[Dovecot] Restrictions on User Basis
Josh Kelley
josh at jbc.edu
Fri Jun 24 20:42:24 EEST 2005
Net Cerebrum wrote:
>(a) I want to permit only selective users to access either POP3 or
>IMAP server or both.
>
>
This is easy, assuming you're using PAM for user authentication. Edit
/etc/dovecot.conf and set
auth_passdb = pam *
Then Dovecot will use different PAM configurations for POP3 and IMAP.
You can set up the initial PAM services as copies of the Dovecot service:
cd /etc/pam.d
cp dovecot pop3
cp dovecot imap
Then you can edit /etc/pam.d/pop3 and /etc/pam.d/imap to define whatever
criteria you want for who can use POP3 and who can use IMAP. We use a
simple text file, /etc/imapusers, and have Dovecot deny POP3 access to
anyone who's listed in imapusers. To do that, we insert the following
line at the beginning of /etc/pam.d/pop3:
auth required /lib/security/$ISA/pam_listfile.so item=user
file=/etc/imapusers sense=deny
See /usr/share/doc/pam* for other ways to use PAM to permit or deny users.
>(b) The server can be accessed from LAN as well as WAN. However I want
>to allow only selective users to be able to access POP3 or IMAP server
>from the WAN side (or on the basis of IP addresses).
>
>
A POP3/IMAP proxy might be able to do this. You'd have to set it up on
a separate machine (or on separate ports), force WAN users to go through
it, and configure the proxy to only let certain users log in. I don't
know if there are any POP3/IMAP proxies that permit selective logins
like this, so I don't know if this will work.
Josh Kelley
More information about the dovecot
mailing list