Details
-
Sub-task
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Thanks to recommandation from a collegue Xavier GUIMARD, I discovered CrowdSec ( https://www.crowdsec.net/ ).
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network, based on IA behaviour refinement.
Develop a third-party plugin for questionning crowdSec:
- Create a SMTP EHLO hook questionning via a REST call the CrowdSec local agent
- Create a mailet questionning via a REST call the CrowdSec local agent
- Create a mailet to provision local CrowdSec database (for highest level of spam for instance)
- Think about the interfaces we would need to question CrowdSec upon incoming IMAP connections
- Externalize behaviour linked to failed login attempts (sleep, 3 failure connection closure) as configurable extensible plugins.
- Use it to manage IP reporting to crowdSec, especially upon failed authentications (~fail2ban).
