Any way to limit number of active IMAP/POP3 sessions from a single user / per user?

Timo Sirainen tss at iki.fi
Mon Jul 3 20:24:18 EEST 2017


On 3 Jul 2017, at 19.34, Alexey Asemov (Alex/AT) <lists at alex-at.ru> wrote:
> 
> I can confirm setting mail_max_userip_connections from database in userdb query *does not* work at all. User can still open multiple connection above the limit, seems like it has no effect. I thoroughly checked DB response and it contains proper field name/value.
> 
> I am using dovecot 2.2.31.
> 
> Also, I have mail_max_userip_connections set globally in the dovecot configuration file and wonder if this can interfere, but at least some other settings do not and so I doubt it's the cause.

Oh, right, I remembered that this setting wasn't handled until imap process started, but it's handled by login process. But what you could do if the user has a static IP:

remote 1.2.3.4 {
  mail_max_userip_connections = 1
}

or even a static IP address space:

remote 1.2.3.0/24 {
  mail_max_userip_connections = 1
}

> So for now I have to go with writing a policy server for that it seems :)
> 
> I assume it does not work because user/IP limit is probably checked before parsing DB parameters.
> Maybe dovecot code can be adjusted somehow so it allows setting mail_max_userip_connections from userdb before it's processed?

Since it's login process, it would have to be returned by passdb lookup. But that's a lot of trouble for such a special use case.



More information about the dovecot mailing list