Block insecure connections

[Aki Tuomi]

> On 04/08/2021 16:51 Andrea Gabellini <andrea.gabellini at telecomitalia.sm> wrote:
> 
>  
> Hello,
> 
> from the proxy I can do the forward:
> 
> passdb {
>    driver = static
>    args = proxy=y nopassword=y starttls=yes forward_test=%{secured}
> }
> 
> On the backend, activating debugging:
> 
> dovecot: auth: Debug: client passdb out: 
> OK#0111#011user=xxxxx#011forward_test=TLS
> 
> How do I pass this forward_test variable to postlogin?
> 
> 
> Il 04/08/21 14:53, Andrea Gabellini ha scritto:
> > Hello,
> >
> > I am writing for advice on how to deal with a problem.
> >
> > I have a Dovecot Proxy/Director -> Backend installation, all with 
> > version 2.3
> >
> > Encryption on POP3 / IMAP connections is currently optional. I would 
> > like to set it as mandatory but despite the numerous reminders many 
> > users have not taken steps to adapt. Setting it as mandatory would 
> > mean having too many calls to support.
> >
> > I would therefore like to block the connection to only some of them 
> > and slowly reach my target. I can't find how and where to fit in to be 
> > able to do such a thing. At first I thought about postlogin, but the 
> > user ended up on a proxy and I can't use it. I tried to use the 
> > forwarding function on the proxy and postlogin on the backend, but I 
> > didn't succeed in the first part.
> >
> > In pseudo code, I would like to do this:
> >
> > if connection is not secured {
> >   if user is in my list {
> >     block the connection;
> >   }
> > }
> >
> > Thanks in advance for any suggestions,
> > Andrea
> >
> 
> -- 
> __________________________
> I've never had much luck buying computers. I bought an Apple and it had an worm in it!
> __________________________
> 
> TIM San Marino S.p.A.
> Andrea Gabellini

In the next hop, adapt this to your passdb block:

passdb {
  driver = static
  args = userdb_test=%{forward_test}
}

Aki