[Dovecot] dnsbl feature for dovecot
rs at sys4.de
Wed Jul 3 10:37:14 EEST 2013
Am 03.07.2013 05:24, schrieb Professa Dementia:
> On 7/2/2013 7:11 PM, Stan Hoeppner wrote:
>> On 7/2/2013 8:32 PM, Professa Dementia wrote:
>>> On 7/2/2013 6:21 PM, John Fawcett wrote:
>>>> dnsbl's are a popular method to prevent listed ips from making
>>>> connections to mta software.
>>>> cf. postscreen_dnsbl_sites in postfix
>>>> Would it be possible to introduce such a feature in dovecot, so that
>>>> connections can be denied
>>>> based on a dnsbl lookup (where the precise dnsbls used are configurable)?
>>> Let's back up a bit. This does not seem like a feature that Dovecot needs.
>>> Rather, what problem are you trying to solve? Maybe there is an
>>> existing or better way to accomplish it.
>> Based on John's recent thread on postfix-users on the same general
>> subject, I'd guess he's trying to stop rouge/malicious connections.
> That's my point. A self run IP blackhole list is almost useless.
> Distributed RBLs are much more effective. However, existing ones are
> based on spam sources, not malicious connections to POP or IMAP servers.
> Knowing the problem would be beneficial in determining a good solution.
> For certain types of connection abuse, Fail2Ban works remarkably well.
> But, without knowing his exact problem, it may not be the correct solution.
i think an auto dynamic user/ip based con limit might be best , but i
guess it will be difficult to implement, for this you need some log
analyser counting wrong auth user/ip pairs, invoking some action on the
fly , like throttle user from ip, and auto high user/ip login throttle
by adjustable time periods , also there must be some whitelist possible
MfG Robert Schetterer
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the dovecot