On Sun, 17 May 2009 08:12:46 +0200, "Roland Liebl" roland@roland-liebl.de wrote:
Hi devs,
I'm going to update DNS-Blacklist plugin (MyRoundCube) to play with the
new
Plugin API.
It checks if an IP is blacklisted. This is very usefull for public
webmails
to keep off spammers. It helped me very much on http://mail4us.net to
keep
spammers off my public test environment for MyRoundCube.
How would you like to see it? Should it lock out a user already at the front page (login) or is it better just to block certain tasks like
sending
messages, setting a forwarder or an autoresponder and let the user access for other tasks like reading his messages even he is blacklisted?
Regards, Roland
Thinking from a purely security based point of view, I think the best solution is to deny all first and then customize to allow after.
From the exploiting from phishers I have seen, any vector of entry is a
cause for concern. Personal information being disclosed, post authentication exploits, etc.. are just some of the off the top of the head reasons I could see for doing a deny before login.