On 04/08/2021 16:51 Andrea Gabellini andrea.gabellini@telecomitalia.sm wrote:
Hello,
from the proxy I can do the forward:
passdb { driver = static args = proxy=y nopassword=y starttls=yes forward_test=%{secured} }
On the backend, activating debugging:
dovecot: auth: Debug: client passdb out: OK#0111#011user=xxxxx#011forward_test=TLS
How do I pass this forward_test variable to postlogin?
Il 04/08/21 14:53, Andrea Gabellini ha scritto:
Hello,
I am writing for advice on how to deal with a problem.
I have a Dovecot Proxy/Director -> Backend installation, all with version 2.3
Encryption on POP3 / IMAP connections is currently optional. I would like to set it as mandatory but despite the numerous reminders many users have not taken steps to adapt. Setting it as mandatory would mean having too many calls to support.
I would therefore like to block the connection to only some of them and slowly reach my target. I can't find how and where to fit in to be able to do such a thing. At first I thought about postlogin, but the user ended up on a proxy and I can't use it. I tried to use the forwarding function on the proxy and postlogin on the backend, but I didn't succeed in the first part.
In pseudo code, I would like to do this:
if connection is not secured { if user is in my list { block the connection; } }
Thanks in advance for any suggestions, Andrea
--
I've never had much luck buying computers. I bought an Apple and it had an worm in it!
TIM San Marino S.p.A. Andrea Gabellini
In the next hop, adapt this to your passdb block:
passdb { driver = static args = userdb_test=%{forward_test} }
Aki