[Dovecot] Disable IMAP for ONE user only

Rick Romero rick at havokmon.com
Mon May 5 20:32:14 UTC 2014


  Quoting Professa Dementia <professa at dementianati.com>:

> On 5/5/2014 1:05 PM, SIW wrote:
>> Thats a good point.
>>
>> If I block IMAP/SMTP access to ONE user does that mean that particular
>> user can't use Roundcube anymore?
>
> That is correct.  If you block IMAP, then webmail will not work.
>  

Not necessarily. 

From:
http://wiki2.dovecot.org/AuthDatabase/VPopMail

"logically this means: show password for user=%n at domain=%d when imap on
the account is not disabled and connection is not comming from localhost
when webmail access on the account is not disabled and if imap for the
domain is not disabled and (connection is not comming from localhost when
webmail access for the domain is not disabled) when vlimits are not
overriden on the account "
#
password_query = select pw_passwd as password FROM vpopmail LEFT JOIN
limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and
pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & 4))
and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and
COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) );

So construct your SQL query in a way that your bit field in MySQL disables
all access for a single user except when the source IP is your webmail
server.

If you want multiple passwords, you can modify the password_query with iif
statements based on the source IP or protocol. 

Like:
select iif(%r == '127.0.0.1' & pw_name== 'yourname' &
pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from
vpopmail .....
Of course that's specific to the vpopmail table... modify as needed for
your own table structure...

Rick


More information about the dovecot mailing list