Restrict IMAP login, but allow Postfix SASL
Sami Ketola
sami at ketola.io
Fri Jun 3 07:38:47 UTC 2022
> On 1. Jun 2022, at 14.40, lutz.niederer at gmx.net wrote:
>
> Hi,
>
> we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP users.
> We also use this for Postfix authentication. Nothing special.
>
> But, we need to exclude some of the users from IMAP login.
> This means, some users should be allowed to send mail via Postfix (submission) and therefore
> authenticate via SASL against dovecot successfully, but they should not be allowed to login
> to their IMAP mail box.
>
> How could this be done?
I would just configure a deny passdb inside protocol imap {} block with a list of users denied imap access. something like this:
protocol imap {
passdb {
driver = passwd-file
args = /etc/dovecot/imap-deny-passdb
deny = yes
}
}
Sami
More information about the dovecot
mailing list