Blocking Users from IMAP and/or POP
Blocking Users from IMAP and/or POP
I've got a couple of email addresses on my server which are aliases, so while they need to RECEIVE email (and forward to the correct mailbox), there's no reason why they'd ever need to log in to the server. Recently one of these emails got onto a botnet and I received tens of thousands of login requests for it, so I decided to block it from any login attempts.
The change is pretty simple. In /etc/dovecot/conf.d/ there are a bunch of config files. You need to locate the one which sets up passdb. In my case this was auth-passwdfile.conf.ext. The original code is this, which basically tells dovecot to use the exim password files.
So you need to edit that and add another passdb statement above that (so that DENY happens first):
Now you need three files in your /etc/dovecot/ directory.
Add any email addresses you want to block to these files, one per line (comments with a # are acceptable). So to deny [email protected] access via imap, but not via pop3, then add "[email protected]" to deny.imap. I noticed a lot of login attempts to "admin" (with no domain name), so I added that too.
Restart dovecot with 'systemctl restart dovecot.service' and check the results with 'tail -f /var/log/dovecot.log'
The change is pretty simple. In /etc/dovecot/conf.d/ there are a bunch of config files. You need to locate the one which sets up passdb. In my case this was auth-passwdfile.conf.ext. The original code is this, which basically tells dovecot to use the exim password files.
Code: Select all
passdb {
driver = passwd-file
args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
}Code: Select all
passdb {
driver = passwd-file
args = /etc/dovecot/deny.%s
deny = yes
}
passdb {
driver = passwd-file
args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
}Code: Select all
touch /etc/dovecot/deny.smtp
touch /etc/dovecot/deny.pop3
touch /etc/dovecot/deny.imapRestart dovecot with 'systemctl restart dovecot.service' and check the results with 'tail -f /var/log/dovecot.log'
Last edited by plutocrat on Wed Dec 19, 2018 6:25 am, edited 1 time in total.
-
americanninja
- Posts: 11
- Joined: Mon Feb 01, 2021 7:38 am
- Os: Ubuntu 17x
- Web: apache + nginx
Re: Blocking Users from IMAP and/or POP
Hi Plutocrat,
I'm hoping you could help me. I'm having a lot of issues with bruteforce attacks on my email server. I think this was because the VESTACP config files for EXIM and Dovecot were incorrectly configured. I came across this forum thread (viewtopic.php?t=9040) and it seems it fixes the fail2ban issue not blocking these attacks. So I am going to wait and see if my issue has now been resolved.
However, I think I have similar case to you, where I don't really need IMAP or POP services. I only use the vestaCP server to host a few websites and host my email addresses, but I simply setup the emails as forwarder to my gmail account. And then I use gmail to send outbound email through these email addresses by using SMTP of the server from Gmail. So I never connect to my server via IMAP or POP for the emails, as the email are deleted from server once they are forwarded.
So I was thinking it would be better to simply disable the POP and IMAP function from the server. maybe this would help to stop bots and hackers from attempting to gain access to the server. I can see in VestaCP that I can simply disable DOVECOT. Is that the best way to do this? Your process seems below that I have to edit many files. Can I simply turn off DOVEcot and it will block all POP and IMAP? Also, does this stay disabled upon reboot of the server or would I have to disable each time server is rebooted?
Thanks for any help you can offer!
I'm hoping you could help me. I'm having a lot of issues with bruteforce attacks on my email server. I think this was because the VESTACP config files for EXIM and Dovecot were incorrectly configured. I came across this forum thread (viewtopic.php?t=9040) and it seems it fixes the fail2ban issue not blocking these attacks. So I am going to wait and see if my issue has now been resolved.
However, I think I have similar case to you, where I don't really need IMAP or POP services. I only use the vestaCP server to host a few websites and host my email addresses, but I simply setup the emails as forwarder to my gmail account. And then I use gmail to send outbound email through these email addresses by using SMTP of the server from Gmail. So I never connect to my server via IMAP or POP for the emails, as the email are deleted from server once they are forwarded.
So I was thinking it would be better to simply disable the POP and IMAP function from the server. maybe this would help to stop bots and hackers from attempting to gain access to the server. I can see in VestaCP that I can simply disable DOVECOT. Is that the best way to do this? Your process seems below that I have to edit many files. Can I simply turn off DOVEcot and it will block all POP and IMAP? Also, does this stay disabled upon reboot of the server or would I have to disable each time server is rebooted?
Thanks for any help you can offer!
Re: Blocking Users from IMAP and/or POP
Probably the easiest way would be to disable the firewall rules for POP and IMAP. Your webmail should still function if you need to check the mailbox.americanninja wrote: ↑Sun Apr 11, 2021 11:17 pmSo I was thinking it would be better to simply disable the POP and IMAP function from the server. maybe this would help to stop bots and hackers from attempting to gain access to the server. I can see in VestaCP that I can simply disable DOVECOT. Is that the best way to do this? Your process seems below that I have to edit many files. Can I simply turn off DOVEcot and it will block all POP and IMAP?
I would certainly NOT recommend disabling dovecot
-
americanninja
- Posts: 11
- Joined: Mon Feb 01, 2021 7:38 am
- Os: Ubuntu 17x
- Web: apache + nginx
Re: Blocking Users from IMAP and/or POP
Thanks for the response!
Is it fairly simple to block POP and IMAP with firewall? If straight forward, would you mind providing the steps or provide a link to an article. I will google search this one, but I figure I will get a bunch of different articles for different Linux OS and I'm not sure if I need to do something special because of VESTACP. Or is that what you are describing above?
Thanks for any help you can provide!
Is it fairly simple to block POP and IMAP with firewall? If straight forward, would you mind providing the steps or provide a link to an article. I will google search this one, but I figure I will get a bunch of different articles for different Linux OS and I'm not sure if I need to do something special because of VESTACP. Or is that what you are describing above?
Thanks for any help you can provide!
Re: Blocking Users from IMAP and/or POP
I don't have a vesta installation to look at any more, but something like this?
https://www.youtube.com/watch?v=EP3wjsB07-0
Find the rules for POP3 and IMAP, and then SUSPEND them. Suspend as opposed to Delete, means you can bring them back again in the future if you need them.
This will block all external traffic to POP and IMAP.
https://www.youtube.com/watch?v=EP3wjsB07-0
Find the rules for POP3 and IMAP, and then SUSPEND them. Suspend as opposed to Delete, means you can bring them back again in the future if you need them.
This will block all external traffic to POP and IMAP.
Re: Blocking Users from IMAP and/or POP
We can't send or receive emails, Is there anyone who can help us, please?