[Dovecot] dovecot security with IPv6
Willie Gillespie
wgillespie+dovecot at es2eng.com
Thu Jun 23 20:46:52 EEST 2011
On 06/23/2011 02:23 AM, Kārlis Repsons wrote:
> Hi Timo, hi all others!
>
> In fact, I've only read one person claiming that IPv6 support opens up
> "too many backdoors" [1], but anyway, as I intend to run just
> particular services, please give me your opinion if it's insecure to
> have a dovecot server, which is accessed through a public IPv6
> address...
> (or note just shortly what else could give a firm ground to such claims...)
>
> [1] http://forums.gentoo.org/viewtopic-t-882557.html
I can't think of any backdoors introduced in IPv6. The trouble I
foresee with IPv6 and email won't concern Dovecot, but some spam filtering.
Since the IPv6 address space is large, people can't expect to be
successful by blocking spammers IP addresses one-by-one. Instead they
will end up blocking entire subnets if that's a route they choose to go.
I know that Dovecot slows down/delays login attempts with multiple
authentication failures. I guess the question to ask is whether this is
source IP-based, or user name-based, or both. Anyone know the answer to
this?
If it's source IP-based, then if I was an attacker with an IPv6 subnet
assigned to me, I would just come at it with a different IP address each
time to avoid the slowdown.
In short, that's the only real potential issue I could see.
Willie
More information about the dovecot
mailing list