On 3 Jul 2017, at 19.34, Alexey Asemov (Alex/AT) lists@alex-at.ru wrote:
I can confirm setting mail_max_userip_connections from database in userdb query *does not* work at all. User can still open multiple connection above the limit, seems like it has no effect. I thoroughly checked DB response and it contains proper field name/value.
I am using dovecot 2.2.31.
Also, I have mail_max_userip_connections set globally in the dovecot configuration file and wonder if this can interfere, but at least some other settings do not and so I doubt it's the cause.
Oh, right, I remembered that this setting wasn't handled until imap process started, but it's handled by login process. But what you could do if the user has a static IP:
remote 1.2.3.4 { mail_max_userip_connections = 1 }
or even a static IP address space:
remote 1.2.3.0/24 { mail_max_userip_connections = 1 }
So for now I have to go with writing a policy server for that it seems :)
I assume it does not work because user/IP limit is probably checked before parsing DB parameters. Maybe dovecot code can be adjusted somehow so it allows setting mail_max_userip_connections from userdb before it's processed?
Since it's login process, it would have to be returned by passdb lookup. But that's a lot of trouble for such a special use case.