Re: Get a list of currently active IMAP connections?

2022-08-22 Thread Cristiano Deana 

Hi,

I think this i wrong.
With that command you catch all _established_ connections. If I just 
connect to 993/143 WITHOUT auth, I will have a smtp connection open.



Il 16/08/2022 22:46, Antonio Leding ha scritto:
At the risk of being pedestrian, I just use something like |sudo netstat 
-an | grep ‘:[ IMAP_PORT ]’|


I’m pretty sure you thought of this but still, thought I would toss it out…

Cheers



On 16 Aug 2022, at 13:15, Jaroslaw Rafa wrote:

Hello Dovecot community,

I have a question: is it possible to programmatically get from
Dovecot a
list of currently active IMAP sessions (with IP addresses)? Via a
plugin or
something?

Or just check if there is an IMAP session currently open from a
particular IP
address, with true/false type answer?

I'm planning to implement a policy service for *Postfix* that will
revive
the old "POP before SMTP" authorization concept (only it will be "IMAP
before SMTP" this time). This policy service will reject connections to
mail submission ports (465, 587) - without even going to SMTP AUTH
phase -
unless the connecting IP address has currently an IMAP session open to
Dovecot, to mitigate SMTP AUTH attacks.

But for this I need some way to check from within this policy
service if the
particular IP address has a connection open or not. It could be of
course
obtained by scanning Dovecot logs, but this involves quite a large
overhead.
Therefore I'm looking for the way to get this information directly from
Dovecot's current state.

Can you advise me of any way to do this?

Or maybe someone has already written such a piece of software and it is
available somewhere on the Net?
-- 
Regards,

Jaroslaw Rafa
r...@rafa.eu.org
-- 
"In a million years, when kids go to school, they're gonna know:

once there

was a Hushpuppy, and she lived with her daddy in the Bathtub."



--

###
# Cristiano Deana #
# #
# Senior Network Engineer #
# Digital Response Team #
# CittaStudi S.p.a. #
# off. +39 015 855 1172 #
# cell +39 328 310 6392 #
###

Re: Get a list of currently active IMAP connections?

2022-08-21 Thread Jaroslaw Rafa 
Dnia 20.08.2022 o godz. 19:34:03 Jaroslaw Rafa pisze:
> I have one more question regarding this.
> 
> My service needs to access the socket /var/run/dovecot/anvil. The problem is
> that this socket (at least on my system) has permissions only for root:
> 
> srw--- 1 root root 0 May 22  2020 /var/run/dovecot/anvil
> 
> And I don't think it's a good idea to run my service as root. Is it possible
> to add permission to this socket for another user? If yes, what should I
> change in Dovecot config?

Well, documentation is not very clear on this, but by trial and error I was
able to change /var/run/dovecot/anvil socket permissions to:

srw-rw 1 root dovecot 0 Aug 21 20:47 /var/run/dovecot/anvil

by putting the following lines into Dovecot configuration:

# this is needed for Postfix IMAP-before-SMTP policy service to access anvil
service anvil {
unix_listener anvil {
user = root
group = dovecot
mode = 0660
}
}

Then my service can run under the user "dovecot" and access anvil.

So I'd like to ask - do I create any security risk by changing the anvil
socket permissions like above and running my service under "dovecot" user?

Or is it better that I create a special user dedicated only for this service
and run the service under that user?
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Get a list of currently active IMAP connections?

2022-08-20 Thread Jaroslaw Rafa 
Dnia 16.08.2022 o godz. 23:54:00 Jaroslaw Rafa pisze:
> 
> It's an interesting option, but after looking into "doveadm" source code I
> was able to reimplement the query that "doveadm who" does with a few lines
> of simple Perl code. It's exactly what I want, as it can be easily
> integrated into a policy service written in Perl.

I have one more question regarding this.

My service needs to access the socket /var/run/dovecot/anvil. The problem is
that this socket (at least on my system) has permissions only for root:

srw--- 1 root root 0 May 22  2020 /var/run/dovecot/anvil

And I don't think it's a good idea to run my service as root. Is it possible
to add permission to this socket for another user? If yes, what should I
change in Dovecot config?
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread Paul Kudla (SCOM.CA Internet Services Inc.) 



NO 

it is showing active open imap connections

fyi



Happy Friday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services 
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca

On 8/19/2022 3:40 AM, Narcis Garcia wrote:


Do you mean ps is reading dovecot.conf ?!



