[prev in list] [next in list] [prev in thread] [next in thread]
List: dovecot
Subject: Re: Forcing imap authentication failure for certain IP addresses
From: Hippo Man <hippoman () gmail ! com>
Date: 2023-08-01 16:44:58
Message-ID: CAK1LP6k0Dkn1uzjxDqy=h+4qcwQHYzBpm=CVQC_Mzhp8dP2HWA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Oh, OK. I'll investigate and test it.
Thank you!
--
hippoman@gmail.com
Take a hippopotamus to lunch today.
.---------, 0__0
/ ( oo'---,
/ oo\
,\ |
| \ ,=__/
\ /
/ /------| /|
|__|-' |__|'
On Tue, Aug 1, 2023 at 12:24 PM aki.tuomi via dovecot <dovecot@dovecot.org>
wrote:
> 1.2.3.4::::::::: nopassword
>
> I think. Didn't have a chance to test it.
>
> Aki
>
>
> -------- Original message --------
> From: Hippo Man <hippoman@gmail.com>
> Date: 8/1/23 19:03 (GMT+02:00)
> To: "aki.tuomi" <aki.tuomi@open-xchange.com>
> Cc: dovecot@dovecot.org
> Subject: Re: Forcing imap authentication failure for certain IP addresses
>
> Thank you very much!
>
> In your example, what would be the contents of the
> /etc/dovecot/deny.ip file?
>
> --
> hippoman@gmail.com
> Take a hippopotamus to lunch today.
>
> .---------, 0__0
> / ( oo'---,
> / oo\
> ,\ |
> | \ ,=__/
> \ /
> / /------| /|
> |__|-' |__|'
>
>
>
> On Tue, Aug 1, 2023 at 11:44 AM aki.tuomi via dovecot <dovecot@dovecot.org>
> wrote:
>
>> One way is to use
>> https://doc.dovecot.org/configuration_manual/authentication/auth_policy/
>>
>> or you can use
>>
>> passdb {
>> driver = passwd-file
>> deny = yes
>> args = username_formar=%{rip} /etc/dovecot/deny.ip
>> }
>>
>> or you can use
>> https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/
>>
>> and write this in Lua.
>>
>> Aki
>>
>>
>> -------- Original message --------
>> From: Hippo Man <hippoman@gmail.com>
>> Date: 8/1/23 18:14 (GMT+02:00)
>> To: dovecot@dovecot.org
>> Subject: Forcing imap authentication failure for certain IP addresses
>>
>> I'm running dovecot 2.3.18 under Debian 11.
>>
>> I want to do something that's a bit unusual: when IMAP connections are
>> attempted
>> from a few specific IP addresses, I want to force an IMAP authentication
>> failure
>> from those connections, no matter what user ID and password are specified.
>>
>> I know that I can use iptables to completely block imap access from those
>> IP
>> addresses to the IMAP ports. However, in these specific cases, I'd prefer
>> that
>> the connection goes through to dovecot, but for dovecot then to always
>> generate
>> authentication failures for those specific connections ... even if a valid
>> user ID and password happen to be specified.
>>
>> Is there a way to do this in dovecot?
>>
>> Thank you very much in advance.
>>
>> --
>> hippoman@gmail.com
>> Take a hippopotamus to lunch today.
>>
>> .---------, 0__0
>> / ( oo'---,
>> / oo\
>> ,\ |
>> | \ ,=__/
>> \ /
>> / /------| /|
>> |__|-' |__|'
>>
>> _______________________________________________
>> dovecot mailing list -- dovecot@dovecot.org
>> To unsubscribe send an email to dovecot-leave@dovecot.org
>>
> _______________________________________________
> dovecot mailing list -- dovecot@dovecot.org
> To unsubscribe send an email to dovecot-leave@dovecot.org
>
[Attachment #5 (text/html)]
<div dir="ltr"><div class="gmail_default" style="font-family:monospace">Oh, OK. \
I'll investigate and test it.</div><div class="gmail_default" \
style="font-family:monospace">Thank you!<br clear="all"></div><div><div dir="ltr" \
class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><span \
style="font-family:monospace"><br></span></div><div><span \
style="font-family:monospace">-- <br> <a href="mailto:hippoman@gmail.com" \
target="_blank">hippoman@gmail.com</a><br> Take a hippopotamus to lunch \
today.</span></div><div><span style="font-family:monospace"><br> .---------, \
0__0<br> / ( oo'---,<br> / \
oo\<br> ,\ |<br> | \ \
,=__/<br> \ /<br> / /------| /|<br> \
|__|-' |__|'<br></span><br></div></div></div></div><br></div><br><div \
class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Aug 1, 2023 at \
12:24 PM aki.tuomi via dovecot <<a \
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div \
dir="auto">1.2.3.4::::::::: nopassword</div><div dir="auto"><br></div><div \
dir="auto">I think. Didn't have a chance to test it.</div><div \
dir="auto"><br></div><div dir="auto">Aki</div><div \
dir="auto"><br></div><div><br></div><div dir="auto" \
style="font-size:100%;color:rgb(0,0,0)" align="left"><div>-------- Original message \
--------</div><div>From: Hippo Man <<a href="mailto:hippoman@gmail.com" \
target="_blank">hippoman@gmail.com</a>> </div><div>Date: 8/1/23 19:03 \
