Quoting Marc Perkel marc@perkel.com:
I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list.
I have the list - and the list is available as a DNS blacklist.
I'd like to have it work with both local IP lists or RBL lookup.
The idea is so hackers from known IP addresses never succeed.
If Dovecot provides the feature I have about 1/2 million IP addresses of known current hackers to block. Anyone else interested in this?
How about doing a SQL Auth with a 'NOT IN ' select.
Then in your post auth script do an RBL lookup and if listed (but not in your whitelist), add to your table (with a timestamp to expire of course) and kick the user.
IMHO, the problem with all out blocks on auth is the same as doing an all out block based on SPF - so many IPs are shared you can easily get false positives.
Rick