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't 
masked enough at this mail public archive. Public archive administrator 
should fix this against automated addresses collectors.

El 19/8/22 a les 9:40, Aki Tuomi ha escrit:

dovecot.conf, not ps config.

Aki


On 19/08/2022 10:38 EEST Narcis Garcia  wrote:

What config?

I see no configuration file documented on ps manpage.



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 19/8/22 a les 9:33, 202107-dove...@planhack.com ha escrit:
Add `verbose_proctitle = yes` to your config to get usernames and 
IPs in the ps listing.

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread Narcis Garcia 

(after setting and restarting service)

$ cat /etc/dovecot/dovecot.conf | grep -ie 'include'
!include_try /usr/share/dovecot/protocols.d/*.protocol
# Most of the actual configuration gets included below. The filenames are
!include conf.d/*.conf
# A config file can also tried to be included without giving an error if
!include_try local.conf

$ cat /etc/dovecot/local.conf | grep -ie 'proctitle'
verbose_proctitle = yes

$ ps -axww | grep imap
24595 ?S  0:00 dovecot/imap
24596 ?S  0:00 dovecot/imap-login
24602 ?S  0:00 dovecot/imap
24635 pts/4R+ 0:00 grep imap

BUT LATER, YES. Usernames and IPs appear in ps list!



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't 
masked enough at this mail public archive. Public archive administrator 
should fix this against automated addresses collectors.

El 19/8/22 a les 9:40, Aki Tuomi ha escrit:

dovecot.conf, not ps config.

Aki


On 19/08/2022 10:38 EEST Narcis Garcia  wrote:

  
What config?


I see no configuration file documented on ps manpage.



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 19/8/22 a les 9:33, 202107-dove...@planhack.com ha escrit:

Add `verbose_proctitle = yes` to your config to get usernames and IPs in the ps 
listing.

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread Narcis Garcia 

Do you mean ps is reading dovecot.conf ?!



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't 
masked enough at this mail public archive. Public archive administrator 
should fix this against automated addresses collectors.

El 19/8/22 a les 9:40, Aki Tuomi ha escrit:

dovecot.conf, not ps config.

Aki


On 19/08/2022 10:38 EEST Narcis Garcia  wrote:

  
What config?


I see no configuration file documented on ps manpage.



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 19/8/22 a les 9:33, 202107-dove...@planhack.com ha escrit:

Add `verbose_proctitle = yes` to your config to get usernames and IPs in the ps 
listing.

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread Aki Tuomi 
dovecot.conf, not ps config.

Aki

> On 19/08/2022 10:38 EEST Narcis Garcia  wrote:
> 
>  
> What config?
> 
> I see no configuration file documented on ps manpage.
> 
> 
> 
> Narcis Garcia
> 
> __
> I'm using this dedicated address because personal addresses aren't 
> masked enough at this mail public archive. Public archive administrator 
> should fix this against automated addresses collectors.
> El 19/8/22 a les 9:33, 202107-dove...@planhack.com ha escrit:
> > Add `verbose_proctitle = yes` to your config to get usernames and IPs in 
> > the ps listing.

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread Narcis Garcia 

What config?

I see no configuration file documented on ps manpage.



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't 
masked enough at this mail public archive. Public archive administrator 
should fix this against automated addresses collectors.

El 19/8/22 a les 9:33, 202107-dove...@planhack.com ha escrit:

Add `verbose_proctitle = yes` to your config to get usernames and IPs in the ps 
listing.

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread 202107-dovecot 
Add `verbose_proctitle = yes` to your config to get usernames and IPs in the ps 
listing.

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread Narcis Garcia 

Hi Paul, with your command syntax I get no account/IP on Debian GNU/Linux:

$ ps -axww | grep imap
19024 ?S  0:00 dovecot/imap
19696 ?S  0:00 dovecot/imap
20515 ?S  0:04 dovecot/imap
22247 pts/4S+ 0:00 grep imap
24720 ?S  0:03 dovecot/imap
24991 ?S  0:00 dovecot/imap
25446 ?S  0:03 dovecot/imap
25447 ?S  0:04 dovecot/imap
25475 ?S  0:03 dovecot/imap
31778 ?S  6:10 dovecot/imap-login



Narcis Garcia

__
I'm using this dedicated address because personal addresses aren't 
masked enough at this mail public archive. Public archive administrator 
should fix this against automated addresses collectors.
El 19/8/22 a les 8:22, Paul Kudla (SCOM.CA Internet Services Inc.) ha 
escrit:


