Am 04.02.2014 18:40, schrieb Marc Perkel: > Hope to get some attention about this idea to reduce hacking passwords. > > Here is a list of about 700,000 IP addresses that are hacking passwords > through SMTP AUTH > > http://ipadmin.junkemailfilter.com/auth-hack.txt > > This is a list of IP addresses that attempted to authenticate against my > fake AUTH advertizing on servers with no authentication. We do front end > spam filtering for thousands of domains and I decided to advertize > authentication where there is none and I accept and blackhole all > authenticated email to those servers. I have harvested the IP addresses > in this list that is available through an RBL. > > > It seems to me that a nice dovecot feature would be the ability to do a > black list check against IP addresses connecting and deny access if listed.
http://wiki2.dovecot.org/Authentication/RestrictAccess but you could add them in a firewall too > > Thoughts? > > i think you know the problems of rbls very well, in case of imap/pop a false postive may high support extremly, also think of nat users i prefer more dynamic and flexibel solutions, like fail2ban etc so your honeypot ips are fine , but shouldnt be widly used/match for everybody needs perhaps it might be better ,use them in a more "score" or monitoring / alarming system combined with other data Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
