[Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

Rick Romero rick at havokmon.com
Tue Oct 22 22:45:02 EEST 2013


  Quoting Marc Perkel <marc at perkel.com>:

> I would like to have a list of IPs (hacker list) that I can do a lookup
> on so that if anyone tries to authenticate to dovecot they always fail
> if they are on my list.
>
> I have the list - and the list is available as a DNS blacklist.
>
> I'd like to have it work with both local IP lists or RBL lookup.
>
> The idea is so hackers from known IP addresses never succeed.
>
> If Dovecot provides the feature I have about 1/2 million IP addresses of
> known current hackers to block.
> Anyone else interested in this?

How about doing a SQL Auth with a 'NOT IN ' select.

Then in your post auth script do an RBL lookup and if listed (but not in
your whitelist), add to your table (with a timestamp to expire of course)
and kick the user.

IMHO, the problem with all out blocks on auth is the same as doing an all
out block based on SPF - so many IPs are shared you can easily get false
positives.

Rick


More information about the dovecot mailing list