<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">I think I’m getting closer:<div class=""><br class=""></div><div class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">/var/log/messages shows:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255); min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar  7 12:01:35 olddsm wforce[22993]: WforceWebserver: HTTP Request "/" from 127.0.0.1:59188: Web Authentication failed</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar  7 12:02:43 olddsm wforce[22993]: allowLog too many different failed password attempts by IP: allow="-1" remote="127.0.0.1" login="localguy" protocol="" device_id="" device_attrs={} attrs={} rattrs={attempts="50" }</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar  7 12:03:10 olddsm wforce[22993]: deleteBLEntry login_bl: login=localguy</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Mar  7 12:03:12 olddsm wforce[22993]: allowLog too many different failed password attempts by IP: allow="-1" remote="127.0.0.1" login="localguy" protocol="" device_id="" device_attrs={} attrs={} rattrs={attempts="50" }</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255); min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">But this for loop looks to be working (note the instructions say <b class="">To report (if you configured with 'webserver("127.0.0.1:8084", "secret")') </b>but the actual value is 0.0.0.0)</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255); min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">for a in {1..101}; do curl -X POST -H "Content-Type: application/json" --data '{"login”:”ouruser”, "remote": "127.0.0.1", "pwhash":"1234'$a'", "success":"false"}'  <a href="http://127.0.0.1:8084/?command=report" class="">http://127.0.0.1:8084/?command=report</a> -u wforce:ourpassword; done</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}{"status":"ok"}[</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255); min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">Then:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">curl -X POST -H "Content-Type: application/json" --data '{"login”:”ouruser”, "remote": "127.0.0.1", "pwhash":"1234"}' <a href="http://127.0.0.1:8084/?command=allow" class="">http://127.0.0.1:8084/?command=allow</a> -u wforce:ourpassword</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">results in:</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{"msg": "", "r_attrs": {"attempts": "50"}, "status": -1}</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255); min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">curl -X POST -H "Content-Type: application/json" --data '{"login":"ouruser"}' <a href="http://127.0.0.1:8084/?command=reset" class="">http://127.0.0.1:8084/?command=reset</a> -u wforce:ourpassword</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{"status":"ok"}</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255); min-height: 13px;" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""></span><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255); min-height: 13px;" class="">But still getting:</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">curl -X POST -H "Content-Type: application/json" --data '{"login":"ouruser", "remote": "127.0.0.1", "pwhash":"1234"}' <a href="http://127.0.0.1:8084/?command=allow" class="">http://127.0.0.1:8084/?command=allow</a> -u wforce:ourpassword</span></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">{"msg": "", "r_attrs": {"attempts": "50"}, "status": -1}[</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div><div><br class=""><blockquote type="cite" class=""><div class="">On Mar 7, 2019, at 11:33 AM, Aki Tuomi <<a href="mailto:aki.tuomi@open-xchange.com" class="">aki.tuomi@open-xchange.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">In weakforced you have<br class=""><br class=""> webserver("0.0.0.0:8084", "THIS-IS-THE-PASSWORD-FOR-WFORCE")<br class=""><br class="">Thus, you make the base64 blob as<br class=""><br class="">~$ echo -n wforce:THIS-IS-THE-PASSWORD-FOR-WFORCE | base64<br class="">d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U=<br class=""><br class="">And in dovecot you put<br class=""><br class="">auth_policy_server_api_header = Authorization Basic d2ZvcmNlOlRISVMtSVMtVEhFLVBBU1NXT1JELUZPUi1XRk9SQ0U<br class=""><br class="">Aki<br class=""><br class=""><blockquote type="cite" class="">On 7 March 2019 16:41 Robert Kudyba via dovecot <<a href="mailto:dovecot@dovecot.org" class="">dovecot@dovecot.org</a>> wrote:<br class=""><br class=""><br class="">So for auth_policy_server_api_header. is the value of our_password come from the hashed response or the plain-text password? What else am I doing wrong?<br class=""><br class="">Mar 7 09:20:53 olddsm wforce[17763]: WforceWebserver: HTTP Request "/" from 127.0.0.1:56416: Web Authentication failed<br class=""><br class="">curl -X POST -H "Content-Type: application/json" --data '{"login”:”ouruser”, "remote": "127.0.0.1", "pwhash”:”hashed-password”}’ <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=-BcpcIoKwR9ieBJOLMNXODQlS3t55wKhBxfu4VEppUg&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=-BcpcIoKwR9ieBJOLMNXODQlS3t55wKhBxfu4VEppUg&e=</a> -u wforce:super<br class="">{"status":"failure", "reason":"Unauthorized"}<br class=""><br class=""><br class="">Mar 07 09:32:15 auth-worker(18933): Debug: Loading modules from directory: /usr/lib64/dovecot/auth<br class="">Mar 07 09:32:15 auth-worker(18933): Debug: Module loaded: /usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so<br class="">Mar 07 09:32:15 auth-worker(18933): Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so<br class="">Mar 07 09:32:15 auth-worker(18933): Debug: pam(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): lookup service=dovecot<br class="">Mar 07 09:32:15 auth-worker(18933): Debug: pam(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): #1/1 style=1 msg=Password:<br class="">Mar 07 09:32:15 auth: Debug: policy(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): Policy request <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=</a><br class="">Mar 07 09:32:15 auth: Debug: policy(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"68","remote":"127.0.0.1","tls":false}<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: queue <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=jHhijUiLyPr9IDOEekkeaCdZn24a8PijIHtJmtVw_Pw&e=:" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=jHhijUiLyPr9IDOEekkeaCdZn24a8PijIHtJmtVw_Pw&e=:</a> Set request timeout to 2019-03-07 09:32:17.520 (now: 2019-03-07 09:32:15.520)<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: queue <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=jHhijUiLyPr9IDOEekkeaCdZn24a8PijIHtJmtVw_Pw&e=:" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=jHhijUiLyPr9IDOEekkeaCdZn24a8PijIHtJmtVw_Pw&e=:</a> Using existing connection to 127.0.0.1:8084 (1 requests pending)<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: request [Req2: POST <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:</a> Submitted (requests left=1)<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: peer 127.0.0.1:8084: Using 1 idle connections to handle 1 requests (1 total connections ready)<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: queue <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=jHhijUiLyPr9IDOEekkeaCdZn24a8PijIHtJmtVw_Pw&e=:" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=jHhijUiLyPr9IDOEekkeaCdZn24a8PijIHtJmtVw_Pw&e=:</a> Connection to peer 127.0.0.1:8084 claimed request [Req2: POST <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=</a>]<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Claimed request [Req2: POST <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=</a>]<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: request [Req2: POST <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:</a> Sent header<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: request [Req2: POST <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:</a> Send more (sent 100, buffered=357)<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: request [Req2: POST <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=]:</a> Finished sending payload<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: peer 127.0.0.1:8084: No more requests to service for this peer (1 connections exist, 0 pending)<br class="">Mar 07 09:32:15 auth: Debug: http-client[1]: conn 127.0.0.1:8084 [0]: Got 401 response for request [Req2: POST <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_noIxW2-o7DK-gMbRuRnMa-VcjjznQlQ4F7iojxqeMs&e=</a>] (took 0 ms + 0 ms in queue)<br class="">Mar 07 09:32:15 auth: Error: policy(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): Policy server HTTP error: 401 Unauthorized<br class="">Mar 07 09:32:15 auth: Debug: policy(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): Policy request <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dreport&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_kmskephqwR3Suyrq3c-4MAZ-B-N8HsZTCdE385E-ig&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_-3Fcommand-3Dreport&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_kmskephqwR3Suyrq3c-4MAZ-B-N8HsZTCdE385E-ig&e=</a><br class="">Mar 07 09:32:15 auth: Debug: policy(ouruser,127.0.0.1,<uuEF+YGDaNl/AAAB>): Policy server request JSON: {"device_id":"","login":"ouruser","protocol":"imap","pwhash":"68","remote":"127.0.0.1","success":true,"policy_reject":false,"tls":false}<br class=""><br class=""><br class=""><br class=""><br class=""><blockquote type="cite" class="">On Mar 7, 2019, at 2:42 AM, Aki Tuomi <<a href="mailto:aki.tuomi@open-xchange.com" class="">aki.tuomi@open-xchange.com</a>> wrote:<br class=""><br class=""><br class="">wforce is the username always.<br class="">auth_policy_hash_nonce should be set to a pseudorandom value that is shared by your server(s). Weakforced does not need it for anything.<br class="">auth_policy_server_api_header should be set to Authorization: Basic <echo -n wforce:our_password | base64><br class="">without the < >.