I use ps : (greping by imap & idle)

# ps -axww | grep imap | grep IDLE

thant and split() in python



  8606  -  S 0:08.78 imap: [ke...@elirpa.com 54.242.98.60 IDLE] 
(imap)
12234  -  I 0:01.00 imap: [recept...@clancyca.com 72.143.119.178 
IDLE] (imap)

20668  -  S 0:02.01 imap: [p...@scom.ca 216.58.25.131 IDLE] (imap)
23219  -  I 0:00.33 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)
26761  -  S 0:00.52 imap: [ed.ha...@ekst.ca 204.237.91.165 IDLE] 
(imap)

26785  -  I 0:00.87 imap: [e...@scom.ca 204.237.91.165 IDLE] (imap)
26787  -  I 0:00.80 imap: [ed.ha...@dssmgmt.com 204.237.91.165 
IDLE] (imap)

27378  -  S 0:00.42 imap: [e...@scom.ca 204.237.91.165 IDLE] (imap)
31404  -  S 0:03.90 imap: [p...@scom.ca 216.58.25.131 IDLE] (imap)
32494  -  S 0:00.13 imap: [install...@tomkudla.ca 167.94.196.10 
IDLE] (imap)
32497  -  S 0:00.13 imap: [install...@tomkudla.ca 167.94.196.10 
IDLE] (imap)
33809  -  I 0:00.28 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)
36321  -  I 0:00.21 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)
39188  -  I 0:00.39 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)

42706  -  S 0:00.45 imap: [e...@scom.ca 204.237.91.165 IDLE] (imap)
46356  -  S 0:02.98 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
46422  -  S 0:01.32 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
46424  -  S 0:01.27 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
50756  -  S 0:01.36 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
58656  -  I 0:00.07 imap: [ditchb...@clancyca.com 216.58.50.30 
IDLE] (imap)
63886  -  S 0:00.70 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
68246  -  I 0:00.08 imap: [l...@clancyca.com 72.143.119.178 IDLE] 
(imap)
74719  -  I 0:00.03 imap: [d...@elirpa.com 142.183.30.44 IDLE] 
(imap)
76580  -  I 0:00.02 imap: [i...@willsagriquipandfencing.ca 
173.32.244.194 IDLE] (imap)
76584  -  I 0:00.02 imap: [how...@willsagriquipandfencing.ca 
173.32.244.194 IDLE] (imap)
77567  -  S 0:00.04 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
77569  -  I 0:00.03 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)







Happy Friday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services 
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca

On 8/18/2022 6:28 PM, J Doe wrote:


On 2022-08-16 16:46, Antonio Leding wrote:
At the risk of being pedestrian, I just use something like |sudo 
netstat -an | grep ‘:[ IMAP_PORT ]’|


I’m pretty sure you thought of this but still, thought I would toss 
it out…




Hi Antonio and Jaroslaw,

I don't think the second solution is pedestrian; I think it's cool 
that people have come up with different solutions for the same problem!


I am thinking that this may not be the solution that Jaroslaw is 
looking for, as this also requires spawning a process to run netstat 
and then capturing the results.  The socket approach avoids an 
additional process.


- J

Re: Get a list of currently active IMAP connections?

2022-08-19 Thread Paul Kudla (SCOM.CA Internet Services Inc.) 



I use ps : (greping by imap & idle)

# ps -axww | grep imap | grep IDLE

thant and split() in python



 8606  -  S 0:08.78 imap: [ke...@elirpa.com 54.242.98.60 IDLE] 
(imap)
12234  -  I 0:01.00 imap: [recept...@clancyca.com 72.143.119.178 
IDLE] (imap)

20668  -  S 0:02.01 imap: [p...@scom.ca 216.58.25.131 IDLE] (imap)
23219  -  I 0:00.33 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)
26761  -  S 0:00.52 imap: [ed.ha...@ekst.ca 204.237.91.165 IDLE] 
(imap)

26785  -  I 0:00.87 imap: [e...@scom.ca 204.237.91.165 IDLE] (imap)
26787  -  I 0:00.80 imap: [ed.ha...@dssmgmt.com 204.237.91.165 
IDLE] (imap)

