On 03/07/13 09:26, Robert Schetterer wrote: > Am 03.07.2013 04:11, schrieb Stan Hoeppner: >> On 7/2/2013 8:32 PM, Professa Dementia wrote: >>> On 7/2/2013 6:21 PM, John Fawcett wrote: >>>> dnsbl's are a popular method to prevent listed ips from making >>>> connections to mta software. >>>> >>>> cf. postscreen_dnsbl_sites in postfix >>>> >>>> Would it be possible to introduce such a feature in dovecot, so that >>>> connections can be denied >>>> based on a dnsbl lookup (where the precise dnsbls used are configurable)? >>>> >>>> John >>>> >>> Let's back up a bit. This does not seem like a feature that Dovecot needs. >>> >>> Rather, what problem are you trying to solve? Maybe there is an >>> existing or better way to accomplish it. >> Based on John's recent thread on postfix-users on the same general >> subject, I'd guess he's trying to stop rouge/malicious connections. >> > so perhaps fail2ban might help, or construct something out of syslog and > iptables recent, or use dovecot deny etc > > http://wiki2.dovecot.org/HowTo/Fail2Ban > http://wiki2.dovecot.org/Authentication/RestrictAccess > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > only german, but code should understandable anyway for new coding ideas > > http://sys4.de/de/blog/2012/12/28/botnets-mit-rsyslog-und-iptables-recent-modul-abwehren/ > > usually fail2ban is enough for brute force pop3/imap, but blocking ips > is a problem ever with nat clients > > > Best Regards > MfG Robert Schetterer > Thanks Robert, I saw that article and implemented that in fail2ban to stop repeated hammering attempts on the server from the same clients already rejected by dnsbl in postfix.
I was thinking of extending the mechanism to imap/pop. John
