[Dovecot] Disabling users whilst still allowing logins with a 'master password'

Dominic Hargreaves dominic.hargreaves at oucs.ox.ac.uk
Tue May 5 17:24:30 EEST 2009


On Fri, May 01, 2009 at 04:38:46PM -0400, Timo Sirainen wrote:
> But, anyway, how about using mail_executable script that checks if the
> logging in user is a master or user not, and if not check if the user is
> in some deny database. http://wiki.dovecot.org/PostLoginScripting

One question about thie mechanism that isn't made explicit, although
certainly implied by the examples: are $USER and $IP guaranteed to exist
and be sanitised?

Thanks,
Dominic.

-- 
Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford


More information about the dovecot mailing list