IP drop list

Mon Mar 2 09:06:41 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 2 Mar 2015, Dave McGuire wrote:
> On 03/02/2015 02:38 AM, Oliver Welter wrote:
>> Guys, dovecot is open source - if you desire a feature that the upstream
>> programmer did not include, pay him a bounty to do so or send him a
>> patch to be included. Period. We can discuss and mightbe somebody will
>> fork if he is not willing to accept such a solutuion for any political
>> reason.
>>
>> I am really tired of reading this kind of complaints on OSS lists.
>
>  ....and this is perhaps the second most predictable knee-jerk response.
>
>  I am certainly capable of writing such a patch, but there is no point
> in expending the effort if it would not be included in the code base.
> The extreme negative reactions to this idea from people in this
> community, every time it has come up over the years, with almost rabid

Neither Timo nor dovecot.fi did responded with "use fail2ban", if I 
remember correctly. I actually wonder, why nobody replied with: "this is 
what tcpwrapper is for" :-) 
http://wiki2.dovecot.org/LoginProcess?highlight=%28tcp+wrapper%29
what had been ruled out by the OP with a conditional *if*.

If you for instance add a passdb{} driver, that does not interfere with 
the remaining code base (much), so one can use:

passdb {
 	driver = ipdeny
 	args = <host>/matchpattern/action .... ***
}

in front of any other passdb{}.

*** some sort of notation to configure IP source, matching and reaction.

If such plugin(?) is available, I would expect immediate complains, it 
does not support:

+ local file lists with various sets of syntaxes
+ RBLs with a fine grained response matching
+ use the same RBL response for multiple match-action pairs
+ have it depended on protocol (POP3, IMAP, ManageSieve, ...)
+ have it depended on user (use that passdb for all-but or just-these)
+ have it to kick in after certain user-protocol-count-time patterns only

There is this, too:
http://article.gmane.org/gmane.mail.imap.dovecot/61570
http://article.gmane.org/gmane.mail.imap.dovecot/42512

Maybe an addition to the penalty service would be OK as well.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVPQoIXz1H7kL/d9rAQLHWwgAs+8TAw7i3qerJQHXD4GSDO0jPCDtqGg3
660CMHCilWNYP+AwM/wxRbBkhz6rtTZrMa3BjLlHo3jnc/kNnJu8YdPCiolQCiWX
enU5576oeCikWcAQG/BJxrRTCtHVjzhenu/skCazD8vKncIUlJtn+kiAqpGC3NPe
IAJg2FvZ0wgI+bzecZHFktVT8TF0JWtd8FNkD83rOJvNUW7ECrzyAMSUKQ+X54GH
6vcto6eeERY3DKpf/xUs1QBM/Pee1gdMTFU4clW2u9QZLf1aKuNaEVBAx4BaI5Ti
hzL/UIXZ0+qHehxNCIyTFx0t4MZsPfJg9/dS3t2vmX9efSUFxe9bgg==
=XjPT
-----END PGP SIGNATURE-----