On 09/01/2026 11:08, Lefteris Tsintjelis via dovecot wrote:
Hi,
Is there a way to block with RBLs? I already have a really good and very
trustworthy and accurate internal one that works extremely well and fast with
my SMTP servers for years now. Is there a way to apply the same RBL to dovecot?
Logs are really going crazy as they stopped with SMTP and started with IMAP for
a while now since dovecot is wide open to these attacks. Anvil does not seem to
do much here. I am looking for solutions other than fail2ban or anything
similar to this.
Lefteris
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Hi Lefteris
for smtp port 25 incoming email the use of RBLs is a consolidated
practice but for smtp auth the use of RBLs may not be so easy to apply
and I think the same goes for IMAP authentication.
I find it useful (both on Postfix and Dovecot) to apply XBL to block
connection to authenticated services. For me it works, but I have a very
low probability that legitimate users will connect from ip addresses on
XBL. Others have mentioned that it is not generally feasible if you have
a lot of users from dynamic ips, due to the potential of recycling of
blocked ip addresses to legitimate users.
In Dovecot if I remember correctly Aki previously mentioned that it
would be possible to use LUA scripts to do RBL looks prior to
authenticating, something that is on my to do list for future investigation.
In the meantime I run a locally patched version of Dovecot. I added an
"rbl_check" parameter to the protocol section, so it can also be
configured for managesieve as well as imap and pop3. I also took the
step of making protocol error limits configurable and then setting them
to a very low value (in my case 1). I think legitimate clients don't
need much space to make protocol errors so I am not too lenient.
John
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
