Re: [exim] Dovecot style Authentication Policy Server for Exim?

Tue, 17 Mar 2020 12:59:51 -0700 


Top posting seems the best style for this reply.
I have pruned the original question.

There is a Dovecot Authenticator for Exim (spec.txt chapter 37)
I'm not sure whether $sender_host_address is passed to Dovecot,
so it may or may not be possible to enforce the GEOIP policy
(but I'd be tempted to do that in a firewall such as iptables
before the connection reaches exim unless the location of the
logging is critical).

On Tue, 17 Mar 2020, Mike Tubby via Exim-users wrote:


Dovecot IMAP/POP3 server has a built-in Authentication Policy sub-system 
whereby it can make a web-services call to to an Authentication Policy 
Server:


1.  ___ command: on connect, before authentication
2.  ___ command: on connect, after authentication
3.  ___ report: on final outcome of policy + authentication


It would be "really good"(tm) if Exim could implement a similar 
concept/service/API as it would allow me to leverage GEOIP against possible 
attackers of some (protected) services and report back in to a common 
database of failed connections for (a) GEOIP policy or (b) username/password 
authentication failure.



I currently use GEOIP from the DBIP database on a local server with a bit of 
PHP I hacked together to satisfy the Dovecot web-services API via nginx on 
localhost in the server in question and its been enlightening to see  where 
requests are coming from...   It appears that I am currently receiving around 
1500-2000 IMAP connects per day from botnets with half-valid/half-guessed 
credentials, for example:




While this log is for Dovecot, it would be really good (tm) if Exim could 
make similar call outs to an Authentication Policy Server, perhaps passing:


___ 1. Remote IP address (IPv4/IPv6)
___ 2. If the session is plain-text or upgraded to SSL/TLS
___ 3. Which SSL/TLS Cipher is in use
___ 4. The username presented at start of auth
___ 5. Some sort of hash of the password presented at auth - like Dovecot
does


Has anyone implemented a Dovecot-a-like authentication policy server for 
Exim

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/






















					Reply via email to