[Dovecot] dnsbl feature for dovecot

John Fawcett john.ml at erba.tv
Wed Jul 3 10:38:59 EEST 2013


On 03/07/13 09:26, Robert Schetterer wrote:
> Am 03.07.2013 04:11, schrieb Stan Hoeppner:
>> On 7/2/2013 8:32 PM, Professa Dementia wrote:
>>> On 7/2/2013 6:21 PM, John Fawcett wrote:
>>>> dnsbl's are a popular method to prevent listed ips from making
>>>> connections to mta software.
>>>>
>>>> cf. postscreen_dnsbl_sites in postfix
>>>>
>>>> Would it be possible to introduce such a feature in dovecot, so that
>>>> connections can be denied
>>>> based on a dnsbl lookup (where the precise dnsbls used are configurable)?
>>>>
>>>> John
>>>>
>>> Let's back up a bit.  This does not seem like a feature that Dovecot needs.
>>>
>>> Rather, what problem are you trying to solve?  Maybe there is an
>>> existing or better way to accomplish it.
>> Based on John's recent thread on postfix-users on the same general
>> subject, I'd guess he's trying to stop rouge/malicious connections.
>>
> so perhaps fail2ban might help, or construct something out of syslog and
> iptables recent, or use dovecot deny etc
>
> http://wiki2.dovecot.org/HowTo/Fail2Ban
> http://wiki2.dovecot.org/Authentication/RestrictAccess
> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>
> only german, but code should understandable anyway for new coding ideas
>
> http://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/
>
> usually fail2ban is enough for brute force pop3/imap, but blocking ips
> is a problem ever with nat clients
>
>
> Best Regards
> MfG Robert Schetterer
>
Thanks Robert, I saw that article and implemented that
in fail2ban to stop repeated hammering attempts on the server
from the same clients already rejected by dnsbl in postfix.

I was thinking of extending the mechanism to imap/pop.

John


More information about the dovecot mailing list