Quoting Professa Dementia <professa@dementianati.com>:
On 5/5/2014 1:05 PM, SIW wrote:
Thats a good point.
If I block IMAP/SMTP access to ONE user does that mean that particular user can't use Roundcube anymore?
That is correct. If you block IMAP, then webmail will not work.
Not necessarily.
From: http://wiki2.dovecot.org/AuthDatabase/VPopMail
"logically this means: show password for user=%n at domain=%d when imap on the account is not disabled and connection is not comming from localhost when webmail access on the account is not disabled and if imap for the domain is not disabled and (connection is not comming from localhost when webmail access for the domain is not disabled) when vlimits are not overriden on the account " # password_query = select pw_passwd as password FROM vpopmail LEFT JOIN limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & 4)) and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) );
So construct your SQL query in a way that your bit field in MySQL disables all access for a single user except when the source IP is your webmail server.
If you want multiple passwords, you can modify the password_query with iif statements based on the source IP or protocol.
Like: select iif(%r == '127.0.0.1' & pw_name== 'yourname' & pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from vpopmail ..... Of course that's specific to the vpopmail table... modify as needed for your own table structure...
Rick