If yore gonna check for IP, you should do it in pre-login so you can reject the username/password combo if the registred IP of account does not match.

But guess its better to write a custom login handler for that, that also checks user's ip against database, in addition to username/password, and tells client username/password is wrong if IP is unauth..

-------- Originalmeddelande --------

Från: Lefteris Tsintjelis <lefty@spes.gr>

Datum: 2021-11-12 18:48 (GMT+01:00)

Till: dovecot@dovecot.org

Ämne: IPv4/v6 based access checking and logging

Hi,

I am currently using postfix/dovecot with postfix admin and I track the
last login date already by using this:

https://doc.dovecot.org/configuration_manual/lastlogin_plugin/

Besides last login date, I would like to also implement IPv4 and IPv6
last login tracking also and if possible, IP based login checking. Is
post-login scripting the best most efficient way to go?

Regards,

Lefteris