[Dovecot] Restrictions on User Basis

Josh Kelley josh at jbc.edu
Fri Jun 24 20:42:24 EEST 2005


Net Cerebrum wrote:

>(a) I want to permit only selective users to access either POP3 or
>IMAP server or both.
>  
>
This is easy, assuming you're using PAM for user authentication.  Edit 
/etc/dovecot.conf and set
auth_passdb = pam *

Then Dovecot will use different PAM configurations for POP3 and IMAP.  
You can set up the initial PAM services as copies of the Dovecot service:
cd /etc/pam.d
cp dovecot pop3
cp dovecot imap

Then you can edit /etc/pam.d/pop3 and /etc/pam.d/imap to define whatever 
criteria you want for who can use POP3 and who can use IMAP.  We use a 
simple text file, /etc/imapusers, and have Dovecot deny POP3 access to 
anyone who's listed in imapusers.  To do that, we insert the following 
line at the beginning of /etc/pam.d/pop3:
auth        required      /lib/security/$ISA/pam_listfile.so item=user 
file=/etc/imapusers sense=deny

See /usr/share/doc/pam* for other ways to use PAM to permit or deny users.

>(b) The server can be accessed from LAN as well as WAN. However I want
>to allow only selective users to be able to access POP3 or IMAP server
>from the WAN side (or on the basis of IP addresses).
>  
>
A POP3/IMAP proxy might be able to do this.  You'd have to set it up on 
a separate machine (or on separate ports), force WAN users to go through 
it, and configure the proxy to only let certain users log in.  I don't 
know if there are any POP3/IMAP proxies that permit selective logins 
like this, so I don't know if this will work.

Josh Kelley


More information about the dovecot mailing list