[Dovecot] dnsbl feature for dovecot
john.ml at erba.tv
Wed Jul 3 10:35:47 EEST 2013
On 03/07/13 05:24, Professa Dementia wrote:
> On 7/2/2013 7:11 PM, Stan Hoeppner wrote:
>> On 7/2/2013 8:32 PM, Professa Dementia wrote:
>>> On 7/2/2013 6:21 PM, John Fawcett wrote:
>>>> dnsbl's are a popular method to prevent listed ips from making
>>>> connections to mta software.
>>>> cf. postscreen_dnsbl_sites in postfix
>>>> Would it be possible to introduce such a feature in dovecot, so that
>>>> connections can be denied
>>>> based on a dnsbl lookup (where the precise dnsbls used are configurable)?
>>> Let's back up a bit. This does not seem like a feature that Dovecot needs.
>>> Rather, what problem are you trying to solve? Maybe there is an
>>> existing or better way to accomplish it.
>> Based on John's recent thread on postfix-users on the same general
>> subject, I'd guess he's trying to stop rouge/malicious connections.
> That's my point. A self run IP blackhole list is almost useless.
> Distributed RBLs are much more effective. However, existing ones are
> based on spam sources, not malicious connections to POP or IMAP servers.
> Knowing the problem would be beneficial in determining a good solution.
> For certain types of connection abuse, Fail2Ban works remarkably well.
> But, without knowing his exact problem, it may not be the correct solution.
The point is to stop spambot connections to pop and
imap (which are usually done to try and steal
I already use fail2ban to stop brute force attacks but
that means that each one has to be allowed to connect
a specified number of times and trigger the filter.
I was imagining a distributed solution which is already
in use in many mtas applied also to imap and pop
so that connections could be stopped from the first
I am assuming that if there is such a feature then data is
available (e.g. sorbs) or if not yet being collected that it
could be done.
More information about the dovecot