[Dovecot] Odd Feature Request - RBL blacklist lookup to prevent authentication

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Wed Oct 23 10:24:53 EEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 22 Oct 2013, Marc Perkel wrote:

> I would like to have a list of IPs (hacker list) that I can do a lookup on so 
> that if anyone tries to authenticate to dovecot they always fail if they are 
> on my list.
>
> I have the list - and the list is available as a DNS blacklist.
>
> I'd like to have it work with both local IP lists or RBL lookup.
>
> The idea is so hackers from known IP addresses never succeed.

Why would you let the auth happen at all? Is it some sort of tarpitting? 
Otherwise you could just block the IP with a firewall.

Maybe you can combine the deny AuthDatabase, as explained here:
http://wiki2.dovecot.org/Authentication/RestrictAccess?highlight=%28deny%29
with a socket auth demon:
http://wiki2.dovecot.org/AuthDatabase/Dict

So, you return success via the auth socket dict and use the remote IP as 
"key", but success is turned into "deny".

> If Dovecot provides the feature I have about 1/2 million IP addresses of 
> known current hackers to block.

Well, I do not like the notion "one IP == one person", too many setups use 
NAT.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUmd5xl3r2wJMiz2NAQLaVQf+KLz5cXy9u51KdVnoc2deJydbSuv0J8b1
IpQ2270EIKctTwtwABvYEEOM8o07S20kAL+vqBFBFgvS6pK/mgtm9fg/z1+GPgpu
S5ngfOuHw+NrmwSP/JSOGCezFXnccH2a7KVN47pgYVRKWEOMH+j0hbbrogfXcMRD
NMtI3GTDlPO0BVdXAavJxQylXbVYAZy5icrd/YkFyp6MkWCNOWkUYzOmr1/sAPZu
8t2t0SXXyfUc/gKHOdO8EGGbS2Bc2YRRO/M3iLScAiJWdo6uu4uCMOjPbZB+utqB
8Nicns0n9ZSCgIixYrjsfwE75nEjY8IwbSplL952sz4kHvG3+5MYrA==
=TH+V
-----END PGP SIGNATURE-----


More information about the dovecot mailing list