Marc Marc@f1-outsourcing.eu wrote:
Blacklistd places a very short set of code to send a small packet to a socket when the decision is made to deny access.
And how does blacklistd get fed?
Actually, one needs to add a small amount of code to dovecot which writes to a socket. This code needs to be invoked whenever someone tries to "break in" or "abuse" your dovecot server. Thus, the application informs the blacklistd daemon about abuse and who did so. Blacklistd listens to that socket [1].
The running blacklistd then decides what to do with these attempts and uses firewall functionality to block future attempts if wanted.
[1] https://github.com/paul-chambers/blacklistd
The sources of bind, ftp, sshd, and postfix have already been modified accordingly.
Regards, Michael