[Dovecot] need to block user by IP address (tried denyhosts, xinetd, iptables etc)
rostetter at mail.utexas.edu
Wed Nov 10 05:59:14 EET 2010
Quoting David Ford <david at blue-labs.org>:
> I'm not a proponent of fail2ban as I think going straight to the horse's
> mouth is wiser (keep it all in iptables in the first place).
I'm not a fan of fail2ban (tail/grep a log file, really?) but there
are other options which do this kind of thing "better" and still
allow iptables/routing to handle the issue.
> I agree
> with Stan that your VPS provider is on the wal-mart list. If no other
> solution avails, code up a quick little ditty that does the actual
> socket listen. If the incoming IP matches an allow list, hand it off to
> dovecot as an exec(), if not, deal with it as you see fit - normally,
> dropping the packet on the floor.
That is a fine solution, if it meets their "package" requirements.
If not, then something like pam_shield or a similar package may due.
But even then, those types of packages may not meet the site's packaging
I can't believe a company with a packaging requirement run a Fedora though.
That seems incongruous to me... Seems like they only have half a clue...
The Department of Physics
The University of Texas at Austin
More information about the dovecot