On 12.4.2019 10.21, James via dovecot wrote:
On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote:
Which is why a dnsbl for dovecot is a good idea. I do not believe the agents behind these login attempts are only targeting me, hence the addresses should be shared via a dnsbl.
Probably there's an existing solution for both problems (subsequent attempts and dnsbl):
"The goal of 'wforce' is to detect brute forcing of passwords across many servers"
The problem is not detecting but blocking. Dovecot has no mechanism for using the data; Dovecot needs DNSBL capability.
I tested a small sample of my IMAP hackers using the lists I use for SMTP blocking [1] and enough are in these list to make them worth using. Extra detection is not needed as many of these addresses are already known - maybe even by using weakforced.
James.
Weakforced uses Lua so you can easily integrate DNSBL support into it. We will not add DNSBL support to dovecot at this time.
Aki