Nick Edwards writes:
I thought Timo once said dovecot had tarpitting, its useless if it is there, and if it is, it needs user configurable timings, or maybe its one of those things thats been in the gunna happen list for a long time, like other stuff
If I remember correctly, I think this was the "auth_failure_delay" feature. However, these delays are only inserted into the same session -- no IP tracking is done so a BFD attacking host can just keep opening up new connections.
Dave McGuire writes:
Please add this support to iptables instead of Dovecot. It's a waste of effort to code it into every application that listens on the network.
<head explodes>
Would you care to integrate it into IOS on my Cisco as well?
There are things connected to the Internet that aren't PCs running Linux, you know. It may be hard to accept, but that's the way it is.
I assume your dovecot runs on some kind of *nix
Of course. I run it under Solaris.
Oddly enough, if you run some versions of Solaris, it uses IPFilter as the native firewall, and it *does* have userland hooks so that you can make pass/block decisions based on userland executable. Not well documented though (see auth rules).
You would need a firewall rule like
auth in proto tcp from any to any port = 143 flags S/SA keep statethen write a program that does ioctl(ipauth) calls to inspect and accept/reject packets; not for the faint of heart. However, you can use whatever weird and wonderful methods you want to determine IMAP/POP/SMTP network access policy, including DNSRBL or parsing a text file.
This thread seems to be spinning into non-dovecot subjects, and I'm not helping, so I'll stop.
Joseph Tam <jtam.home@gmail.com>
participants (1)
-
Joseph Tam