passwd files are automatically re-read when they are changed. No restart needed.
Aki
On 02/08/2023 19:03 EEST Hippo Man <[email protected]> wrote:_______________________________________________This method indeed seems to work ... thank you again!
In summary, I did this:
passdb {
driver = passwd-file
deny = yes
args = username_format=%{rip} /etc/dovecot/deny.ip
}... and the "deny.ip" file looks like this:1.2.3.4:::::::: nopassword
5.6.7.8:::::::: nopasswordOne further question: whenever I add additional lines to the "deny.ip"file, will I need to restart dovecot, or will dovecot always read thelatest version of that file whenever it is validating a new IMAPconnection?--
[email protected]
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 12:44 PM Hippo Man <[email protected]> wrote:Oh, OK. I'll investigate and test it.Thank you!--
[email protected]
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 12:24 PM aki.tuomi via dovecot <[email protected]> wrote:_______________________________________________1.2.3.4::::::::: nopasswordI think. Didn't have a chance to test it.Aki-------- Original message --------From: Hippo Man <[email protected]>Date: 8/1/23 19:03 (GMT+02:00)To: "aki.tuomi" <[email protected]>Subject: Re: Forcing imap authentication failure for certain IP addressesThank you very much!
In your example, what would be the contents of the/etc/dovecot/deny.ip file?--
[email protected]
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 11:44 AM aki.tuomi via dovecot <[email protected]> wrote:_______________________________________________One way is to use https://doc.dovecot.org/configuration_manual/authentication/auth_policy/or you can usepassdb {driver = passwd-filedeny = yesargs = username_formar=%{rip} /etc/dovecot/deny.ip}or you can use https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/and write this in Lua.Aki-------- Original message --------From: Hippo Man <[email protected]>Date: 8/1/23 18:14 (GMT+02:00)Subject: Forcing imap authentication failure for certain IP addressesI'm running dovecot 2.3.18 under Debian 11.
I want to do something that's a bit unusual: when IMAP connections are attemptedfrom a few specific IP addresses, I want to force an IMAP authentication failurefrom those connections, no matter what user ID and password are specified.I know that I can use iptables to completely block imap access from those IPaddresses to the IMAP ports. However, in these specific cases, I'd prefer thatthe connection goes through to dovecot, but for dovecot then to always generateauthentication failures for those specific connections ... even if a validuser ID and password happen to be specified.
Is there a way to do this in dovecot?
Thank you very much in advance.--
[email protected]
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
