RFE: dnsbl-support for dovecot
Reindl Harald
h.reindl at thelounge.net
Tue Jun 17 17:16:55 UTC 2014
after having my own dnsbl feeded by a honeypot and even
mod_security supports it for webservers i think dovecot
sould support the same to prevent dictionary attacks from
known bad hosts, in our case that blacklist is 100%
trustable and blocks before SMTP-Auth while normal RBL's
are after SASL
i admit that i am not a C/C++-programmer, but i think
doing the DNS request and in case it has a result block
any login attemt should be not too complex
setup a own honeypot and feed rbldnsd with the sources
is quite easy and in case of a own, trustable RBL where
no foreigners report somebody by mistake it's relieable
and scales well over many machines and services as long
services supporting it
mod_security:
http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20140617/5390021d/attachment.sig>
More information about the dovecot
mailing list