Re: [Dovecot] Is there a connect acl ?
Hi Gabriel, thanks for the suggestion. Will be researching about perdition, google should help. My idea is to open only IMAPS port to the internet, and then limit only a few users the check their email from home. Thanks Oliver Gabriel Millerd wrote: What sort of response would the imap server give? Obviously you allow all sessions to connect else you would handle this with iptables, and when the user/pass/cert is validated and you have the user:rip what response would you give the client? Any security issues are moot since the user/pass is over the wire in order to determine if they have access. -- Oliver Schulze L. | http://tinymailto.com/oliver Asuncion - Paraguay | http://www.solojuegos.mobi
Re: [Dovecot] Is there a connect acl ?
I got the response from Timo, in the shell script i can use the variable $IP which holds the remote IP (rip from syslog) so, doing a grep with the $IP and the subnet will do the trick. Will update the wiki when its done. Thanks Oliver mouss wrote: Oliver Schulze L. wrote: Hi Gabriel, thanks for the suggestion. Will be researching about perdition, google should help. My idea is to open only IMAPS port to the internet, and then limit only a few users the check their email from home. you can run dovecot twice (one instance for the LAN and one of the internet), each with its list of users/passwords... -- Oliver Schulze L. | http://tinymailto.com/oliver Asuncion - Paraguay | http://www.solojuegos.mobi
Re: [Dovecot] Is there a connect acl ?
On Sat, 2007-06-02 at 10:47 -0400, Oliver Schulze L. wrote: Hi, I have been reading the acl documentation and it seems that a connect acl is not available. I need to limit the users that can login in an IP number, is that posible with dovecot 1.0? (i.e. only these users can login from the Internet) Do you mean something like http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets (and http://wiki.dovecot.org/PasswordDatabase/ExtraFields)? Or a new plugin should be written? It is complicated to do that? dovecot-auth doesn't really support such plugins. You could let the user log in normally and then check the IP and disconnect if it's wrong (http://wiki.dovecot.org/PostLoginScripting) but that of course tells the user that the user/pass was correct and the IP was just wrong. signature.asc Description: This is a digitally signed message part
