On 02/08/2023 19:03 EEST Hippo Man <hippoman@gmail.com> wrote:_______________________________________________This method indeed seems to work ... thank you again!
In summary, I did this:
passdb {
driver = passwd-file
deny = yes
args = username_format=%{rip} /etc/dovecot/deny.ip
}... and the "deny.ip" file looks like this:1.2.3.4:::::::: nopassword
5.6.7.8:::::::: nopasswordOne further question: whenever I add additional lines to the "deny.ip"file, will I need to restart dovecot, or will dovecot always read thelatest version of that file whenever it is validating a new IMAPconnection?--
hippoman@gmail.com
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 12:44 PM Hippo Man <hippoman@gmail.com> wrote:Oh, OK. I'll investigate and test it.Thank you!--
hippoman@gmail.com
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 12:24 PM aki.tuomi via dovecot <dovecot@dovecot.org> wrote:_______________________________________________1.2.3.4::::::::: nopasswordI think. Didn't have a chance to test it.Aki-------- Original message --------From: Hippo Man <hippoman@gmail.com>Date: 8/1/23 19:03 (GMT+02:00)To: "aki.tuomi" <aki.tuomi@open-xchange.com>Subject: Re: Forcing imap authentication failure for certain IP addressesThank you very much!
In your example, what would be the contents of the/etc/dovecot/deny.ip file?--
hippoman@gmail.com
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 11:44 AM aki.tuomi via dovecot <dovecot@dovecot.org> wrote:_______________________________________________One way is to use https://doc.dovecot.org/configuration_manual/authentication/auth_policy/or you can usepassdb {driver = passwd-filedeny = yesargs = username_formar=%{rip} /etc/dovecot/deny.ip}or you can use https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/and write this in Lua.Aki-------- Original message --------From: Hippo Man <hippoman@gmail.com>Date: 8/1/23 18:14 (GMT+02:00)Subject: Forcing imap authentication failure for certain IP addressesI'm running dovecot 2.3.18 under Debian 11.
I want to do something that's a bit unusual: when IMAP connections are attemptedfrom a few specific IP addresses, I want to force an IMAP authentication failurefrom those connections, no matter what user ID and password are specified.I know that I can use iptables to completely block imap access from those IPaddresses to the IMAP ports. However, in these specific cases, I'd prefer thatthe connection goes through to dovecot, but for dovecot then to always generateauthentication failures for those specific connections ... even if a validuser ID and password happen to be specified.
Is there a way to do this in dovecot?
Thank you very much in advance.--
hippoman@gmail.com
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org