[Dovecot] Blocking certain hostnames/clients

Charles Marcus CMarcus at Media-Brokers.com
Sun Oct 27 22:21:58 EET 2013


Hello,

As a result of learning of the new 'Intro' App introduced by LinkedIn, 
and discussing how to block SMTP access to my postfix server from these 
clients, I'm now interested in doing the same for dovecot.

Bottom line desire is to avoid scraping/hijacking email stored on my 
dovecot server by any client other than a users client.

This includes Intro (so, LinkedIn), Blackberry, GMail, Outlook, etc.

The boss has expressed the desire to NOT block all email from them, just 
disallow any of their clients from AUTH'ing (either SMTP or IMAP/POP).

I'd be interested if anyone has any kind of database of hostnames/IP 
blocks of the freemailers out there that support adding 3rd party 
accounts, especially ones supporting IMAP.

Anyway, article raising the concern found here:

http://www.bishopfox.com/blog/2013/10/linkedin-intro/

"LinkedIn released a new product today called Intro.  They call it
?doing the impossible?, but some might call it ?hijacking email?.
Why do we say this?  Consider the following:

Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of
your emails go through LinkedIn?s servers. You read that right. Once
you install the Intro app, all of your emails, both sent and received,
are transmitted via LinkedIn?s servers. LinkedIn is forcing all your
IMAP and SMTP data through their own servers and then analyzing and
scraping your emails for data pertaining to?whatever they feel like."

-- 

Best regards,

*/Charles/*


More information about the dovecot mailing list