On 10/27/2013 1:21 PM, Charles Marcus wrote:
Bottom line desire is to avoid scraping/hijacking email stored on my dovecot server by any client other than a users client.
I don't think IMAP has a "client identification" component in its protocol, at least one that's in widespread and "compatible" use. So you're stuck with IP/hostname-based ACLs or perhaps something more "forensic" that does analysis of how those clients access mail and tailor a countermeasure accordingly.
Of course, blackholing all of the offending IP#s is an option, but I suspect it will be a bit "whack-a-mole".
=R=
