Postlogin script
Joseph Tam
jtam.home at gmail.com
Sat Nov 11 00:03:47 EET 2017
"j.emerlik" <j.emerlik at gmail.com> writes:
> I would like to prepare postlogin a script that allow imap connection to
> roundcube for all but restrict imap access for selected users.
"from" roundcube?
> Is possible in condition IF use IP addresses as range or with mask (because
> I've more than one web servers) ?
Of course -- many ways to skin this cat.
If you have only a handful of IPs
case "$IP" in
12.34.56.78) exec "$@";;
23.45.67.89) exec "$@";;
...
esac
If you have CIDR that align neatly on octet boundaries
case "$IP" in
12.34.56.*) exec "$@";;
23.45.67.*) exec "$@";;
...
esac
The toughest situation (using script techniques) is for
CIDR ranges just shy of a full octet boundary e.g. /25. You can use
"cut -d .", "IFS=." or "expr" to break the IP into octets,
then test the components. e.g. 12.34.56.0/25
# Example 1
PART1=`echo $IP | cut -d. -f1,2,3`
PART2=`echo $IP | cut -d. -f4`
[ "$PART1" = "12.34.56" -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && exec "$@"
# Example 2
PART2=`expr "$IP" : '.*\.\([0-9]*\)'
expr "$IP" : "12.34.56." && [ "$PART2" -ge 0 -a "$PART2" -le 127 ] && exec "$@"
# Example 3 (dodgy, I haven't fully thought this through)
`echo "$IP" | { IFS=. read a b c PART2; [ "$a.$b.$c" = "12.34.56" -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && echo "exec $@"; }`
If you have a busy IMAP server, you'll probably want to use Aki's passdb
solution instead, rather than incurring the execution overhead for each
and every authentication.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list