Loading conf.d/10-auth.conf +22 −31 Original line number Diff line number Diff line Loading @@ -2,41 +2,39 @@ ## Authentication processes ## # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # Enable LOGIN command and all other plaintext authentications even if # SSL/TLS is not used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. # See also ssl=required setting. #disable_plaintext_auth = yes # connection is considered secure and plaintext authentication is allowed, # unless ssl = required. #auth_allow_cleartext = yes # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that # bsdauth and PAM require cache_key to be set for caching to be used. # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. auth_cache_size = 0 # chatgpt solution is remove it auth_cache_size = 1M ##auth_cache_size = 1M # Time to live for cached data. After TTL expires the cached record is no # longer used, *except* if the main database lookup returns internal failure. # We also try to handle password changes automatically: If user's previous # authentication was successful, but this one wasn't, the cache isn't used. # For now this works only with plaintext authentication. # chatgpt solution is remove it auth_cache_ttl = 3600 sec ##auth_cache_ttl = 3600 sec # TTL for negative hits (user not found, password mismatch). # 0 disables caching them completely. # chatgpt solution is remove it auth_cache_negative_ttl = 3600 sec ##auth_cache_negative_ttl = 3600 sec # Space separated list of realms for SASL authentication mechanisms that need # them. You can leave it empty if you don't want to support multiple realms. # Many clients simply use the first one listed here, so keep the default realm # first. #auth_realms = # # Default realm/domain to use if none was specified. This is used for both # SASL realms and appending @domain to username in plaintext logins. #auth_default_realm = #auth_default_domain = # List of allowed characters in username. If the user-given username contains # a character not listed in here, the login automatically fails. This is just Loading @@ -50,11 +48,9 @@ auth_cache_size = 0 # that '#' and '/' characters are translated to '@'. #auth_username_translation = # Username formatting before it'slooked up from databases. You can us # the standard variables here, eg. %Lu would lowercase the username, %n would # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into # "-AT-". This translation is done after auth_username_translation changes. #auth_username_format = %Lu # Username formatting before it's looked up from databases. #auth_username_format = %{user|lower} #auth_username_format = %{user|username|lower} # If you want to allow master users to log in by specifying the master # username within the normal username string (ie. not using SASL mechanism's Loading @@ -66,11 +62,6 @@ auth_cache_size = 0 # Username to use for users logging in with ANONYMOUS SASL mechanism #auth_anonymous_username = anonymous # Maximum number of dovecot-auth worker processes. They're used to execute # blocking passdb and userdb queries (eg. MySQL and PAM). They're # automatically created and destroyed as needed. #auth_worker_max_count = 30 # Host name to use in GSSAPI principal names. The default is to use the # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab # entries. Loading @@ -82,7 +73,7 @@ auth_cache_size = 0 #auth_krb5_keytab = # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt> # ntlm_auth helper. <https://doc.dovecot.org/latest/core/config/auth/mechanisms/winbind.html> #auth_use_winbind = no # Path for Samba's ntlm_auth helper binary. Loading @@ -100,10 +91,10 @@ auth_cache_size = 0 #auth_ssl_username_from_cert = no # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp # gss-spnego # NOTE: See also disable_plaintext_auth setting. #auth_mechanisms = plain # plain login digest-md5 cram-md5 ntlm anonymous gssapi # gss-spnego xoauth2 oauthbearer # NOTE: See also auth_allow_cleartext setting. #auth_mechanisms = plain login ## ## Password and user databases Loading @@ -115,19 +106,19 @@ auth_cache_size = 0 # allow both system users (/etc/passwd) and virtual users to login without # duplicating the system users into virtual database. # # <doc/wiki/PasswordDatabase.txt> # <https://doc.dovecot.org/latest/core/config/auth/passdb.html> # # User database specifies where mails are located and what user/group IDs # own them. For single-UID configuration use "static" userdb. # # <doc/wiki/UserDatabase.txt> # <https://doc.dovecot.org/latest/core/config/auth/userdb.html> #!include auth-deny.conf.ext #!include auth-master.conf.ext #!include auth-oauth2.conf.ext !include auth-system.conf.ext #!include auth-sql.conf.ext #!include auth-ldap.conf.ext #!include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-static.conf.ext dh.pem +1 −0 Original line number Diff line number Diff line -----BEGIN DH PARAMETERS----- privacy -----END DH PARAMETERS----- dovecot.conf +12 −17 Original line number Diff line number Diff line ## Dovecot configuration file # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # If you're in a hurry, see https://doc.dovecot.org/latest/core/config/guides/quick.html # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy&pasting files when posting to the Dovecot mailing list. Loading @@ -9,22 +9,18 @@ # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure # options. The paths listed here are for configure --prefix=/usr # --sysconfdir=/etc --localstatedir=/var dovecot_config_version = 2.4.0 dovecot_storage_version = 2.4.0 # options. The paths listed here are for configure --prefix=/usr/local # --sysconfdir=/usr/local/etc --localstatedir=/var dovecot_config_version = 2.4.1 dovecot_storage_version = 2.4.1 # Enable installed protocols # Protocols we want to be serving. #protocols = imap pop3 lmtp !include_try /usr/share/dovecot/protocols.d/*.protocol # A comma separated list of IPs or hosts where to listen in for connections. Loading @@ -48,12 +44,10 @@ dovecot_storage_version = 2.4.0 # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. # these networks, unless ssl=required. # Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = # Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # proxying. This isn't necessary normally, but may be useful if the destination # IP is e.g. a load balancer's IP. Loading @@ -79,8 +73,9 @@ verbose_proctitle = yes # Space separated list of environment variables that are preserved on Dovecot # startup and passed down to all of its child processes. You can also give # key=value pairs to always set specific settings. #import_environment = TZ #import_environment { # TZ=%{env:TZ} #} # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes Loading log 0 → 100644 +116 −0 Original line number Diff line number Diff line Name: f2b-sshd Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 7784 References: 1 Number of entries: 39 Members: 104.131.11.149 timeout 6422 202.100.50.47 timeout 4930 185.235.72.254 timeout 3223 51.158.66.95 timeout 18884 157.36.181.81 timeout 8302 103.48.193.7 timeout 4825 109.185.141.61 timeout 3202 60.12.221.84 timeout 9902 49.232.110.254 timeout 8667 31.129.173.162 timeout 10822 47.29.183.54 timeout 14853 190.15.59.5 timeout 5989 179.75.145.119 timeout 20310 85.209.0.100 timeout 18811 176.122.159.131 timeout 18513 141.98.10.210 timeout 1842 14.251.47.243 timeout 4748 49.232.87.218 timeout 17298 81.145.54.68 timeout 9898 61.155.234.38 timeout 18170 183.88.185.244 timeout 12764 121.100.17.42 timeout 9255 113.176.95.224 timeout 6777 177.74.218.173 timeout 12344 118.36.234.174 timeout 251 64.225.70.10 timeout 3754 119.28.6.128 timeout 5853 178.33.67.12 timeout 18240 14.29.64.91 timeout 10030 103.124.197.90 timeout 14426 37.59.229.31 timeout 11324 141.98.10.211 timeout 1850 58.33.154.234 timeout 15847 106.52.210.175 timeout 15488 206.81.8.136 timeout 10786 113.142.58.155 timeout 9278 118.116.8.215 timeout 10241 120.224.50.233 timeout 14262 51.77.226.68 timeout 3597 Name: