Viktor Dukhovni wrote in <20200826195500.gc37...@straasha.imrryr.org>: |On Wed, Aug 26, 2020 at 08:41:14PM +0200, Steffen Nurpmeso wrote: |> One more thing i could contribute, just in case you do not know |> about it. Christos Zoulas of NetBSD has written a blocklist (it |> was blacklist for quite some years, but it losts it colour), and |> patched the postfix (among others) that is in the NetBSD base |> system to reach out and call a hook when an authentification |> failure happens. ... |> It would be great if a hook could be called for such events. Even |> a simple fork+detach+exec+forget approach would be really great, |> with an event indicator and an IP address as an argument. | |Ideally this would be done with a milter, milters see most SMTP commands |from clients, but there's no milter support for SASL AUTH commands, and |IIRC milters don't see the ultimate server replies. | |So bottom line, milters don't that SASL auth took place, and wouldn't |know whether these failed or not. This is unfortunate. | |Plugging ad-hoc hooks into Postfix is not particularly attractive, even |when otherwise well motivated. If, I am right in concluding that |milters aren't quite up to the task, it would be great if there were a |more general framework that can accomodate milters as a special case, |but might allow additional inspection of AUTH, STARTTLS, and any other |commands not supported by milters and also handle server replies so |that the plugin could collect information command failure, and not |just intercede to block some commands.
The _other_ series. I have no idea of milters, but it seems they can perform decisions and change or initiate state changes. I personally think this is overkill for what i have in mind, aka what is already implemented in blocklistd (and i wonder again why it is alone, rather isolated and not widely accepted). The state has already changed and only needs to reported to somewhere. Also in respect to performance, resource usage and elegance i think this is much better than log file parsing. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
