Re: [Dovecot] Disable IMAP for ONE user only

Mon, 05 May 2014 13:45:20 -0700 

Hi Rick

I really appreciate your response!
Unfortunately my SQL is, how can we say, very basic. I built my server using the Linode guide at: 

https://library.linode.com/email/postfix/postfix2.9.6-dovecot2.0.19-mysql

Currently my password query looks as follows:

password_query = SELECT email as user, password FROM virtual_users WHERE 
email='%u';
I'm not familiar with VPopMail, would I need it in this situation? Currently I use Postfix/Dovecot/MySQL/Apache/Roundcube. 



On 05/05/2014 21:32, Rick Romero wrote:

 Quoting Professa Dementia <[email protected]>:


On 5/5/2014 1:05 PM, SIW wrote:

Thats a good point.

If I block IMAP/SMTP access to ONE user does that mean that particular
user can't use Roundcube anymore?


That is correct.  If you block IMAP, then webmail will not work.



Not necessarily.

From:
http://wiki2.dovecot.org/AuthDatabase/VPopMail
"logically this means: show password for user=%n at domain=%d when imap on 
the account is not disabled and connection is not comming from localhost
when webmail access on the account is not disabled and if imap for the
domain is not disabled and (connection is not comming from localhost when
webmail access for the domain is not disabled) when vlimits are not
overriden on the account "
#
password_query = select pw_passwd as password FROM vpopmail LEFT JOIN
limits ON vpopmail.pw_domain=limits.domain WHERE pw_name='%n' and
pw_domain='%d' and !(pw_gid & 8) and ('%r'!='127.0.0.1' or !(pw_gid & 4))
and ( ('%r'!='127.0.0.1' or COALESCE(disable_webmail,0)!=1) and
COALESCE(disable_imap,0)!=1 or (pw_gid & 8192) );
So construct your SQL query in a way that your bit field in MySQL disables 
all access for a single user except when the source IP is your webmail
server.
If you want multiple passwords, you can modify the password_query with iif 
statements based on the source IP or protocol.

Like:
select iif(%r == '127.0.0.1' & pw_name== 'yourname' &
pw_domain='yourdomain',pw_webmailpasswrd,pw_passwd) as pw_passwd from
vpopmail .....
Of course that's specific to the vpopmail table... modify as needed for
your own table structure...

Rick

Reply via email to