Re: [Dovecot] about postlogin in dovecot2
bmalik@ihlas.net.tr writes:
where do i have to locate the passwd-file in dovecot2
For what purpose? Master user? Password/user lookup?
passdb {
driver = passwd-file
master = yes
args = /anywhere/you/want/master-users
pass = yes
}
passdb {
driver = passwd-file
args = /anywhere/you/want/passwd
}
userdb {
driver = passwd-file
args = /anywhere/you/want/passwd
}Joseph Tam jtam.home@gmail.com
My purpose is to restrict a particular email address 's reach for dovecot services such as pop3/imap.
how can i restrict a particular email address by tcp port ? I want a particular mail address to be forced to use pop3s/imaps. I use vpopmail / dovecot2. How can i do a script for that ?
cat auth-vpopmail.conf.ext
passdb {
driver = vpopmail
args = webmail=127.0.0.1
}
userdb {
driver = vpopmail
args = quota_template=quota_rule=*:backend=%q
}
-- View this message in context: http://dovecot.2317879.n4.nabble.com/about-postlogin-in-dovecot2-tp5993p3706... Sent from the Dovecot mailing list archive at Nabble.com.
On 14.8.2012, at 9.11, bmalik wrote:
how can i restrict a particular email address by tcp port ? I want a particular mail address to be forced to use pop3s/imaps. I use vpopmail / dovecot2. How can i do a script for that ?
userdb {
driver = vpopmail
args = quota_template=quota_rule=*:backend=%q
args = secured=%c quota...
In post-login script see if $SECURED = secured.
But I 'll do that for only some email addresses. How can i do that ?
-- View this message in context: http://dovecot.2317879.n4.nabble.com/about-postlogin-in-dovecot2-tp5993p3706... Sent from the Dovecot mailing list archive at Nabble.com.
bmalik wrote:
But I 'll do that for only some email addresses.
I assume that by "email addresses" you mean "user names".
How can i do that ?
The $SECURED variable contains "secured" if a user tries to log in via SSL/TLS, so if an insecure connection is found, the script should check whether the user is in the list if users which are forced to use encryption:
############################################################################## if [ "$SECURED" == "secure" ] then :# handle secure connections here else :# handle insecure connections here if grep -q "$USER" in /etc/users-with-forced-encryption then printf "* NO [ALERT] You are not allowed to connect without encryption\r\n" exit 0 fi fi ##############################################################################
Regards Daniel
Thanks a lot. the script you gave works .
-- View this message in context: http://dovecot.2317879.n4.nabble.com/about-postlogin-in-dovecot2-tp5993p3708... Sent from the Dovecot mailing list archive at Nabble.com.
i am sorry
when i login to the server using pop3s, i see in the dovecot log;
@4000000050457dd9179c653c pop3-login: Info: Login: user=test@byserver.net, method=DIGEST-MD5, rip=192.168.12.220, lip=192.168.12.115, mpid=87395, TLS, session=<w8H1WtjISwDV7pbc>
if i add my mail address into the users-with-forced-encryption file, i would not reach my account.
i get an error; @4000000050457dd9183f542c pop3(test@byserver.net): Info: Post-login script denied access to user test@byserver.net whereas i connect to the account via pop3s if i remove my mail address from the users-with-forced-encryption there is no problem.
my postlogin_pop3.sh; #!/usr/local/bin/bash if [ "$SECURED" == "secure" ] then :# handle secure connections here else :# handle insecure connections here if grep -q "$USER" in /usr/local/etc/dovecot/users-with-forced-encryption then printf "* NO [ALERT] You are not allowed to connect without encryption\r\n" exit 0 fi fi exec "$@" ########### there is also no problem related to SSL certificate what can be the issue ?
-- View this message in context: http://dovecot.2317879.n4.nabble.com/about-postlogin-in-dovecot2-tp5993p3738... Sent from the Dovecot mailing list archive at Nabble.com.
bmalik wrote:
when i login to the server using pop3s, i see in the dovecot log;
@4000000050457dd9179c653c pop3-login: Info: Login: user=test@byserver.net, method=DIGEST-MD5, rip=192.168.12.220, lip=192.168.12.115, mpid=87395, TLS, session=<w8H1WtjISwDV7pbc>
if i add my mail address into the users-with-forced-encryption file, i would not reach my account.
i get an error; @4000000050457dd9183f542c pop3(test@byserver.net): Info: Post-login script denied access to user test@byserver.net whereas i connect to the account via pop3s if i remove my mail address from the users-with-forced-encryption there is no problem.
my postlogin_pop3.sh; #!/usr/local/bin/bash if [ "$SECURED" == "secure" ] then :# handle secure connections here else :# handle insecure connections here if grep -q "$USER" in /usr/local/etc/dovecot/users-with-forced-encryption then printf "* NO [ALERT] You are not allowed to connect without encryption\r\n" exit 0 fi fi exec "$@" ########### there is also no problem related to SSL certificate what can be the issue ?
Can you log the value of "$SECURED" to a logfile (using "logger" tool), and log a message in each of the conditional branches of your script, so we can see which branch gets called?
Which error message do you get when you manually try to log into POP3S?
openssl s_client -connect ip:port USER username PASS password QUIT
Regards Daniel
participants (4)
-
bmalik
-
Daniel Parthey
-
Joseph Tam
-
Timo Sirainen