On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote:>> Which is why a dnsbl for dovecot is a good idea. I do not believe the >> agents behind these login attempts are only targeting me, hence the >> addresses should be shared via a dnsbl. > > Probably there's an existing solution for both problems (subsequent > attempts and dnsbl): > >> https://github.com/PowerDNS/weakforced"The goal of 'wforce' is to detect brute forcing of passwords across many servers" The problem is not detecting but blocking. Dovecot has no mechanism for using the data; Dovecot needs DNSBL capability. I tested a small sample of my IMAP hackers using the lists I use for SMTP blocking [1] and enough are in these list to make them worth using. Extra detection is not needed as many of these addresses are already known - maybe even by using weakforced. James. 1. exim dnsblist: https://www.exim.org/howto/rbl.html https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html
On 12.4.2019 10.21, James via dovecot wrote:> On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: > >>> Which is why a dnsbl for dovecot is a good idea.? I do not believe the >>> agents behind these login attempts are only targeting me, hence the >>> addresses should be shared via a dnsbl. >> >> Probably there's an existing solution for both problems (subsequent >> attempts and dnsbl): >> >>> https://github.com/PowerDNS/weakforced > > "The goal of 'wforce' is to detect brute forcing of passwords across > many servers" > > The problem is not detecting but blocking.? Dovecot has no mechanism > for using the data; Dovecot needs DNSBL capability. > > I tested a small sample of my IMAP hackers using the lists I use for > SMTP blocking [1] and enough are in these list to make them worth > using. ?Extra detection is not needed as many of these addresses are > already known - maybe even by using weakforced. > > > > James. > > > 1. exim dnsblist: > https://www.exim.org/howto/rbl.html > https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html > >Weakforced uses Lua so you can easily integrate DNSBL support into it. We will not add DNSBL support to dovecot at this time. Aki
On 12/04/2019 08:24, Aki Tuomi via dovecot wrote:> Weakforced uses Lua so you can easily integrate DNSBL support into it.How does this help Dovecot block? A link to some documentation or example perhaps?> We will not add DNSBL support to dovecot at this time.Is there a reason why you will not support this RFE?