[HowTo] Replace courier with dovecot

[aseques]

(06-14-2011 01:59 AM)Obi_Wan Wrote:  I've added the dovecot manager to trunk. Hopefully that will solve many problems

Great, one step less to install, I'll update the wiki ASAP.

[alexskynet]

Obi Wan

Thank you but please fix the source since it doesn't work properly with very late systems (Fedora 15 and Fedora 16 in my tests)

You have to add:

push @INC, '/var/www/ispcp/engine';

at the very beginning of the file (before any "require" and after the showbang) to avoid authentication error in dovecot 2.0.15

Without the patch the logs show the following:

dovecot: auth: Fatal: execv(/var/www/ispcp/engine/ispcp-dovecot-mngr) failed: Input/output error

I also had do chmod 755 ispcp-dovecot-mngr and chmod 744 the following files:
ispcp_common_code.pl
ispcp_common_methods.pl
ispcp-db-keys.pl

I'm on Fedora 15 (with F 14 it works with no changes, but the above changes don't break it in earlier systems)

Best regards

[Proci]

Hi
I have Debian 6 + ispcp 1.0.7 + dovecot system.
I used this tutorial: http://isp-control.net/documentation/how...th_dovecot
I have problem, when brute force connect pop3/imap, then ispcp-dovecot-mngr processs create high load.
How do I replace ispcp-dovecot-mngr to sql ? (skippin ispcp-dovecot-mngr)

[aseques]

(08-23-2012 09:43 PM)Proci Wrote:  Hi
I have Debian 6 + ispcp 1.0.7 + dovecot system.
I used this tutorial: http://isp-control.net/documentation/how...th_dovecot
I have problem, when brute force connect pop3/imap, then ispcp-dovecot-mngr processs create high load.
How do I replace ispcp-dovecot-mngr to sql ? (skippin ispcp-dovecot-mngr)

To avoid brute force attacks, the best solution for you is to install something like fail2ban to block those attackers.
There's no easy way to avoid using the ispcp-dovecot-mngr because of the password encryption that's being used.

[Proci]

(08-24-2012 04:07 PM)aseques Wrote:  

(08-23-2012 09:43 PM)Proci Wrote:  Hi
I have Debian 6 + ispcp 1.0.7 + dovecot system.
I used this tutorial: http://isp-control.net/documentation/how...th_dovecot
I have problem, when brute force connect pop3/imap, then ispcp-dovecot-mngr processs create high load.
How do I replace ispcp-dovecot-mngr to sql ? (skippin ispcp-dovecot-mngr)

To avoid brute force attacks, the best solution for you is to install something like fail2ban to block those attackers.
There's no easy way to avoid using the ispcp-dovecot-mngr because of the password encryption that's being used.

Thank you for your answer. I use fail2ban, but there are many different ip addresses is not good ( botnet! )
I solved it!
I rewrote the ispCP-mbox-mngr function calls + I wrote a plain password -> CRAM-MD5 password converter, so ISPCP natively use dovecot passdb the courier userdb instead.
It rewrite functon use "user@domain.dot:{CRAM-MD5}password" dovecot passdb format.
I tested 60 parallel established connection 5sec timeout brute force.
- ispcp-dovecot-mngr: 100% cpu (bluefish decode/encode)
- native dovecot passwd: 1-7% cpu
CPU: Intel Xeon 5620 one core (VPS)

+ I wrote a script to convert from existing mail_users database passwords to dovecot passdb.

I will soon be published. Now I test a few days.