[jira] [Commented] (JAMES-3897) IP filtering with CrowdSec

Fri, 06 Oct 2023 13:07:28 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17772678#comment-17772678
 ] 

Benoit Tellier commented on JAMES-3897:
---------------------------------------

FYI an intern here starts to work on this.

We intend to use logs for detection. We need to also support structured JSON 
logs.

For distribution of the detection onto kubernetes native k8s agents addresses 
the topic: deploy one agent per node that gather logs of local docker 
containers. CF https://www.crowdsec.net/blog/kubernetes-crowdsec-integration 

We still need to apply the policies with a EHLO hook / mailet / IMAP 
connections, etc...

I am also wondering if crowdsec would be relevant for implementing distributed 
greylisting...

> IP filtering with CrowdSec
> --------------------------
>
>                 Key: JAMES-3897
>                 URL: https://issues.apache.org/jira/browse/JAMES-3897
>             Project: James Server
>          Issue Type: Sub-task
>            Reporter: Benoit Tellier
>            Priority: Major
>
> Thanks to recommandation from a collegue Xavier GUIMARD, I discovered 
> CrowdSec ( https://www.crowdsec.net/ ).
> CrowdSec is a free, modern & collaborative behavior detection engine, coupled 
> with a global IP reputation network, based on IA behaviour refinement.
> Develop a third-party plugin for questionning crowdSec:
>  - Create a SMTP EHLO hook questionning via a REST call the CrowdSec local 
> agent
>  - Create a mailet questionning via a REST call the CrowdSec local agent
>  - Create a mailet to provision local CrowdSec database (for highest level of 
> spam for instance)
>  - Think about the interfaces we would need to question CrowdSec upon 
> incoming IMAP connections
>  - Externalize behaviour linked to failed login attempts (sleep, 3 failure 
> connection closure) as configurable extensible plugins.
>  - Use it to manage IP reporting to crowdSec, especially upon failed 
> authentications (~fail2ban). 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to