Sysadmin schrieb:

...

Actually I do not know wheter Dovecot can do it by itself. On my server I use a customized PAM-Module to authenticate and authorize my users. The module also performs a check on the host where the users comes from and checks wheter there is a rule to allow/deny access from this host.

It's sounds wonderful. Can You kindly share this customized pam module for me?

I would do if it could be helpful in any way for you, but I belive it won't fit your needs. It's an SQL-based PAM-Module with an DB2-Backend that is also highly customized to fit my customer-database.

If you have any experiences with writing PAM-Modules I'll give you the assistance you need.

All I do is to retrive the hostname and compare it with the database. A short example:

const char *Host = NULL; const char *User = NULL; char *SQL = NULL;

if ((pam_get_user(pamh, &User, NULL) != PAM_SUCCESS) || (User == NULL) return PAM_USER_UNKNOWN;

/* Retrive Password and authenticate user here */

if (pam_get_item(pamh, PAM_RHOST, (const void **)&Host) != PAM_SUCCESS) retrun PAM_AUTH_ERR;

/* Generate the query, 0.0.0.0 means the default rule for this user. Netmasks aren't supported. */ snprintf(SQL, strlen(User) + strlen(Host) + 106, "SELECT Rule FROM access_table WHERE User='%s' AND (Host='%s' OR Host='0.0.0.0') ORDER BY Host DESC LIMIT 0,1;", User, Host);

/* Execute query and process result here */

I would like to help more, but I can not - I hope you apologize this.

Bernd