[Dovecot] Disable IMAP for ONE user only

SIW bov at bsdpanic.com
Mon May 5 20:24:02 UTC 2014 

I'm glad you asked. Heres the challenge:

When I travel overseas I sometimes need to use a computer at an internet 
cafe to access my email via a browser. I use Googles Authenticator to 
generate a OTP that I use with Roundcube so I have two factor 
authentication. All seems secure right? Wrong. If someone records my 
login credentials on the untrusted internet computer then they can use 
those login credentials to access my email via IMAP (ie: Thunderbird). 
(its happened before)

Yes, I know I should use my own trusted device but in some cases that 
just is NOT an option.

Therefore, how can I access my email via a browser that is safe from 
keyloggers at internet cafes? I'm open to all ideas at this point!

What I was originally thinking was having a second copy of my mailbox 
that was updated every hour (from my live mailbox) and that I had a 
separate login to it that ONLY had rights to read/send via Roundcube 
(ie: No access with IMAP clients such as Thunderbird, K9 etc).

I was thinking of using Application Specific Passwords but this doesn't 
solve the issue either as once sometime records my login credentials 
that can use it to access IMAP.

Roundcube is secure in all of this...its IMAP that I am battling with 
securing...



On 05/05/2014 21:13, Professa Dementia wrote:
> On 5/5/2014 1:05 PM, SIW wrote:
>> Thats a good point.
>>
>> If I block IMAP/SMTP access to ONE user does that mean that particular
>> user can't use Roundcube anymore?
> That is correct.  If you block IMAP, then webmail will not work.
>
> Webmail clients are just IMAP proxies.  If the roundcube you want the
> user to utilize is running on a specific server, then you can allow IMAP
> only from the IP address of that server.
>
> However, usually when I hear an admin wanting to restrict only one user
> to some limited access option, it is usually a policy issue and not a
> technical one.  Trying to employ a technical solution is usually the
> wrong way of doing it.
>
> Why are you trying to limit just this one user?
>
> Dem

More information about the dovecot mailing list