Auth Policy Server

Daniel Miller dmiller at amfes.com
Fri Jun 30 22:24:32 EEST 2017


On 6/30/2017 12:05 PM, Aki Tuomi wrote:
>> On June 30, 2017 at 9:49 PM Daniel Miller <dmiller at amfes.com> wrote:
>>
>>
>> I've made a preliminary auth policy server in Perl - and it sort of
>> works (mostly) - but I've got some questions on "proper" implementation.
>>
>>
> Hi!
>
> First of all, which version are you running, and can you get a bt full backtrace of the crash?
>
> Secondly, the endpoint does not need to be a proper web server, you can compare with https://github.com/PowerDNS/weakforced which is another implementation of auth policy server.
>
> Aki

That link helped a lot - among other things forcing me to read.  I 
actually broke my policy server trying to "improve" it - I implemented a 
30-second auth delay on valid logins!  Setting that back to 0 seems to 
do the trick...

I running Dovecot 2.2.28.  For the bt - I'll be happy to if still 
desired, but you'll have to give me instructions as I don't know how.

As I continue tweaking this, if there's any interest I'll see about 
sharing this.  For my own needs I wanted a GeoIP based policy.  My 
thinking, skewed as it is, is that while SMTP needs to be relatively 
open - as I have friends & business contacts in other countries - the 
only people who access my IMAP server are somewhere in my country.  
Therefore, simply restricting login attempts to only be from IP's in my 
country will block the majority of botnets (at least, that's what I 
think I'm seeing from my logs).

Daniel


More information about the dovecot mailing list