> On 22/04/2023 18:21 EEST Michael Grimm via dovecot <dovecot@dovecot.org> > wrote: > > > Marc <m...@f1-outsourcing.eu> wrote: > > >> Blacklistd places a very short set of code to send a small packet to a > >> socket when > >> the decision is made to deny access. > > > And how does blacklistd get fed? > > > Actually, one needs to add a small amount of code to dovecot which writes to > a socket. This code needs to be invoked whenever someone tries to "break in" > or "abuse" your dovecot server. Thus, the application informs the blacklistd > daemon about abuse and who did so. Blacklistd listens to that socket [1]. > > The running blacklistd then decides what to do with these attempts and uses > firewall functionality to block future attempts if wanted. > > [1] https://github.com/paul-chambers/blacklistd > > The sources of bind, ftp, sshd, and postfix have already been modified > accordingly. > > Regards, > Michael
So, why not use auth policy for this? It can send information about potential login attempts to a remote server. And if the data format is not exactly correct for blacklistd, I'm sure an adapter can be added in the middle or into blacklistd. Aki _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org