On 06/23/2011 02:23 AM, Kārlis Repsons wrote:
Hi Timo, hi all others!
In fact, I've only read one person claiming that IPv6 support opens up "too many backdoors" [1], but anyway, as I intend to run just particular services, please give me your opinion if it's insecure to have a dovecot server, which is accessed through a public IPv6 address... (or note just shortly what else could give a firm ground to such claims...)
I can't think of any backdoors introduced in IPv6. The trouble I foresee with IPv6 and email won't concern Dovecot, but some spam filtering.
Since the IPv6 address space is large, people can't expect to be successful by blocking spammers IP addresses one-by-one. Instead they will end up blocking entire subnets if that's a route they choose to go.
I know that Dovecot slows down/delays login attempts with multiple authentication failures. I guess the question to ask is whether this is source IP-based, or user name-based, or both. Anyone know the answer to this?
If it's source IP-based, then if I was an attacker with an IPv6 subnet assigned to me, I would just come at it with a different IP address each time to avoid the slowdown.
In short, that's the only real potential issue I could see.
Willie