I need to be able to setup a nologin system for users on my mail server on a per user basis.  We are going to do some maintenance on each user (individually) and would like it if they could not login to dovecot while we do this.   I was curious if dovecot implemented anything like this.  We are currently using standard pam authentication (nothing db related) and I was hoping to be able to touch a "nologin" file on a per user basis in their home directory.   I think I could do this with some pam magic, but was curious if dovecot had something in it that would allow for this. 

Note: I understand I will have to forcibly kill active connections.

--Robert