Hello,
I am writing for advice on how to deal with a problem.
I have a Dovecot Proxy/Director -> Backend installation, all with version 2.3
Encryption on POP3 / IMAP connections is currently optional. I would like to set it as mandatory but despite the numerous reminders many users have not taken steps to adapt. Setting it as mandatory would mean having too many calls to support.
I would therefore like to block the connection to only some of them and slowly reach my target. I can't find how and where to fit in to be able to do such a thing. At first I thought about postlogin, but the user ended up on a proxy and I can't use it. I tried to use the forwarding function on the proxy and postlogin on the backend, but I didn't succeed in the first part.
In pseudo code, I would like to do this:
if connection is not secured { if user is in my list { block the connection; } }
Thanks in advance for any suggestions, Andrea
--
People says "more memory increases the computerspeed" and they are right: More memory Windows detects, the sooner it crashes.
TIM San Marino S.p.A. Andrea Gabellini Engineering R&D TIM San Marino S.p.A. - https://www.telecomitalia.sm Via Ventotto Luglio, 212 - Piano -2 47893 - Borgo Maggiore - Republic of San Marino Tel: (+378) 0549 886237 Fax: (+378) 0549 886188
-- Informativa Privacy
Questa email ha per destinatari dei contatti presenti negli archivi di TIM San Marino S.p.A.. Tutte le informazioni vengono trattate e tutelate nel rispetto della normativa vigente sulla protezione dei dati personali (Reg. EU 2016/679). Per richiedere informazioni e/o variazioni e/o la cancellazione dei vostri dati presenti nei nostri archivi potete inviare una email a privacy@telecomitalia.sm.
Avviso di Riservatezza
Il contenuto di questa e-mail e degli eventuali allegati e' strettamente confidenziale e destinato alla/e persona/e a cui e' indirizzato. Se avete ricevuto per errore questa e-mail, vi preghiamo di segnalarcelo immediatamente e di cancellarla dal vostro computer. E' fatto divieto di copiare e divulgare il contenuto di questa e-mail. Ogni utilizzo abusivo delle informazioni qui contenute da parte di persone terze o comunque non indicate nella presente e-mail potra' essere perseguito ai sensi di legge.
Hello,
from the proxy I can do the forward:
passdb { driver = static args = proxy=y nopassword=y starttls=yes forward_test=%{secured} }
On the backend, activating debugging:
dovecot: auth: Debug: client passdb out: OK#0111#011user=xxxxx#011forward_test=TLS
How do I pass this forward_test variable to postlogin?
Il 04/08/21 14:53, Andrea Gabellini ha scritto:
Hello,
I am writing for advice on how to deal with a problem.
I have a Dovecot Proxy/Director -> Backend installation, all with version 2.3
Encryption on POP3 / IMAP connections is currently optional. I would like to set it as mandatory but despite the numerous reminders many users have not taken steps to adapt. Setting it as mandatory would mean having too many calls to support.
I would therefore like to block the connection to only some of them and slowly reach my target. I can't find how and where to fit in to be able to do such a thing. At first I thought about postlogin, but the user ended up on a proxy and I can't use it. I tried to use the forwarding function on the proxy and postlogin on the backend, but I didn't succeed in the first part.
In pseudo code, I would like to do this:
if connection is not secured { if user is in my list { block the connection; } }
Thanks in advance for any suggestions, Andrea
--
I've never had much luck buying computers. I bought an Apple and it had an worm in it!
TIM San Marino S.p.A. Andrea Gabellini Engineering R&D TIM San Marino S.p.A. - https://www.telecomitalia.sm Via Ventotto Luglio, 212 - Piano -2 47893 - Borgo Maggiore - Republic of San Marino Tel: (+378) 0549 886237 Fax: (+378) 0549 886188
-- Informativa Privacy
Questa email ha per destinatari dei contatti presenti negli archivi di TIM San Marino S.p.A.. Tutte le informazioni vengono trattate e tutelate nel rispetto della normativa vigente sulla protezione dei dati personali (Reg. EU 2016/679). Per richiedere informazioni e/o variazioni e/o la cancellazione dei vostri dati presenti nei nostri archivi potete inviare una email a privacy@telecomitalia.sm.
Avviso di Riservatezza
Il contenuto di questa e-mail e degli eventuali allegati e' strettamente confidenziale e destinato alla/e persona/e a cui e' indirizzato. Se avete ricevuto per errore questa e-mail, vi preghiamo di segnalarcelo immediatamente e di cancellarla dal vostro computer. E' fatto divieto di copiare e divulgare il contenuto di questa e-mail. Ogni utilizzo abusivo delle informazioni qui contenute da parte di persone terze o comunque non indicate nella presente e-mail potra' essere perseguito ai sensi di legge.
On 04/08/2021 16:51 Andrea Gabellini andrea.gabellini@telecomitalia.sm wrote:
Hello,
from the proxy I can do the forward:
passdb { driver = static args = proxy=y nopassword=y starttls=yes forward_test=%{secured} }
On the backend, activating debugging:
dovecot: auth: Debug: client passdb out: OK#0111#011user=xxxxx#011forward_test=TLS
How do I pass this forward_test variable to postlogin?
Il 04/08/21 14:53, Andrea Gabellini ha scritto:
Hello,
I am writing for advice on how to deal with a problem.
I have a Dovecot Proxy/Director -> Backend installation, all with version 2.3
Encryption on POP3 / IMAP connections is currently optional. I would like to set it as mandatory but despite the numerous reminders many users have not taken steps to adapt. Setting it as mandatory would mean having too many calls to support.
I would therefore like to block the connection to only some of them and slowly reach my target. I can't find how and where to fit in to be able to do such a thing. At first I thought about postlogin, but the user ended up on a proxy and I can't use it. I tried to use the forwarding function on the proxy and postlogin on the backend, but I didn't succeed in the first part.
In pseudo code, I would like to do this:
if connection is not secured { if user is in my list { block the connection; } }
Thanks in advance for any suggestions, Andrea
--
I've never had much luck buying computers. I bought an Apple and it had an worm in it!
TIM San Marino S.p.A. Andrea Gabellini
In the next hop, adapt this to your passdb block:
passdb { driver = static args = userdb_test=%{forward_test} }
Aki
participants (2)
-
Aki Tuomi
-
Andrea Gabellini