Am 03.07.2013 05:24, schrieb Professa Dementia: > On 7/2/2013 7:11 PM, Stan Hoeppner wrote: >> On 7/2/2013 8:32 PM, Professa Dementia wrote: >>> On 7/2/2013 6:21 PM, John Fawcett wrote: >>>> dnsbl's are a popular method to prevent listed ips from making >>>> connections to mta software. >>>> >>>> cf. postscreen_dnsbl_sites in postfix >>>> >>>> Would it be possible to introduce such a feature in dovecot, so that >>>> connections can be denied >>>> based on a dnsbl lookup (where the precise dnsbls used are configurable)? >>>> >>>> John >>>> >>> >>> Let's back up a bit. This does not seem like a feature that Dovecot needs. >>> >>> Rather, what problem are you trying to solve? Maybe there is an >>> existing or better way to accomplish it. >> >> Based on John's recent thread on postfix-users on the same general >> subject, I'd guess he's trying to stop rouge/malicious connections. >> > > That's my point. A self run IP blackhole list is almost useless. > Distributed RBLs are much more effective. However, existing ones are > based on spam sources, not malicious connections to POP or IMAP servers. > > Knowing the problem would be beneficial in determining a good solution. > For certain types of connection abuse, Fail2Ban works remarkably well. > But, without knowing his exact problem, it may not be the correct solution. > > Dem >
i think an auto dynamic user/ip based con limit might be best , but i guess it will be difficult to implement, for this you need some log analyser counting wrong auth user/ip pairs, invoking some action on the fly , like throttle user from ip, and auto high user/ip login throttle by adjustable time periods , also there must be some whitelist possible Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein