[Dovecot] Restrict user on IMAP or POP
Hey guys,
Is it possible to deny a user on POP or IMAP! For example, on the primary server we use POP3 and IMAP but how I can force a user to use POP3 and be unable to authenticate on IMAP ?
Thanks
Sebastien
On Thu, 2008-02-14 at 11:12 -0500, Sebastien Roy wrote:
Is it possible to deny a user on POP or IMAP! For example, on the primary server we use POP3 and IMAP but how I can force a user to use POP3 and be unable to authenticate on IMAP ?
On Thu, Feb 14, 2008 at 06:17:51PM +0200, Timo Sirainen wrote:
On Thu, 2008-02-14 at 11:12 -0500, Sebastien Roy wrote:
Is it possible to deny a user on POP or IMAP! For example, on the primary server we use POP3 and IMAP but how I can force a user to use POP3 and be unable to authenticate on IMAP ?
There are some clever tricks on that page to keep the LDAP/SQL database Dovecot-agnostic and putting the logic in the query. Do you know a similar trick for allow_nets; I have users stored in a PgSQL database and want to allow everyone from our local network (a combination of three CIDR blocks), and only some users from the Internet (0/0). Is it possible to do this using a simple boolean (y/n) "remote" column in my users table? i.e. remote=n should be mapped to allow_nets=x.y.z.0/24,a.b.c.0/24,d.e.0.0/16 and remote=y to allow_nets=0/0.
If the %a (local port) variable where available in the imap service, this could be done by binding imap to two ports and using "remote = true or '%a' = '143'", and redirect the public port on the NAT-router to the other (non-standard) port on the server.
Geert
On Fri, Feb 15, 2008 at 03:36:01PM +0100, Geert Hendrickx wrote:
There are some clever tricks on that page to keep the LDAP/SQL database Dovecot-agnostic and putting the logic in the query. Do you know a similar trick for allow_nets; I have users stored in a PgSQL database and want to allow everyone from our local network (a combination of three CIDR blocks), and only some users from the Internet (0/0). Is it possible to do this using a simple boolean (y/n) "remote" column in my users table? i.e. remote=n should be mapped to allow_nets=x.y.z.0/24,a.b.c.0/24,d.e.0.0/16 and remote=y to allow_nets=0/0.
If the %a (local port) variable where available in the imap service, this could be done by binding imap to two ports and using "remote = true or '%a' = '143'", and redirect the public port on the NAT-router to the other (non-standard) port on the server.
Looks like PostgreSQL supports conditional expressions in queries which make this very easy:
password_query = SELECT md5_pw AS password, CASE WHEN remote='t' THEN '0/0' ELSE 'ournetblocks' END AS allow_nets FROM imap_users WHERE email='%u'
Geert
participants (3)
-
Geert Hendrickx
-
Sebastien Roy
-
Timo Sirainen