Hi
I've used Dovecot for a long time but I never stop learning about the depth of features I've never used.... I just discovered the login_access_sockets setting when reading this page:
https://doc.dovecot.org/admin_manual/login_processes/
The compilation usingĀ --with-libwrap configure setting was not immediate, since on Fedora which I am using there is no tcp_wrappers-devel package so tcpd.h wasn't installed in /usr/include and the library name libwrap.so that was expected by Dovecot needed a symlink to the library installed by tcp_wrappers package.
So differently to what I previously understood, Dovecot does have a way of controlling access at connect time via tcp_wrappers hosts.allow and hosts.deny files. But now I also realize that this discovery will be short lived, since I understand this is going away in 3.0 and also 2.4 though I can't find a page on that:
https://doc.dovecotpro.com/3.0/installation/upgrading/2.3.x-3.x.html
I can understand the logic about slimming down the code to leave out less used features, but this part of the code looks well written and hasn't required much maintenance over the years. I know there's zero chance of reversing the removal of login_access_sockets, but I just wondered whether there could be the chance to introduce a LUA hook at connect time rather than waiting for authentication to be done. Also I have no idea what the overhead of LUA script is, does it spawn additional processes per connection?
Thanks
John