Date:  Sun, 16 Aug 2009 06:20:24 +0200
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:15901] Re: Block Hacker IP from BQ and BX Server
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200908160620.25114.bq (at mark) solarspeed.net>
In-Reply-To:  <250F9565465A4053A713CC0BFDB65EDB@HP9925NR>
References:  <2DAB4EF3-1B30-4A80-9B28-05C1CAC2B271 (at mark) housleyconsulting.com.au> <200908151931.13615.bq (at mark) solarspeed.net> <250F9565465A4053A713CC0BFDB65EDB (at mark) HP9925NR>
X-Mail-Count: 15901

Hi Darrell,

> Here is the diffs, old on left, new on right:
> < #disable_plaintext_auth = yes

Should be:

disable_plaintext_auth = no

> < #log_timestamp = "%b %d %H:%M:%S "

Should be:

log_timestamp = "%b %d %H:%M:%S "

> < #login_max_processes_count = 128

That's commented out in mine as well. But setting it to something reasonable 
like 12 is fine.

> < #mail_location =
> > mail_location = mbox:~/mail/:INBOX=mbox

Yeah, should be:

mail_location = mbox:~/mail/:INBOX=mbox

> <   #pop3_uidl_format = %08Xu%08Xv
> >   pop3_uidl_format = %08Xu%08Xv

Should be:

pop3_uidl_format = %08Xu%08Xv

> > auth_cache_size = 1024
> > auth_cache_ttl = 3600

Should be:

auth_cache_size = 1024
auth_cache_ttl = 3600

> <     #args = dovecot
> >     args = session=yes cache_key=%u%s dovecot

Careful, there are a couple of "args" entries. The one above is in the "auth 
default {" section of dovecot.conf.

And mine reads this:

args = session=yes cache_key=%u%s dovecot

> Anything to be concerned about?  Log format going to whack some Webalizer
> or other logs?

Yeah, the loggin format is what will cause the most grief. The statistics and 
other tools that read the dovecot entries from the logs (dfix for example) 
otherwise may have problems. Or not. Depends on which regular expressions they 
use.

-- 
With best regards,

Michael Stauber