Hello,
As a result of learning of the new 'Intro' App introduced by LinkedIn, and discussing how to block SMTP access to my postfix server from these clients, I'm now interested in doing the same for dovecot.
Bottom line desire is to avoid scraping/hijacking email stored on my dovecot server by any client other than a users client.
This includes Intro (so, LinkedIn), Blackberry, GMail, Outlook, etc.
The boss has expressed the desire to NOT block all email from them, just disallow any of their clients from AUTH'ing (either SMTP or IMAP/POP).
I'd be interested if anyone has any kind of database of hostnames/IP blocks of the freemailers out there that support adding 3rd party accounts, especially ones supporting IMAP.
Anyway, article raising the concern found here:
http://www.bishopfox.com/blog/2013/10/linkedin-intro/
"LinkedIn released a new product today called Intro. They call it ?doing the impossible?, but some might call it ?hijacking email?. Why do we say this? Consider the following:
Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn?s servers. You read that right. Once you install the Intro app, all of your emails, both sent and received, are transmitted via LinkedIn?s servers. LinkedIn is forcing all your IMAP and SMTP data through their own servers and then analyzing and scraping your emails for data pertaining to?whatever they feel like."
--
Best regards,
*/Charles/*