On Tue, 17 Mar 2020, Mike Tubby via Exim-users wrote:
The PHP back-end accepts a POST on a URI with form data that contains:
* email address
* password
* remote IP address
the back-end considers:
a) the username/password pair - for authentication
b) the GEOIP of the remote IP address - for authorization
in the virtual mailbox/virtual user database, plus the remote IP in a local
copy of the DBIP GeoIP database and returns a HTTP response code:
* 204 On success (no data)
* 403 Forbidden (for authentication failure or GEOIP authorization fail)
* 400 Bad Request (for non supported methods or incomplete form data)
and logs the username (email address) and remote IP address along with
authentication success/fail and GEOIP policy success/fail and country code to
a 'connection_log' table in MySQL.
If/when a legitimate user goes to a GEOIP restricted location
(OK that isn't likely while covid-19 ...) they will send their password
before being told to go away.
Is there a reason you cannot do the GeoIP block at connection time,
or at least before the password prompt ?
--
Andrew C. Aitchison Kendal, UK
[email protected]
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
