Dovecot Anti Abuse Shield (soon to be released)

Dovecot Anti-Abuse Shield is included along with Dovecot Pro and OX App Suite as a component to protect against login/authentication abuse.

Anti-Abuse Shield runs on a cluster of servers, and integrates with both OX App Suite and Dovecot to detect abuse, brute force attacks and also to enforce common authentication/authorization policies across the platform.

Key Features

Features of Dovecot Anti-Abuse Shield include:

• Replicated/clustered architecture – Login reports are shared between all the servers in a cluster so there is a single view of abuse
• Scriptable Policy Language – Using the Lua language, the functionality of the daemon can be extended to record and protect against a large variety of abusive behavior, as well as implement specific customer policies.
• DNS Lookup Feature – For looking up IPs or domains in blacklists
• GepIP Lookup Feature – GeoIP lookups can be made, and incorporated into policy decisions.
• Ratelimiting and Tarpitting – Extremely flexible, these can be enabled and enforced based on IP address, login name, geoip location, time windows, etc.
• Flexible In-Memory Statistics Database – A versatile and extensible in-memory database is used to store statistics information about abuse over time periods from a few minutes to many hours.
• Integration with Customer Authentication/Authorization Systems – Customers can use the open HTTP REST API to benefit from the protection of the anti-abuse daemon in their own authentication/authorization systems.
• Admin Console – To retrieve statistics and query server state

Pricing and availability

Please contact Open-Xchange Sales for further information and pricing details.

In General

The goal of Dovecot Anti-Abuse Shield is to detect brute forcing of passwords across many servers, services and instances, as well as enforce policy for authentication and authorization. In order to support the real world, brute force detection policy can be tailored to deal with "bulk, but legitimate" users of your service, as well as botnet-wide slowscans of passwords.

Here is how it works:

• Report successful logins via JSON http-api
• Report unsuccessful logins via JSON http-api
• Query if a login should be allowed to proceed, should be delayed, or ignored via JSON http-api

Various other API functions are available, please see https://documentation.open-xchange.com/7.8.2/middleware/components/weakforced.html for full API documentation.

OX App Suite and Dovecot's POP/IMAP server are pre-integrated with Dovecot Anti-Abuse Shield. For more information on how to configure them to work with Anti-Abuse Shield, see \<ref for AppSuite doc\> and http://wiki2.dovecot.org/Authentication/Policy.

However it is also aimed to receive message from other services like:

• Other IMAP/POP servers
• Other Webmail logins
• FTP logins
• Authenticated SMTP
• Self-service logins
• Password recovery services

By gathering failed and successful login attempts from as many services as possible, brute forcing attacks can be detected and prevented more effectively.

The service runs as a daemon (called wforce), and can be clustered in a way that report information is shared between all members of the cluster.

Download and Installation

Redhat Enterprise Linux 7 or CentOS 7

If not already done, add the following repositories to your Open-Xchange yum configuration:

 [open-xchange-backend]
name=Open-Xchange-backend
baseurl=https://software.open-xchange.com/products/dovecot_anti_abuse/stable/backend/RHEL7/
gpgkey=https://software.open-xchange.com/oxbuildkey.pub
enabled=1
gpgcheck=1
metadata_expire=0m

and run

$ yum update
$ yum install weakforce.d

Debian GNU/Linux 8.0

If not already done, add the following repositories to your Open-Xchange apt configuration:

deb https://software.open-xchange.com/products/dovecot_anti_abuse/stable/backend/DebianJessie /

$ apt-get update
$ apt-get install weakforce.d