RFE: dnsbl-support for dovecot

Stephan Bosch stephan at rename-it.nl
Tue Jun 17 19:30:56 UTC 2014


On 6/17/2014 7:16 PM, Reindl Harald wrote:
> after having my own dnsbl feeded by a honeypot and even
> mod_security supports it for webservers i think dovecot
> sould support the same to prevent dictionary attacks from
> known bad hosts, in our case that blacklist is 100%
> trustable and blocks before SMTP-Auth while normal RBL's
> are after SASL
>
> i admit that i am not a C/C++-programmer, but i think
> doing the DNS request and in case it has a result block
> any login attemt should be not too complex
>
> setup a own honeypot and feed rbldnsd with the sources
> is quite easy and in case of a own, trustable RBL where
> no foreigners report somebody by mistake it's relieable
> and scales well over many machines and services as long
> services supporting it
>
> mod_security:
> http://blog.inliniac.net/2007/02/23/blocking-comment-spam-using-modsecurity-and-realtime-blacklists/
>

There are some Dovecot developments in that area:

http://www.dovecot.org/talks/berlin-20140513.pptx.pdf (page 22)

Regards,

Stephan.


More information about the dovecot mailing list