On 12.4.2019 10.21, James via dovecot wrote: > On 11/04/2019 14:33, Anton Dollmaier via dovecot wrote: > >>> Which is why a dnsbl for dovecot is a good idea. I do not believe the >>> agents behind these login attempts are only targeting me, hence the >>> addresses should be shared via a dnsbl. >> >> Probably there's an existing solution for both problems (subsequent >> attempts and dnsbl): >> >>> https://github.com/PowerDNS/weakforced > > "The goal of 'wforce' is to detect brute forcing of passwords across > many servers" > > The problem is not detecting but blocking. Dovecot has no mechanism > for using the data; Dovecot needs DNSBL capability. > > I tested a small sample of my IMAP hackers using the lists I use for > SMTP blocking [1] and enough are in these list to make them worth > using. Extra detection is not needed as many of these addresses are > already known - maybe even by using weakforced. > > > > James. > > > 1. exim dnsblist: > https://www.exim.org/howto/rbl.html > https://www.exim.org/exim-html-current/doc/html/spec_html/ch-access_control_lists.html > >
Weakforced uses Lua so you can easily integrate DNSBL support into it. We will not add DNSBL support to dovecot at this time. Aki