f2b-postfix Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 200 References: 1 Number of entries: 0 Members: Name: f2b-postfix-ddos Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 584 References: 1 Number of entries: 3 Members: 193.56.28.193 timeout 9194 141.98.10.143 timeout 5527 112.45.114.75 timeout 3604 Name: f2b-ssh Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 7688 References: 1 Number of entries: 39 Members: 109.185.141.61 timeout 3202 185.235.72.254 timeout 3223 157.36.181.81 timeout 8302 31.129.173.162 timeout 10822 81.145.54.68 timeout 9898 51.77.226.68 timeout 3597 106.52.210.175 timeout 15489 141.98.10.211 timeout 1850 85.209.0.100 timeout 18811 119.28.6.128 timeout 5853 176.122.159.131 timeout 18513 121.100.17.42 timeout 9255 118.36.234.174 timeout 251 103.124.197.90 timeout 14426 177.74.218.173 timeout 12344 202.100.50.47 timeout 4930 190.15.59.5 timeout 5989 206.81.8.136 timeout 10786 179.75.145.119 timeout 20310 104.131.11.149 timeout 6422 37.59.229.31 timeout 11324 183.88.185.244 timeout 12764 49.232.87.218 timeout 17297 113.142.58.155 timeout 9278 58.33.154.234 timeout 15847 47.29.183.54 timeout 14853 61.155.234.38 timeout 18170 64.225.70.10 timeout 3754 51.158.66.95 timeout 18884 60.12.221.84 timeout 9902 141.98.10.210 timeout 1842 118.116.8.215 timeout 10241 103.48.193.7 timeout 4825 120.224.50.233 timeout 14262 14.29.64.91 timeout 10030 49.232.110.254 timeout 8667 178.33.67.12 timeout 18240 113.176.95.224 timeout 6777 14.251.47.243 timeout 4748 sni.conf +0 −1 Original line number Diff line number Diff line Loading @@ -12,4 +12,3 @@ local_name "yourdomain.com" { # Domain TLS # End Domain TLS Loading
conf.d/10-auth.conf +22 −31 Original line number Diff line number Diff line Loading @@ -2,41 +2,39 @@ ## Authentication processes ## # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # Enable LOGIN command and all other plaintext authentications even if # SSL/TLS is not used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. # See also ssl=required setting. #disable_plaintext_auth = yes # connection is considered secure and plaintext authentication is allowed, # unless ssl = required. #auth_allow_cleartext = yes # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that # bsdauth and PAM require cache_key to be set for caching to be used. # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used. auth_cache_size = 0 # chatgpt solution is remove it auth_cache_size = 1M ##auth_cache_size = 1M # Time to live for cached data. After TTL expires the cached record is no # longer used, *except* if the main database lookup returns internal failure. # We also try to handle password changes automatically: If user's previous # authentication was successful, but this one wasn't, the cache isn't used. # For now this works only with plaintext authentication. # chatgpt solution is remove it auth_cache_ttl = 3600 sec ##auth_cache_ttl = 3600 sec # TTL for negative hits (user not found, password mismatch). # 0 disables caching them completely. # chatgpt solution is remove it auth_cache_negative_ttl = 3600 sec ##auth_cache_negative_ttl = 3600 sec # Space separated list of realms for SASL authentication mechanisms that need # them. You can leave it empty if you don't want to support multiple realms. # Many clients simply use the first one listed here, so keep the default realm # first. #auth_realms = # # Default realm/domain to use if none was specified. This is used for both # SASL realms and appending @domain to username in plaintext logins. #auth_default_realm = #auth_default_domain = # List of allowed characters in username. If the user-given username contains # a character not listed in here, the login automatically fails. This is just Loading @@ -50,11 +48,9 @@ auth_cache_size = 0 # that '#' and '/' characters are translated to '@'. #auth_username_translation = # Username formatting before it'slooked up from databases. You can us # the standard variables here, eg. %Lu would lowercase the username, %n would # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into # "-AT-". This translation is done after auth_username_translation changes. #auth_username_format = %Lu # Username formatting before it's looked up from databases. #auth_username_format = %{user|lower} #auth_username_format = %{user|username|lower} # If you want to allow master users to log in by specifying the master # username within the normal username string (ie. not using SASL mechanism's Loading @@ -66,11 +62,6 @@ auth_cache_size = 0 # Username to use for users logging in with ANONYMOUS SASL mechanism #auth_anonymous_username = anonymous # Maximum number of dovecot-auth worker processes. They're used to execute # blocking passdb and userdb queries (eg. MySQL and PAM). They're # automatically created and destroyed as needed. #auth_worker_max_count = 30 # Host name to use in GSSAPI principal names. The default is to use the # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab # entries. Loading @@ -82,7 +73,7 @@ auth_cache_size = 0 #auth_krb5_keytab = # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt> # ntlm_auth helper. <https://doc.dovecot.org/latest/core/config/auth/mechanisms/winbind.html> #auth_use_winbind = no # Path for Samba's ntlm_auth helper binary. Loading @@ -100,10 +91,10 @@ auth_cache_size = 0 #auth_ssl_username_from_cert = no # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp # gss-spnego # NOTE: See also disable_plaintext_auth setting. #auth_mechanisms = plain # plain login digest-md5 cram-md5 ntlm anonymous gssapi # gss-spnego xoauth2 oauthbearer # NOTE: See also auth_allow_cleartext setting. #auth_mechanisms = plain login ## ## Password and user databases Loading @@ -115,19 +106,19 @@ auth_cache_size = 0 # allow both system users (/etc/passwd) and virtual users to login without # duplicating the system users into virtual database. # # <doc/wiki/PasswordDatabase.txt> # <https://doc.dovecot.org/latest/core/config/auth/passdb.html> # # User database specifies where mails are located and what user/group IDs # own them. For single-UID configuration use "static" userdb. # # <doc/wiki/UserDatabase.txt> # <https://doc.dovecot.org/latest/core/config/auth/userdb.html> #!include auth-deny.conf.ext #!include auth-master.conf.ext #!include auth-oauth2.conf.ext !include auth-system.conf.ext #!include auth-sql.conf.ext #!include auth-ldap.conf.ext #!include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-static.conf.ext
dh.pem +1 −0 Original line number Diff line number Diff line -----BEGIN DH PARAMETERS----- privacy -----END DH PARAMETERS-----
dovecot.conf +12 −17 Original line number Diff line number Diff line ## Dovecot configuration file # If you're in a hurry, see http://wiki2.dovecot.org/QuickConfiguration # If you're in a hurry, see https://doc.dovecot.org/latest/core/config/guides/quick.html # "doveconf -n" command gives a clean output of the changed settings. Use it # instead of copy&pasting files when posting to the Dovecot mailing list. Loading @@ -9,22 +9,18 @@ # and tabs are ignored. If you want to use either of these explicitly, put the # value inside quotes, eg.: key = "# char and trailing whitespace " # Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { } # Default values are shown for each setting, it's not required to uncomment # those. These are exceptions to this though: No sections (e.g. namespace {}) # or plugin settings are added by default, they're listed only as examples. # Paths are also just examples with the real defaults being based on configure # options. The paths listed here are for configure --prefix=/usr # --sysconfdir=/etc --localstatedir=/var dovecot_config_version = 2.4.0 dovecot_storage_version = 2.4.0 # options. The paths listed here are for configure --prefix=/usr/local # --sysconfdir=/usr/local/etc --localstatedir=/var dovecot_config_version = 2.4.1 dovecot_storage_version = 2.4.1 # Enable installed protocols # Protocols we want to be serving. #protocols = imap pop3 lmtp !include_try /usr/share/dovecot/protocols.d/*.protocol # A comma separated list of IPs or hosts where to listen in for connections. Loading @@ -48,12 +44,10 @@ dovecot_storage_version = 2.4.0 # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. # these networks, unless ssl=required. # Typically you'd specify your IMAP proxy servers here. #login_trusted_networks = # Space separated list of login access check sockets (e.g. tcpwrap) #login_access_sockets = # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # proxying. This isn't necessary normally, but may be useful if the destination # IP is e.g. a load balancer's IP. Loading @@ -79,8 +73,9 @@ verbose_proctitle = yes # Space separated list of environment variables that are preserved on Dovecot # startup and passed down to all of its child processes. You can also give # key=value pairs to always set specific settings. #import_environment = TZ #import_environment { # TZ=%{env:TZ} #} # Most of the actual configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes Loading
log 0 → 100644 +116 −0 Original line number Diff line number Diff line Name: f2b-sshd Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 7784 References: 1 Number of entries: 39 Members: 104.131.11.149 timeout 6422 202.100.50.47 timeout 4930 185.235.72.254 timeout 3223 51.158.66.95 timeout 18884 157.36.181.81 timeout 8302 103.48.193.7 timeout 4825 109.185.141.61 timeout 3202 60.12.221.84 timeout 9902 49.232.110.254 timeout 8667 31.129.173.162 timeout 10822 47.29.183.54 timeout 14853 190.15.59.5 timeout 5989 179.75.145.119 timeout 20310 85.209.0.100 timeout 18811 176.122.159.131 timeout 18513 141.98.10.210 timeout 1842 14.251.47.243 timeout 4748 49.232.87.218 timeout 17298 81.145.54.68 timeout 9898 61.155.234.38 timeout 18170 183.88.185.244 timeout 12764 121.100.17.42 timeout 9255 113.176.95.224 timeout 6777 177.74.218.173 timeout 12344 118.36.234.174 timeout 251 64.225.70.10 timeout 3754 119.28.6.128 timeout 5853 178.33.67.12 timeout 18240 14.29.64.91 timeout 10030 103.124.197.90 timeout 14426 37.59.229.31 timeout 11324 141.98.10.211 timeout 1850 58.33.154.234 timeout 15847 106.52.210.175 timeout 15488 206.81.8.136 timeout 10786 113.142.58.155 timeout 9278 118.116.8.215 timeout 10241 120.224.50.233 timeout 14262 51.77.226.68 timeout 3597 Name: f2b-postfix Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 200 References: 1 Number of entries: 0 Members: Name: f2b-postfix-ddos Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 584 References: 1 Number of entries: 3 Members: 193.56.28.193 timeout 9194 141.98.10.143 timeout 5527 112.45.114.75 timeout 3604 Name: f2b-ssh Type: hash:ip Revision: 4 Header: family inet hashsize 1024 maxelem 65536 timeout 21600 Size in memory: 7688 References: 1 Number of entries: 39 Members: 109.185.141.61 timeout 3202 185.235.72.254 timeout 3223 157.36.181.81 timeout 8302 31.129.173.162 timeout 10822 81.145.54.68 timeout 9898 51.77.226.68 timeout 3597 106.52.210.175 timeout 15489 141.98.10.211 timeout 1850 85.209.0.100 timeout 18811 119.28.6.128 timeout 5853 176.122.159.131 timeout 18513 121.100.17.42 timeout 9255 118.36.234.174 timeout 251 103.124.197.90 timeout 14426 177.74.218.173 timeout 12344 202.100.50.47 timeout 4930 190.15.59.5 timeout 5989 206.81.8.136 timeout 10786 179.75.145.119 timeout 20310 104.131.11.149 timeout 6422 37.59.229.31 timeout 11324 183.88.185.244 timeout 12764 49.232.87.218 timeout 17297 113.142.58.155 timeout 9278 58.33.154.234 timeout 15847 47.29.183.54 timeout 14853 61.155.234.38 timeout 18170 64.225.70.10 timeout 3754 51.158.66.95 timeout 18884 60.12.221.84 timeout 9902 141.98.10.210 timeout 1842 118.116.8.215 timeout 10241 103.48.193.7 timeout 4825 120.224.50.233 timeout 14262 14.29.64.91 timeout 10030 49.232.110.254 timeout 8667 178.33.67.12 timeout 18240 113.176.95.224 timeout 6777 14.251.47.243 timeout 4748
sni.conf +0 −1 Original line number Diff line number Diff line Loading @@ -12,4 +12,3 @@ local_name "yourdomain.com" { # Domain TLS # End Domain TLS