27378  -  S 0:00.42 imap: [e...@scom.ca 204.237.91.165 IDLE] (imap)
31404  -  S 0:03.90 imap: [p...@scom.ca 216.58.25.131 IDLE] (imap)
32494  -  S 0:00.13 imap: [install...@tomkudla.ca 167.94.196.10 
IDLE] (imap)
32497  -  S 0:00.13 imap: [install...@tomkudla.ca 167.94.196.10 
IDLE] (imap)
33809  -  I 0:00.28 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)
36321  -  I 0:00.21 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)
39188  -  I 0:00.39 imap: [cla...@clancyca.com 72.143.119.178 
IDLE] (imap)

42706  -  S 0:00.45 imap: [e...@scom.ca 204.237.91.165 IDLE] (imap)
46356  -  S 0:02.98 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
46422  -  S 0:01.32 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
46424  -  S 0:01.27 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
50756  -  S 0:01.36 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
58656  -  I 0:00.07 imap: [ditchb...@clancyca.com 216.58.50.30 
IDLE] (imap)
63886  -  S 0:00.70 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
68246  -  I 0:00.08 imap: [l...@clancyca.com 72.143.119.178 IDLE] 
(imap)

74719  -  I 0:00.03 imap: [d...@elirpa.com 142.183.30.44 IDLE] (imap)
76580  -  I 0:00.02 imap: [i...@willsagriquipandfencing.ca 
173.32.244.194 IDLE] (imap)
76584  -  I 0:00.02 imap: [how...@willsagriquipandfencing.ca 
173.32.244.194 IDLE] (imap)
77567  -  S 0:00.04 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)
77569  -  I 0:00.03 imap: [rco...@tnky.ca 198.91.141.141 IDLE] 
(imap)







Happy Friday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services 
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email p...@scom.ca

On 8/18/2022 6:28 PM, J Doe wrote:


On 2022-08-16 16:46, Antonio Leding wrote:
At the risk of being pedestrian, I just use something like |sudo 
netstat -an | grep ‘:[ IMAP_PORT ]’|


I’m pretty sure you thought of this but still, thought I would toss it 
out…




Hi Antonio and Jaroslaw,

I don't think the second solution is pedestrian; I think it's cool that 
people have come up with different solutions for the same problem!


I am thinking that this may not be the solution that Jaroslaw is looking 
for, as this also requires spawning a process to run netstat and then 
capturing the results.  The socket approach avoids an additional process.


- J

Re: Get a list of currently active IMAP connections?

2022-08-18 Thread J Doe 

On 2022-08-16 16:46, Antonio Leding wrote:
At the risk of being pedestrian, I just use something like |sudo netstat 
-an | grep ‘:[ IMAP_PORT ]’|


I’m pretty sure you thought of this but still, thought I would toss it out…



Hi Antonio and Jaroslaw,

I don't think the second solution is pedestrian; I think it's cool that 
people have come up with different solutions for the same problem!


I am thinking that this may not be the solution that Jaroslaw is looking 
for, as this also requires spawning a process to run netstat and then 
capturing the results.  The socket approach avoids an additional process.


- J

Re: Get a list of currently active IMAP connections?

2022-08-16 Thread Jaroslaw Rafa 
Dnia 16.08.2022 o godz. 23:37:05 Aki Tuomi pisze:
> 
> doveadm_password = secret
> 
> service doveadm {
>   inet_listener http {
>  port = 8080
>   }
> }
> 
> should allow you to use `who` command over HTTP API. 

It's an interesting option, but after looking into "doveadm" source code I
was able to reimplement the query that "doveadm who" does with a few lines
of simple Perl code. It's exactly what I want, as it can be easily
integrated into a policy service written in Perl.

Thanks again for pointing me in the right direction.

If anybody is interested, here's the code:


#!/usr/bin/perl

use IO::Socket::UNIX qw( SOCK_STREAM );

$sockpath="/var/run/dovecot/anvil";

my $socket = IO::Socket::UNIX->new(
   Type => SOCK_STREAM,
   Peer => $sockpath,
)
   or die("Can't connect to $sockpath");

$ANVIL_HANDSHAKE="VERSION\tanvil\t1\t0\n";
$ANVIL_CMD=$ANVIL_HANDSHAKE."CONNECT-DUMP\n";

$socket->send($ANVIL_CMD) or die "Socket write error";
$socket->recv($buffer, 65536, 0) or die "Socket read error";
chomp($buffer);
close($socket);

@lines=split(/\n/, $buffer);
foreach $line (@lines) {
  #print "$line\n";
  if ($line =~ m#^imap/([0-9A-Fa-f.:]+)/([^\t]+)\t#) {
print "IP=$1 user=$2\n";
  }
}

-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Get a list of currently active IMAP connections?

