27 Sep
2018
27 Sep
'18
7:45 a.m.
Hello,
currently there is very handy post-login scripting already implemented but it naturally executes only when successful login happens. I would like to have another two script callbacks which runs:
- immediately after client connects to server - dovecot should run script with connection IP and wait for result and then reject/accept connection with return message accordingly.
- after failed login - dovecot should exec script with connection IP, login params without waiting for result
The main reason behind this idea is to use some logic, database (redis...) or indicators like GeoIP, p0f as bruteforce prevention. It might be also usable for IP based ACLs.
AFAIK the only way to create something similar is to proxy whole authentication to some external process, which is not desirable when dovecot manages user database.
SH