Force TCP socket disconnect on imap login failure?
Jochen Bern
Jochen.Bern at binect.de
Tue May 24 08:55:08 UTC 2022
On 24.05.22 09:36, Jan Hugo Prins wrote:
> - The below commands drops ALL future connections to the IMAP ports and
> not just the one from that specific IP address.
>
> On 5/23/22 23:16, Hippo Man wrote:
>> OOPS! I incorrectly copied and pasted the iptables command in my
>> previous message. Here is the correct iptables command:
>>
>> iptables -I INPUT -p tcp -m multiport --destination-port 143,993 -d
>> aaa.bbb.ccc.ddd -j DROP
>>
>> This command successfully blocks *future* connections to ports 143 and
>> 993 from that IP address, but as I mentioned, it doesn't kill the
>> currently open connection.
That's because the "correct" iptables command still uses "-d" instead of
the "-s" that'd match the "*from* that IP address" specification. ;-)
Even if you don't have a tool at hand that can tear down the existing
TCP connection, and don't want to give up the ESTABLISHED-ACCEPT rule's
priority (it's some additional burden to the CPU to match *all* incoming
IMAP(S) packets against the blocklist, after all), you could always
render it effectively unusable by setting a (blackhole) host route for
the IP.
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220524/9628894d/attachment-0001.bin>
More information about the dovecot
mailing list