On 17 Oct 2018, at 20.09, bes <bes.internal@gmail.com> wrote:
Refer to https://dovecot.org/pipermail/dovecot/2015-March/099971.html https://wiki.dovecot.org/PasswordDatabase I tried to repeat the same thing. Set these passdb:
passdb { args = /myscript.sh ip=%r driver = checkpassword result_failure = return-fail result_success = continue } passdb { args = /etc/dovecot/dovecot-sql.conf.ext ( my working auth method ) driver = sql }
Created executable /myscript.sh: #!/bin/sh exit 1
While I'm not sure why this does not work I'm was wondering if a deny-passdb would be more efficient to implement this blacklisting as executing a script on each login attempt is awfully slow.
Instead I would do something like this:
# check deny passwd for ip address first passdb { driver = passwd-file args = username_format=%r /etc/dovecot/ip-deny-list deny = yes auth_verbose = no result_success = return-fail }
and then just create /etc/dovecot/ip-deny-list with one ip address per line.
Sami