dovecot passdb driver=checkpassword as external script for block ip
Sami Ketola
sami.ketola at dovecot.fi
Thu Oct 18 13:31:01 EEST 2018
> On 17 Oct 2018, at 20.09, bes <bes.internal at gmail.com> wrote:
>
> Refer to
> https://dovecot.org/pipermail/dovecot/2015-March/099971.html
> https://wiki.dovecot.org/PasswordDatabase
> I tried to repeat the same thing.
> Set these passdb:
>
> passdb {
> args = /myscript.sh ip=%r
> driver = checkpassword
> result_failure = return-fail
> result_success = continue
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf.ext ( my working auth method )
> driver = sql
> }
>
> Created executable /myscript.sh:
> #!/bin/sh
> exit 1
While I'm not sure why this does not work I'm was wondering if a deny-passdb would be more
efficient to implement this blacklisting as executing a script on each login attempt is awfully slow.
Instead I would do something like this:
# check deny passwd for ip address first
passdb {
driver = passwd-file
args = username_format=%r /etc/dovecot/ip-deny-list
deny = yes
auth_verbose = no
result_success = return-fail
}
and then just create /etc/dovecot/ip-deny-list with one ip address per line.
Sami
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20181018/7708c11b/attachment.html>
More information about the dovecot
mailing list