri Apr 12 21:45:30 EEST 2019
>
> You are running some kind of proxy in front of it.
No proxy. Just sendmail with users using emacs/Rmail or
Webmail/Squirrelmail.
> If you want it to show real client IP, you need to enable forwarding of
> said data. With dovecot it's done by setting
>
> login_trusted_networks = your-upstream-host-or-net
>
> in backend config file.
>
OK I changed it and restarted wforce and dovecot. Still seeing this:
Apr 12 14:38:55 auth: Debug: policy(ouruser,127.0.0.1,<6GFTnVmGcMN/AAAB>):
Policy server request JSON: {"device_id":"","login":"
ouruser","protocol":"imap","pwhash":"43","remote":"127.0.0.1","success":false,"policy_reject":false,"tls":false}
> For webmails, this requires both login_trusted_networks and also support
> from the webmail software to forward client IP.
>
I did get a reply from the Squirrelmail list:
"Well, I've had code sitting around for a while that implements RFC2971 (ID
command), so I just committed it. You can use it for this purpose by
putting something like this into your config/config_local.php
$imap_id_command_args = array('remote-host' => '###REMOTE ADDRESS###');"
Which I also added previously. But that doesn't address emacs/RMail users.
Could there be a setting in sendmail.mc/cf file that I'm missing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190412/9ada940d/attachment.html>
More information about the dovecot
mailing list