RBL with stock Dovecot 2.2.15 (was Re: IP drop list)

Reindl Harald h.reindl at thelounge.net
Thu Mar 5 21:50:39 UTC 2015


Am 05.03.2015 um 22:45 schrieb Steffen:
> Steffen Kaiser wrote:
>
>> passdb { driver = ipdeny args = <host>/matchpattern/action ....
>> *** }
>
> With next passdb{} as 1st in chain:
>
> passdb {
>    driver = checkpassword
>    args = "/tmp/chktst ip=%r service=%s"
>    result_success = continue
>    result_failure = return-fail
> }
>
> and this script
> BEGIN /tmp/chktst
> #!/bin/bash
>
> echo "$@" >>/tmp/chktst.log
> # return OK
> exit 0
> # return FAIL
> exit 1
> END
>
> I get the log entry:
> ip=127.0.0.1 service=imap
> /usr/local/dovecot-2.2.15/libexec/dovecot/checkpassword-reply
>
> and with exit 0, the next passdb{} let me login, and with exit 1, all
> logins fail.
>
> So, with the current stock Dovecot you can make RBL calls and
> decissions with a script. ;-)

* with a terrible overhead starting a full process
* no handling for DNS temp errors and so on
* i don't see any RBL handling above, you just call a random script

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150305/67b88006/attachment.sig>


More information about the dovecot mailing list