JA3/JA3S as a Dovecot plugin?

Sidsel Jensen sje at one.com
Tue Jan 18 08:59:19 UTC 2022


Hi

We have been looking a bit into JA3 (https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967 <https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967> and https://blog.squarelemon.com/tls-fingerprinting/ <https://blog.squarelemon.com/tls-fingerprinting/> ) for possible threat actor identifications.
Roughly speaking you can think of JA3 as the TLS equivalent of the User-Agent string.

Has anybody been looking into the possibility of building an open source dovecot JA3 plugin?
I’d also like to hear the technical pros/cons of doing so…and perhaps the ethical deliberations also :-)

Kind Regards,
  Sidsel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220118/eb64b227/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220118/eb64b227/attachment.sig>


More information about the dovecot mailing list