Hi,
What we do is: use https://github.com/trick77/ipset-blacklist to block IPs (from various existing blacklists) at the iptables level using an ipset.
That way, the known bad IPs never even talk to dovecot, but are dropped immediately. We have the feeling it helps a lot.
MJ
On 4/12/19 10:27 AM, James via dovecot wrote:
On 12/04/2019 08:42, Aki Tuomi via dovecot wrote:
On 12.4.2019 10.34, James via dovecot wrote:
On 12/04/2019 08:24, Aki Tuomi via dovecot wrote:
Weakforced uses Lua so you can easily integrate DNSBL support into it. How does this help Dovecot block? A link to some documentation or example perhaps?
https://wiki.dovecot.org/Authentication/Policy
You can configure weakforced to return status -1 when DNSBL matches, which causes the user authentication to fail before any other processing happens.
Thank you. I will study this - although I dispute your "easily"!
James.