-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Sun, 27 Oct 2013, Charles Marcus wrote:
As a result of learning of the new 'Intro' App introduced by LinkedIn, and discussing how to block SMTP access to my postfix server from these clients, I'm now interested in doing the same for dovecot.
Reading the description, I would say: No valid user would AUTH into your IMAP server, so block those LinkedIn-IP addresses for all ports, but plain old 25. No need to fiddle in Dovecot and you'll save resources.
If you want to log them as incidents, you might look into:
# Most (but not all) settings can be overridden by different protocols and/or # source/destination IPs by placing the settings inside sections, for example: # protocol imap { }, local 127.0.0.1 { }, remote 10.0.0.0/8 { }
put a user-deny passdb {} in a remote { } block at the 1st place. However, I don't know if this works, though.
The boss has expressed the desire to NOT block all email from them, just disallow any of their clients from AUTH'ing (either SMTP or IMAP/POP).
would work, if you block all ports, but 25, from these IPs.
I'd be interested if anyone has any kind of database of hostnames/IP blocks of the freemailers out there that support adding 3rd party accounts, especially ones supporting IMAP.
This does not read like a freemail, but just a gateway.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUm5r313r2wJMiz2NAQLUJwf+LWQVx4rJrcrmspDT4K1BnZTKIV7mS62e 2L/3TwYSGic6SzAUbQR25DYZDOaBnsOdlk2MND1fRq8mRNXTjPKGiGUHRQ5qC+qA WE3+zixXObD2/YFiH8NjAXy3waURhoYXkGdfNbiMfJoaVpwi2KtSQTWFD5WtEyvm TuyQP0UFpRiM87c9g6M634/lNiUKUK3m65s02dkJxcfEf7SQVpRESjKOtyys2hm3 gx9hgphWsZpaBYGhzs9q7nydy2WyYgLvreBtugid5YhHmTGB2YkUnNqe57jt0iAM C/CioVSZkJrTJ40ja4BO1iYifkxHmdo2ar88w4adnzWUsMEInQZrDQ== =lLXQ -----END PGP SIGNATURE-----