Re: Restrict IMAP login, but allow Postfix SASL

2022-06-03 Thread Sami Ketola
> On 1. Jun 2022, at 14.40, lutz.niede...@gmx.net wrote: > > Hi, > > we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP > users. > We also use this for Postfix authentication. Nothing special. > > But, we need to exclude some of the users from IMAP login. > This

Re: Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread Aki Tuomi
> On 01/06/2022 18:50 Hippo Man wrote: > > > > > There's a facility to add arbitrary code to the imap login process, > > e.g., in "10-master.conf": > > > > service imap-postlogin { > > executable = script-login /local/bin/imap-wrapper > > user = $default_internal_user > >

Re: Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread Hippo Man
> There's a facility to add arbitrary code to the imap login process, > e.g., in "10-master.conf": > > service imap-postlogin { > executable = script-login /local/bin/imap-wrapper > user = $default_internal_user > unix_listener imap-postlogin { > } > } > Just wondering: is

Re: Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread Anne Bennett
> we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP > users. > We also use this for Postfix authentication. Nothing special. > > But, we need to exclude some of the users from IMAP login. > How could this be done? There's a facility to add arbitrary code to the

Re: Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread Vladislav Kurz
Dne 01. 06. 22 v 13:40 lutz.niede...@gmx.net napsal(a): Hi, we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP users. We also use this for Postfix authentication. Nothing special. But, we need to exclude some of the users from IMAP login. This means, some users

Re: Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread Lucas Rolff
That’s indeed a good point, and very much possible! From: dovecot on behalf of Gedalya Date: Wednesday, 1 June 2022 at 14:04 To: dovecot@dovecot.org Subject: Re: Restrict IMAP login, but allow Postfix SASL On 6/1/22 19:57, Lucas Rolff wrote: > this assumes you don’t have any webmail runn

Re: Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread Paul Kudla (SCOM.CA Internet Services Inc.)
You really need to database your passwd auth sasl supports pgsql / mysql you can then alter the queries by selecting flags pending the access you want to allow dovecot-pgsql.conf password_query = SELECT username as user, password FROM email_users WHERE username = '%u' and password <>

Re: Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread Lucas Rolff
allow_nets with `local,127.0.0.1/32` defined, should do the trick - this assumes you don’t have any webmail running on the same host, since that would still allow authentication. https://doc.dovecot.org/configuration_manual/authentication/allow_nets/ I use allow_nets to “suspend” user logins,

Restrict IMAP login, but allow Postfix SASL

2022-06-01 Thread lutz . niederer
Hi, we have a very simple user-/passdb (like passwd) to authenticate virtual IMAP users. We also use this for Postfix authentication. Nothing special. But, we need to exclude some of the users from IMAP login. This means, some users should be allowed to send mail via Postfix (submission) and