This method indeed seems to work ... thank you again!
In summary, I did this:
passdb {
driver = passwd-file
deny = yes
args = username_format=%{rip} /etc/dovecot/deny.ip
}
... and the "deny.ip" file looks like this:
1.2.3.4:::::::: nopassword
5.6.7.8:::::::: nopassword
One further question: whenever I add additional lines to the "deny.ip"
file, will I need to restart dovecot, or will dovecot always read the
latest version of that file whenever it is validating a new IMAP
connection?
--
[email protected]
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 12:44 PM Hippo Man <[email protected]> wrote:
> Oh, OK. I'll investigate and test it.
> Thank you!
>
> --
> [email protected]
> Take a hippopotamus to lunch today.
>
> .---------, 0__0
> / ( oo'---,
> / oo\
> ,\ |
> | \ ,=__/
> \ /
> / /------| /|
> |__|-' |__|'
>
>
>
> On Tue, Aug 1, 2023 at 12:24 PM aki.tuomi via dovecot <[email protected]>
> wrote:
>
>> 1.2.3.4::::::::: nopassword
>>
>> I think. Didn't have a chance to test it.
>>
>> Aki
>>
>>
>> -------- Original message --------
>> From: Hippo Man <[email protected]>
>> Date: 8/1/23 19:03 (GMT+02:00)
>> To: "aki.tuomi" <[email protected]>
>> Cc: [email protected]
>> Subject: Re: Forcing imap authentication failure for certain IP addresses
>>
>> Thank you very much!
>>
>> In your example, what would be the contents of the
>> /etc/dovecot/deny.ip file?
>>
>> --
>> [email protected]
>> Take a hippopotamus to lunch today.
>>
>> .---------, 0__0
>> / ( oo'---,
>> / oo\
>> ,\ |
>> | \ ,=__/
>> \ /
>> / /------| /|
>> |__|-' |__|'
>>
>>
>>
>> On Tue, Aug 1, 2023 at 11:44 AM aki.tuomi via dovecot <
>> [email protected]> wrote:
>>
>>> One way is to use
>>> https://doc.dovecot.org/configuration_manual/authentication/auth_policy/
>>>
>>> or you can use
>>>
>>> passdb {
>>> driver = passwd-file
>>> deny = yes
>>> args = username_formar=%{rip} /etc/dovecot/deny.ip
>>> }
>>>
>>> or you can use
>>> https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/
>>>
>>> and write this in Lua.
>>>
>>> Aki
>>>
>>>
>>> -------- Original message --------
>>> From: Hippo Man <[email protected]>
>>> Date: 8/1/23 18:14 (GMT+02:00)
>>> To: [email protected]
>>> Subject: Forcing imap authentication failure for certain IP addresses
>>>
>>> I'm running dovecot 2.3.18 under Debian 11.
>>>
>>> I want to do something that's a bit unusual: when IMAP connections are
>>> attempted
>>> from a few specific IP addresses, I want to force an IMAP authentication
>>> failure
>>> from those connections, no matter what user ID and password are
>>> specified.
>>>
>>> I know that I can use iptables to completely block imap access from
>>> those IP
>>> addresses to the IMAP ports. However, in these specific cases, I'd
>>> prefer that
>>> the connection goes through to dovecot, but for dovecot then to always
>>> generate
>>> authentication failures for those specific connections ... even if a
>>> valid
>>> user ID and password happen to be specified.
>>>
>>> Is there a way to do this in dovecot?
>>>
>>> Thank you very much in advance.
>>>
>>> --
>>> [email protected]
>>> Take a hippopotamus to lunch today.
>>>
>>> .---------, 0__0
>>> / ( oo'---,
>>> / oo\
>>> ,\ |
>>> | \ ,=__/
>>> \ /
>>> / /------| /|
>>> |__|-' |__|'
>>>
>>> _______________________________________________
>>> dovecot mailing list -- [email protected]
>>> To unsubscribe send an email to [email protected]
>>>
>> _______________________________________________
>> dovecot mailing list -- [email protected]
>> To unsubscribe send an email to [email protected]
>>
>
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
