[Dovecot] feature request: deny IP address via database

Dave McGuire mcguire at neurotica.com
Tue Apr 8 06:51:36 EEST 2008


On Apr 7, 2008, at 5:02 PM, Charles Marcus wrote:
>>> Hey folks. One feature I'd really like to see in dovecot is the  
>>> ability to point it at a database (with a configurable query) and  
>>> have it allow or deny a connection based on looking up the source
>>> IP address in that database.
>
>> Is there any reason to do this at the application layer rather  
>> than the network layer for Dovecot?
>
> I agree...
>
> Fail2ban is perfect for this...

   Hi!  Thank you for your suggestion.  I agree that fail2ban is Very  
Good Stuff, but not for my application.  For a lone Linux box on the  
end of a DSL pipe that does everything including its own firewalling,  
it's clearly the right thing.  My application, on the other hand,  
involves a sizeable cluster of Solaris machines that do nothing  
handle nothing but mail, with centralized configuration management,  
and the firewall is elsewhere.  What you suggested would be ideal  
advice for many (maybe even most) applications, but in thise case I  
"really do" want specifically what I asked for. :)

            -Dave

-- 
Dave McGuire
Port Charlotte, FL




More information about the dovecot mailing list