This module is for developing and delivering extensions to James for the Crowdsec (IP filtering system)
The Crowdsec extension requires an extra configuration file crowdsec.properties
to configure Crowdsec connection Configuration parameters:
crowdsecUrl
: String. Required. URL defining the Crowdsec's bouncer. Eg: http://crowdsec:8080/v1apiKey
: String. Required. Api key for pass authentication when request to Crowdsec.timeout
: Duration. Optional. Default to 500ms
. Timeout questioning to CrowdSec. E.g. 500ms
, 1 second
,...Declare the extensions.properties
for this module.
guice.extension.module=org.apache.james.crowdsec.module.CrowdsecModule
smtpserver.xml
. Eg:<handlerchain> <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/> <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/> <handler class="org.apache.james.crowdsec.CrowdsecEhloHook"/> </handlerchain>
or
<handlerchain> <handler class="org.apache.james.smtpserver.fastfail.ValidRcptHandler"/> <handler class="org.apache.james.smtpserver.CoreCmdHandlerLoader"/> <handler class="org.apache.james.crowdsec.CrowdsecSMTPConnectHandler"/> </handlerchain>
The EHLO hook will block banned clients with 554 Email rejected
whereas the connect handler will terminate the connection even before the SMTP greeting.
CrowdsecImapConnectionCheck
in imapserver.xml
. Eg:<imapserver enabled="true"> ... <additionalConnectionChecks>org.apache.james.crowdsec.CrowdsecImapConnectionCheck</additionalConnectionChecks> </imapserver>
CrowdsecPOP3CheckHandler
in pop3server.xml
. Eg:<pop3server enabled="true"> <handlerchain> <handler class="org.apache.james.pop3server.core.CoreCmdHandlerLoader"/> <handler class="org.apache.james.crowdsec.CrowdsecPOP3CheckHandler"/> </handlerchain> </pop3server>
mvn clean install -DskipTests
then run it: docker-compose up
Crowdsec will expose port 8080 for queries to get the list of IP addresses blocked (get decisions)
curl -XGET http://localhost:8080/v1/decisions -H "X-Api-Key: default_api_key" -H 'accept: application/json' | jq .
Response codes:
Responses:
[ { "duration": "3h59m50.276482904s", "id": 4, "origin": "cscli", "scenario": "manual 'ban' from 'localhost'", "scope": "Ip", "type": "ban", "value": "1.2.3.4" } ]