On 17 Oct 2018, at 20.09, bes <bes.internal@gmail.com> wrote:

Refer to
https://dovecot.org/pipermail/dovecot/2015-March/099971.html
https://wiki.dovecot.org/PasswordDatabase
I tried to repeat the same thing.
Set these passdb:

passdb {
args = /myscript.sh ip=%r
driver = checkpassword
result_failure = return-fail
result_success = continue
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext ( my working auth method )
driver = sql
}

Created executable /myscript.sh:
#!/bin/sh
exit 1

While I'm not sure why this does not work I'm was wondering if a deny-passdb would be more

efficient to implement this blacklisting as executing a script on each login attempt is awfully slow.

Instead I would do something like this:

# check deny passwd for ip address first

passdb {

driver = passwd-file

args = username_format=%r /etc/dovecot/ip-deny-list

deny = yes

auth_verbose = no

result_success = return-fail

}

and then just create /etc/dovecot/ip-deny-list with one ip address per line.

Sami