[Dovecot] Domain blacklisting
Timo Sirainen
tss at iki.fi
Thu Feb 10 00:58:29 EET 2011
On Wed, 2011-02-09 at 11:57 +0100, Thomas Hummel wrote:
> My understanding is that I cannot use some negative form of "allow_nets". The
> only mechanism I can think of is tcp_wrappers. However, dovecot documentation
> mention it only in the dovecot-1 section. Does it work the same way with dovecot-2 ?
> Is it a bad idea (I'm thinking of the induced overhead) ?
> Can you see another way to blacklist (at dovecot application level) some sources ?
If tcpwrappers supports it, then it should be pretty easy with v2.0, as
long as Dovecot was compiled with support for it:
login_access_sockets = tcpwrap
There is of course some extra overhead, mainly from doing a reverse DNS
lookup for all connections, but since that's what you want it can't be
avoided.. Or if you have some known good IP ranges, you can add e.g.:
remote 192.168.0.0/24 {
login_access_sockets =
}
More information about the dovecot
mailing list