[Dovecot] Any way to let dovecot block pop3 attempts?

[Professa Dementia]

On 5/10/2013 6:17 AM, Steve Campbell wrote:

> But I believe fail2ban uses iptables, and I don't run a local firewall
> on the server. I'd prefer not to use a separate server to inject
> firewall rules on the border firewall. I might be wrong about fail2ban,
> though.
> 
> I was hoping there was a file for pop and imap in dovecot similar to the
> smtp "access" file in sendmail (which is what I use, BTW)
> 

I run both - a border firewall and iptables on individual systems.  The
border firewall allows or denies traffic to specific systems; for
instance, web traffic can go to web servers, but web traffic destined
for mail servers is dropped.

Local servers also have basic rules like this (mail servers drop all web
traffic), but they also have more specific rules, such as the fail2ban
abuse detection rules.

This is called the belt and suspenders approach to security, and is a
good idea.  With your current method, if a hacker gains access to one
system, they can launch attacks at other systems on the same network
which they would not be able to do from outside the network.  Belt and
suspends mitigates much of that.

Just having local iptables, but no border firewall means that a hacker
that gains access to a system can disable iptables and use the system to
launch attacks at other systems, use the system as a malware repository
that is accessed on non-standard ports, etc.  Belt and suspenders
mitigates this also.

If you are able, you should consider running iptables locally on each
system.  This would then let you run fail2ban, also.

FWIW, I also run an invisible IDS at the border and local IDS's that are
not so invisible, but that is beyond the scope of your comment.

Dem