<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi<div class=""><br class=""></div><div class="">We have been looking a bit into JA3 (<a href="https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967" class="">https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967</a> and <a href="https://blog.squarelemon.com/tls-fingerprinting/" class="">https://blog.squarelemon.com/tls-fingerprinting/</a> ) for possible threat actor identifications.</div><div class="">Roughly speaking you can think of JA3 as the TLS equivalent of the User-Agent string.</div><div class=""><br class=""></div><div class="">Has anybody been looking into the possibility of building an open source dovecot JA3 plugin?</div><div class="">I’d also like to hear the technical pros/cons of doing so…and perhaps the ethical deliberations also :-) </div><div class=""><br class=""></div><div class="">Kind Regards,</div><div class="">  Sidsel</div></body></html>