-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 22 Oct 2013, Marc Perkel wrote:
I would like to have a list of IPs (hacker list) that I can do a lookup on so
that if anyone tries to authenticate to dovecot they always fail if they are
on my list.
I have the list - and the list is available as a DNS blacklist.
I'd like to have it work with both local IP lists or RBL lookup.
The idea is so hackers from known IP addresses never succeed.
Why would you let the auth happen at all? Is it some sort of tarpitting?
Otherwise you could just block the IP with a firewall.
Maybe you can combine the deny AuthDatabase, as explained here:
http://wiki2.dovecot.org/Authentication/RestrictAccess?highlight=%28deny%29
with a socket auth demon:
http://wiki2.dovecot.org/AuthDatabase/Dict
So, you return success via the auth socket dict and use the remote IP as
"key", but success is turned into "deny".
If Dovecot provides the feature I have about 1/2 million IP addresses of
known current hackers to block.
Well, I do not like the notion "one IP == one person", too many setups use
NAT.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUmd5xl3r2wJMiz2NAQLaVQf+KLz5cXy9u51KdVnoc2deJydbSuv0J8b1
IpQ2270EIKctTwtwABvYEEOM8o07S20kAL+vqBFBFgvS6pK/mgtm9fg/z1+GPgpu
S5ngfOuHw+NrmwSP/JSOGCezFXnccH2a7KVN47pgYVRKWEOMH+j0hbbrogfXcMRD
NMtI3GTDlPO0BVdXAavJxQylXbVYAZy5icrd/YkFyp6MkWCNOWkUYzOmr1/sAPZu
8t2t0SXXyfUc/gKHOdO8EGGbS2Bc2YRRO/M3iLScAiJWdo6uu4uCMOjPbZB+utqB
8Nicns0n9ZSCgIixYrjsfwE75nEjY8IwbSplL952sz4kHvG3+5MYrA==
=TH+V
-----END PGP SIGNATURE-----