2022-08-16 Thread Antonio Leding 
At the risk of being pedestrian, I just use something like `sudo netstat 
-an | grep ‘:[ IMAP_PORT ]’`


I’m pretty sure you thought of this but still, thought I would toss it 
out…


Cheers

- - -

On 16 Aug 2022, at 13:15, Jaroslaw Rafa wrote:


Hello Dovecot community,

I have a question: is it possible to programmatically get from Dovecot 
a
list of currently active IMAP sessions (with IP addresses)? Via a 
plugin or

something?

Or just check if there is an IMAP session currently open from a 
particular IP

address, with true/false type answer?

I'm planning to implement a policy service for *Postfix* that will 
revive

the old "POP before SMTP" authorization concept (only it will be "IMAP
before SMTP" this time). This policy service will reject connections 
to
mail submission ports (465, 587) - without even going to SMTP AUTH 
phase -

unless the connecting IP address has currently an IMAP session open to
Dovecot, to mitigate SMTP AUTH attacks.

But for this I need some way to check from within this policy service 
if the
particular IP address has a connection open or not. It could be of 
course
obtained by scanning Dovecot logs, but this involves quite a large 
overhead.
Therefore I'm looking for the way to get this information directly 
from

Dovecot's current state.

Can you advise me of any way to do this?

Or maybe someone has already written such a piece of software and it 
is

available somewhere on the Net?
--
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once 
there

was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Get a list of currently active IMAP connections?

2022-08-16 Thread Aki Tuomi 


> On 16/08/2022 23:34 EEST Jaroslaw Rafa  wrote:
> 
>  
> Dnia 16.08.2022 o godz. 23:19:14 Aki Tuomi pisze:
> > Have you tried `doveadm who`?
> 
> Why haven't I found it in the documentation? I was really searching... :)
> Thank you!
> 
> But this still requires launching an external executable for each connection
> request. Optimal solution would be to get it via some socket, or something
> like this...
> -- 
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org

doveadm_password = secret

service doveadm {
  inet_listener http {
 port = 8080
  }
}

should allow you to use `who` command over HTTP API. 

Aki

Re: Get a list of currently active IMAP connections?

2022-08-16 Thread Jaroslaw Rafa 
Dnia 16.08.2022 o godz. 23:19:14 Aki Tuomi pisze:
> Have you tried `doveadm who`?

Why haven't I found it in the documentation? I was really searching... :)
Thank you!

But this still requires launching an external executable for each connection
request. Optimal solution would be to get it via some socket, or something
like this...
-- 
Regards,
   Jaroslaw Rafa
   r...@rafa.eu.org
--
"In a million years, when kids go to school, they're gonna know: once there
was a Hushpuppy, and she lived with her daddy in the Bathtub."

Re: Get a list of currently active IMAP connections?

2022-08-16 Thread Aki Tuomi 
Have you tried `doveadm who`?

Aki

> On 16/08/2022 23:15 EEST Jaroslaw Rafa  wrote:
> 
>  
> Hello Dovecot community,
> 
> I have a question: is it possible to programmatically get from Dovecot a
> list of currently active IMAP sessions (with IP addresses)? Via a plugin or
> something?
> 
> Or just check if there is an IMAP session currently open from a particular IP
> address, with true/false type answer?
> 
> I'm planning to implement a policy service for *Postfix* that will revive
> the old "POP before SMTP" authorization concept (only it will be "IMAP
> before SMTP" this time). This policy service will reject connections to
> mail submission ports (465, 587) - without even going to SMTP AUTH phase -
> unless the connecting IP address has currently an IMAP session open to
> Dovecot, to mitigate SMTP AUTH attacks.
> 
> But for this I need some way to check from within this policy service if the
> particular IP address has a connection open or not. It could be of course
> obtained by scanning Dovecot logs, but this involves quite a large overhead.
> Therefore I'm looking for the way to get this information directly from
> Dovecot's current state.
> 
> Can you advise me of any way to do this?
> 
> Or maybe someone has already written such a piece of software and it is
> available somewhere on the Net?
> -- 
> Regards,
>Jaroslaw Rafa
>r...@rafa.eu.org
> --
> "In a million years, when kids go to school, they're gonna know: once there
> was a Hushpuppy, and she lived with her daddy in the Bathtub."