-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 22 Oct 2013, Marc Perkel wrote:
I would like to have a list of IPs (hacker list) that I can do a lookup on so that if anyone tries to authenticate to dovecot they always fail if they are on my list.
I have the list - and the list is available as a DNS blacklist.
I'd like to have it work with both local IP lists or RBL lookup.
The idea is so hackers from known IP addresses never succeed.
Why would you let the auth happen at all? Is it some sort of tarpitting? Otherwise you could just block the IP with a firewall.
Maybe you can combine the deny AuthDatabase, as explained here: http://wiki2.dovecot.org/Authentication/RestrictAccess?highlight=%28deny%29 with a socket auth demon: http://wiki2.dovecot.org/AuthDatabase/Dict
So, you return success via the auth socket dict and use the remote IP as "key", but success is turned into "deny".
If Dovecot provides the feature I have about 1/2 million IP addresses of known current hackers to block.
Well, I do not like the notion "one IP == one person", too many setups use NAT.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUmd5xl3r2wJMiz2NAQLaVQf+KLz5cXy9u51KdVnoc2deJydbSuv0J8b1 IpQ2270EIKctTwtwABvYEEOM8o07S20kAL+vqBFBFgvS6pK/mgtm9fg/z1+GPgpu S5ngfOuHw+NrmwSP/JSOGCezFXnccH2a7KVN47pgYVRKWEOMH+j0hbbrogfXcMRD NMtI3GTDlPO0BVdXAavJxQylXbVYAZy5icrd/YkFyp6MkWCNOWkUYzOmr1/sAPZu 8t2t0SXXyfUc/gKHOdO8EGGbS2Bc2YRRO/M3iLScAiJWdo6uu4uCMOjPbZB+utqB 8Nicns0n9ZSCgIixYrjsfwE75nEjY8IwbSplL952sz4kHvG3+5MYrA== =TH+V -----END PGP SIGNATURE-----