<br class=""><br class="">Aki<br class=""><br class=""><br class="">On 6.3.2019 20.42, Robert Kudyba via dovecot wrote:<br class=""><br class=""><br class=""><blockquote type="cite" class="">I took suggestions from <a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__forge.puppet.com_fraenki_wforce&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=4Nxb5u94Q5z-HC5RIO-O9hKi33C5_lZdRmJquMDC9u4&e=" class="">https://urldefense.proofpoint.com/v2/url?u=https-3A__forge.puppet.com_fraenki_wforce&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=4Nxb5u94Q5z-HC5RIO-O9hKi33C5_lZdRmJquMDC9u4&e=</a> (<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__forge.puppet.com_fraenki_wforce&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=Rq6_tR1KlLqaWH_eAqsBAvKJjmP4WbVNwqmRvIjpCJo&e=" class="">https://urldefense.proofpoint.com/v2/url?u=https-3A__forge.puppet.com_fraenki_wforce&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=Rq6_tR1KlLqaWH_eAqsBAvKJjmP4WbVNwqmRvIjpCJo&e=</a>) to set these in /etc/dovecot/conf.d/95-auth.conf<br class=""><br class=""><br class=""><br class=""><br class="">auth_policy_server_url = <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=UvHC4BW3c6kJ3Bcp6fQiCT3TyeCA3Y2nbMlVnygLs1M&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=UvHC4BW3c6kJ3Bcp6fQiCT3TyeCA3Y2nbMlVnygLs1M&e=</a> (<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=YEAX-1mfN9XUpDzQodxttfHSxnGmta5U9z28_89oxV8&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8084_&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=YEAX-1mfN9XUpDzQodxttfHSxnGmta5U9z28_89oxV8&e=</a>)<br class=""><br class="">auth_policy_hash_nonce = our_password<br class=""><br class="">auth_policy_server_api_header = "Authorization: Basic hash_from_running_echo-n_base64"<br class=""><br class="">auth_policy_server_timeout_msecs = 2000<br class=""><br class="">auth_policy_hash_mech = sha256<br class=""><br class="">auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s<br class=""><br class="">auth_policy_reject_on_fail = no<br class=""><br class="">auth_policy_hash_truncate = 8<br class=""><br class="">auth_policy_check_before_auth = yes<br class=""><br class="">auth_policy_check_after_auth = yes<br class=""><br class="">auth_policy_report_after_auth = yes<br class=""><br class=""><br class=""><br class=""><br class="">And auth_debug=yes<br class=""><br class=""><br class=""><br class=""><br class="">in /usr/local/etc/wforce.conf<br class=""><br class="">webserver("0.0.0.0:8084 (<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0-3A8084&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=UCfB6Qzm3TPh9rrI6HRXhIZZL1kB1G1GyyylfnD5T-Y&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__0.0.0.0-3A8084&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=UCfB6Qzm3TPh9rrI6HRXhIZZL1kB1G1GyyylfnD5T-Y&e=</a>)", "our_password")<br class=""><br class=""><br class="">So when I run:<br class=""><br class="">curl -X POST -H "Content-Type: application/json" --data '{"login":"ouruser", "remote": "127.0.0.1", "pwhash":"our_password"}' <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=-BcpcIoKwR9ieBJOLMNXODQlS3t55wKhBxfu4VEppUg&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dallow&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=-BcpcIoKwR9ieBJOLMNXODQlS3t55wKhBxfu4VEppUg&e=</a> (<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dallow&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=l7txLUp9a5R5ztYDSWbuNkofCzuANF3hfy5K6R0H7lc&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dallow&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=l7txLUp9a5R5ztYDSWbuNkofCzuANF3hfy5K6R0H7lc&e=</a>) -u wforce:our_passwordi<br class=""><br class="">{"msg": "", "r_attrs": {"defaultReturn": "1"}, "status": 0}<br class=""><br class=""><br class=""><br class=""><br class=""><br class="">What's the value of wforce and super represent? -u for user? and super is the password for the user?<br class=""><br class="">curl -X GET <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dping&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_pVX4FQJ37-qpiMH8AW4kRGIkb-RUrKUq2odsKSeP4Q&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dping&d=DwIFaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=hY8LMvY-6AKc7R7tJ9Gz7ph5bp8a3YUotKYREw-jJII&s=_pVX4FQJ37-qpiMH8AW4kRGIkb-RUrKUq2odsKSeP4Q&e=</a> (<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dping&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=tENFr-tRB3UaM9tcPfjvMB0ORvHJkDnoN4e1if-IlRY&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084_-3Fcommand-3Dping&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=tENFr-tRB3UaM9tcPfjvMB0ORvHJkDnoN4e1if-IlRY&e=</a>) -u wforce:super<br class=""><br class="">I always get:<br class=""><br class="">{"status":"failure", "reason":"Unauthorized"}<br class=""><br class=""><br class=""><br class=""><br class=""><br class="">Using Squirrelmail and logging in brings up the mails but I see these Policy server HTTP error: 401 Unauthorized errors over and over:<br class=""><br class=""><br class=""><br class=""><br class="">Mar 06 13:32:16 auth: Debug: http-client: peer 127.0.0.1:8084 (<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=mRfHSnG6OpwC1qnGrVpFiadowQTN5TD2r_bddewneIU&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=mRfHSnG6OpwC1qnGrVpFiadowQTN5TD2r_bddewneIU&e=</a>): Successfully connected (1 connections exist, 0 pending)<br class=""><br class="">Mar 06 13:32:16 auth: Debug: http-client[1]: peer 127.0.0.1:8084 (<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=mRfHSnG6OpwC1qnGrVpFiadowQTN5TD2r_bddewneIU&e=" class="">https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8084&d=DwMDaQ&c=aqMfXOEvEJQh2iQMCb7Wy8l0sPnURkcqADc2guUW8IM&r=X0jL9y0sL4r4iU_qVtR3lLNo4tOL1ry_m7-psV3GejY&m=OdVERjXdNFh0nr4Sn_EL0pio02hSWKYsRcpA5NmR8nU&s=mRfHSnG6OpwC1qnGrVpFiadowQTN5TD2r_bddewneIU&e=</a>): Using 1 idle connections to handle 1 requests (1 <br class=""><br class=""></blockquote></blockquote><br class=""></blockquote></div></div></blockquote></div><br class=""></div></body></html>