[Dovecot] Blocking certain hostnames/clients
Charles Marcus
CMarcus at Media-Brokers.com
Sun Oct 27 22:21:58 EET 2013
Hello,
As a result of learning of the new 'Intro' App introduced by LinkedIn,
and discussing how to block SMTP access to my postfix server from these
clients, I'm now interested in doing the same for dovecot.
Bottom line desire is to avoid scraping/hijacking email stored on my
dovecot server by any client other than a users client.
This includes Intro (so, LinkedIn), Blackberry, GMail, Outlook, etc.
The boss has expressed the desire to NOT block all email from them, just
disallow any of their clients from AUTH'ing (either SMTP or IMAP/POP).
I'd be interested if anyone has any kind of database of hostnames/IP
blocks of the freemailers out there that support adding 3rd party
accounts, especially ones supporting IMAP.
Anyway, article raising the concern found here:
http://www.bishopfox.com/blog/2013/10/linkedin-intro/
"LinkedIn released a new product today called Intro. They call it
?doing the impossible?, but some might call it ?hijacking email?.
Why do we say this? Consider the following:
Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of
your emails go through LinkedIn?s servers. You read that right. Once
you install the Intro app, all of your emails, both sent and received,
are transmitted via LinkedIn?s servers. LinkedIn is forcing all your
IMAP and SMTP data through their own servers and then analyzing and
scraping your emails for data pertaining to?whatever they feel like."
--
Best regards,
*/Charles/*
More information about the dovecot
mailing list