[Dovecot] POP3 protection
I have some users that I will not allow to use POP3 thru my system, but force them to use webmail. Would it be possible to put an extra option in dovecot.conf to force this:
# ----------------------------------------------------------------- # Logon processes # user = <username>,<password> # -----------------------------------------------------------------
user = johndoe,another_secret_password user = mike,trouble_in_paradise
If unix user johndoe logs on, he cannot fetch mail thru POP3 for he has a differect password from his logon password.
thanx for listening, Jos
Hi,
I'm sure Dovecot can do some of what you are asking.
One option you could look at is to define the user as a IMAP only user, and if you are able to, block IMAP access from anywhere other than your webmail server.
Hope this helps.
Richard
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Jos Chrispijn Sent: 01 December 2006 03:14 AM To: dovecot@dovecot.org Subject: [Dovecot] POP3 protection
I have some users that I will not allow to use POP3 thru my system, but force them to use webmail. Would it be possible to put an extra option in dovecot.conf to force this:
# ----------------------------------------------------------------- # Logon processes # user = <username>,<password> # -----------------------------------------------------------------
user = johndoe,another_secret_password user = mike,trouble_in_paradise
If unix user johndoe logs on, he cannot fetch mail thru POP3 for he has a differect password from his logon password.
thanx for listening, Jos
* On 01/12/06 02:13 +0100, Jos Chrispijn wrote:
| I have some users that I will not allow to use POP3 thru my system, but
| force them to use webmail.
| Would it be possible to put an extra option in dovecot.conf to force this:
|
| # -----------------------------------------------------------------
| # Logon processes
| # user = <username>,<password>
| # -----------------------------------------------------------------
|
| user = johndoe,another_secret_password
| user = mike,trouble_in_paradise
|
| If unix user johndoe logs on, he cannot fetch mail thru POP3 for he has
| a differect password from his logon password.
Use a database and create an imap_enable field that is 1 if enabled and
0 if disabled and use this condition in the query.
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington
I'm seeing a new behaviour with my Dovecot setup which has me puzzled.
I have a folder with 47000 spam messages, mostly small. There are 64 unread messages. This folder is not receiving new deliveries, it's part of my archive of spam.
If I do "mark folder read", the command appears to work, but a few minutes later there are still 64 unread messages. This behaviour has been consistent over many attempts in the past week.
The same thing happens with both Thunderbird and Outlook Express, so it seems to be an issue at the IMAP server end rather than the mail client. Only this one folder is affected.
Could it be a Dovecot issue, or is there something wrong with my Maildir folders? I've looked at the permissions both on the folders and on the message files, and everything looks OK. I've also tried deleting the Dovecot indexes etc, but this had no effect.
Dovecot 1.0rc15 on Linux (old Gentoo setup with a 2.4.33.4 kernel) Maildir ext3 filesystem with dir_indexes Single user system, 500 Mhz Via CPU, 256MB RAM Mail reader: Thunderbird 1.5.0.8, timeout set to 300 seconds Outlook Express 6.00.2900.2180
-- John Allen Bofferdange, Luxembourg allen@vo.lu http://www.homepages.lu/allen
On Sun, 2006-12-03 at 10:07 +0100, John and Catherine Allen wrote:
I'm seeing a new behaviour with my Dovecot setup which has me puzzled.
I have a folder with 47000 spam messages, mostly small. There are 64 unread messages. This folder is not receiving new deliveries, it's part of my archive of spam.
If I do "mark folder read", the command appears to work, but a few minutes later there are still 64 unread messages. This behaviour has been consistent over many attempts in the past week.
You could check if the change ever even happened:
ls ~/Maildir/.spam/cur/|grep -v '.*:2,.*S'
(ie. if filename contains S it's seen)
If it shows that the files have never changed, you could check with strace what happens:
strace -p <imap process pid> 2>log grep rename log
My only guess is that the imap process doesn't have permissions to rename the files.
BTW. Please don't create new threads by replying to existing messages. It screws up threading since your message then contains In-Reply-To header.
Timo Sirainen wrote:
On Sun, 2006-12-03 at 10:07 +0100, John and Catherine Allen wrote:
I'm seeing a new behaviour with my Dovecot setup which has me puzzled.
I have a folder with 47000 spam messages, mostly small. There are 64 unread messages. This folder is not receiving new deliveries, it's part of my archive of spam.
If I do "mark folder read", the command appears to work, but a few minutes later there are still 64 unread messages. This behaviour has been consistent over many attempts in the past week.
You could check if the change ever even happened:
ls ~/Maildir/.spam/cur/|grep -v '.*:2,.*S'
(ie. if filename contains S it's seen)
Timo
The unread messages are not changed, they do not have the S flag in the filename.
If it shows that the files have never changed, you could check with strace what happens:
strace -p <imap process pid> 2>log grep rename log
There is no sign of a rename in the strace log.
The only interesting lines in the log look like this: stat64("/home/allen/Maildir/.Spam-2006-2/cur", {st_mode=S_IFDIR|0700, st_size=24 78080, ...}) = 0 stat64("/home/allen/Maildir/.Spam-2006-2/new", {st_mode=S_IFDIR|0700, st_size=81 92, ...}) = 0
My only guess is that the imap process doesn't have permissions to rename the files.
This seems plausible. I'll have another look at the permissions.
There is also something odd in the Dovecot syslog messages: Dec 3 10:08:19 [dovecot] IMAP(allen): Corrupted index cache file /home/allen/Maildir/.Spam-2006- 2/dovecot.index.cache: field header names corrupted
I also see that in fact there is no file "dovecot.index.cache" for this folder.
BTW. Please don't create new threads by replying to existing messages. It screws up threading since your message then contains In-Reply-To header. Sorry about this. I had forgotten...
John
-- John Allen Bofferdange, Luxembourg allen@vo.lu http://www.homepages.lu/allen
On Sun, 2006-12-03 at 16:17 +0100, John and Catherine Allen wrote:
The unread messages are not changed, they do not have the S flag in the filename.
If it shows that the files have never changed, you could check with strace what happens:
strace -p <imap process pid> 2>log grep rename log
There is no sign of a rename in the strace log.
In that case I'm guessing that the client doesn't even try to set the seen flags.
Could you give strace -s 1000 parameter and send the whole strace to me?
There is also something odd in the Dovecot syslog messages: Dec 3 10:08:19 [dovecot] IMAP(allen): Corrupted index cache file /home/allen/Maildir/.Spam-2006- 2/dovecot.index.cache: field header names corrupted
Well, this isn't exactly a good thing but it isn't really harmful either, since the error won't show up to clients in any way. Do you happen to use NFS?
I also see that in fact there is no file "dovecot.index.cache" for this folder.
It's deleted after that error.
On Fri, 2006-12-01 at 02:13 +0100, Jos Chrispijn wrote:
I have some users that I will not allow to use POP3 thru my system, but force them to use webmail. Would it be possible to put an extra option in dovecot.conf to force this:
# ----------------------------------------------------------------- # Logon processes # user = <username>,<password> # -----------------------------------------------------------------
user = johndoe,another_secret_password user = mike,trouble_in_paradise
If unix user johndoe logs on, he cannot fetch mail thru POP3 for he has a differect password from his logon password.
How about the passwd-file solution in here:
participants (5)
-
John and Catherine Allen
-
Jos Chrispijn
-
Odhiambo WASHINGTON
-
Richard Mayhew - Nashua Mobile Broadband Division
-
Timo Sirainen