[Dovecot] need to block user by IP address (tried denyhosts, xinetd, iptables etc)

Eric Rostetter rostetter at mail.utexas.edu
Wed Nov 10 05:59:14 EET 2010


Quoting David Ford <david at blue-labs.org>:

> I'm not a proponent of fail2ban as I think going straight to the horse's
> mouth is wiser (keep it all in iptables in the first place).

I'm not a fan of fail2ban (tail/grep a log file, really?) but there
are other options which do this kind of thing "better" and still
allow iptables/routing to handle the issue.

> I agree
> with Stan that your VPS provider is on the wal-mart list.  If no other
> solution avails, code up a quick little ditty that does the actual
> socket listen.  If the incoming IP matches an allow list, hand it off to
> dovecot as an exec(), if not, deal with it as you see fit - normally,
> dropping the packet on the floor.

That is a fine solution, if it meets their "package" requirements.
If not, then something like pam_shield or a similar package may due.
But even then, those types of packages may not meet the site's packaging
requirements.

I can't believe a company with a packaging requirement run a Fedora though.
That seems incongruous to me...  Seems like they only have half a clue...

> -david

-- 
Eric Rostetter
The Department of Physics
The University of Texas at Austin

Go Longhorns!



More information about the dovecot mailing list