Filtering by country
Aki Tuomi
aki.tuomi at dovecot.fi
Mon Oct 16 07:20:46 EEST 2017
Another good alternative is to use auth_policy_server along with Weakforced (https://github.com/PowerDNS/weakforced) to do this filtering. It has GeoIP support, and since dovecot does auth policy lookup before and after user authentication, you can set some cos attribute in the user's account and pass that on to weakforced so it knows to refuse the login if it comes from unexpected country.
Aki
> On October 16, 2017 at 5:21 AM Gary <lists at lazygranch.com> wrote:
>
>
> For a global filter, that is filter all accounts, I use the data provided by ip2location. I put the CIDRs for all the countries where I don't plan on sending or retrieving mail in the ipfw firewall. Block all mail ports other than 25.
>
> Noye by not blocking 25, you can still receive email independent of the countries you blocked. You just can send or retrieve via pop/images.
>
> This assumes an email server using 587.
>
> I have an extensive list of IP space consisting of hosts, VPN, and VPS that I also keep away from the server excluding 25. Basically you can block IP space that you don't expect to use. Since my server is just for me, I can get very aggressive in blocking.
>
>
>
> Original Message
> From: anvar at anvartay.com
> Sent: October 15, 2017 6:43 PM
> To: dovecot at dovecot.org
> Subject: Filtering by country
>
> Is it possible to filter out logins by country (I would like to limit dovecot instance users to log in only from specific countries)?
>
> Anvar Kuchkartaev
> anvar at anvartay.com
More information about the dovecot
mailing list