(GMT+02:00) </div><div>To: "aki.tuomi" <<a \
href="mailto:aki.tuomi@open-xchange.com" \
target="_blank">aki.tuomi@open-xchange.com</a>> </div><div>Cc: <a \
href="mailto:dovecot@dovecot.org" target="_blank">dovecot@dovecot.org</a> \
</div><div>Subject: Re: Forcing imap authentication failure for certain IP addresses \
</div><div><br></div></div><div dir="ltr"><div style="font-family:monospace" \
class="gmail_default">Thank you very much!<br><br></div><div \
style="font-family:monospace" class="gmail_default">In your example, what would be \
the contents of the</div><div style="font-family:monospace" \
class="gmail_default">/etc/dovecot/deny.ip file?</div><div \
style="font-family:monospace" class="gmail_default"><br></div><div><div \
class="gmail_signature" dir="ltr"><div dir="ltr"><div><span \
style="font-family:monospace"></span></div><div><span \
style="font-family:monospace">-- <br> <a href="mailto:hippoman@gmail.com" \
target="_blank">hippoman@gmail.com</a><br> Take a hippopotamus to lunch \
today.</span></div><div><span style="font-family:monospace"><br> .---------, \
0__0<br> / ( oo'---,<br> / \
oo\<br> ,\ |<br> | \ \
,=__/<br> \ /<br> / /------| /|<br> \
|__|-' |__|'<br></span><br></div></div></div></div><br></div><br><div \
class="gmail_quote"><div class="gmail_attr" dir="ltr">On Tue, Aug 1, 2023 at \
11:44 AM aki.tuomi via dovecot <<a href="mailto:dovecot@dovecot.org" \
target="_blank">dovecot@dovecot.org</a>> wrote:<br></div><blockquote \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex" class="gmail_quote"><div dir="auto"><div \
dir="auto">One way is to use <a \
href="https://doc.dovecot.org/configuration_manual/authentication/auth_policy/" \
target="_blank">https://doc.dovecot.org/configuration_manual/authentication/auth_policy/</a></div><div \
dir="auto"><br></div><div dir="auto">or you can use </div><div \
dir="auto"><br></div><div dir="auto">passdb {</div><div dir="auto"> driver = \
passwd-file</div><div dir="auto"> deny = yes</div><div dir="auto"> args = \
username_formar=%{rip} /etc/dovecot/deny.ip</div><div dir="auto">}</div><div \
dir="auto"><br></div><div dir="auto">or you can use <a \
href="https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/" \
target="_blank">https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/</a></div><div \
dir="auto"><br></div><div dir="auto">and write this in Lua.</div><div \
dir="auto"><br></div><div dir="auto">Aki</div><div \
dir="auto"><br></div><div><br></div><div style="font-size:100%;color:rgb(0,0,0)" \
dir="auto" align="left"><div>-------- Original message --------</div><div>From: Hippo \
Man <<a href="mailto:hippoman@gmail.com" \
target="_blank">hippoman@gmail.com</a>> </div><div>Date: 8/1/23 18:14 \
(GMT+02:00) </div><div>To: <a href="mailto:dovecot@dovecot.org" \
target="_blank">dovecot@dovecot.org</a> </div><div>Subject: Forcing imap \
authentication failure for certain IP addresses </div><div><br></div></div><div \
dir="ltr"><div class="gmail_default" style="font-family:monospace">I'm running \
dovecot 2.3.18 under Debian 11.<br><br></div><div class="gmail_default" \
style="font-family:monospace">I want to do something that's a bit unusual: when \
IMAP connections are attempted</div><div class="gmail_default" \
style="font-family:monospace">from a few specific IP addresses, I want to force an \
IMAP authentication failure<br></div><div class="gmail_default" \
style="font-family:monospace">from those connections, no matter what user ID and \
password are specified.</div><div class="gmail_default" \
style="font-family:monospace"><br></div><div class="gmail_default" \
style="font-family:monospace">I know that I can use iptables to completely block imap \
access from those IP</div><div class="gmail_default" \
style="font-family:monospace">addresses to the IMAP ports. However, in these specific \
cases, I'd prefer that<br></div><div class="gmail_default" \
style="font-family:monospace">the connection goes through to dovecot, but for dovecot \
then to always generate</div><div class="gmail_default" \
style="font-family:monospace">authentication failures for those specific connections \
... even if a valid</div><div class="gmail_default" \
style="font-family:monospace">user ID and password happen to be \
specified.<br><br></div><div class="gmail_default" style="font-family:monospace">Is \
there a way to do this in dovecot?<br><br></div><div class="gmail_default" \
style="font-family:monospace">Thank you very much in advance.<br></div><div><div \
dir="ltr" class="gmail_signature"><div dir="ltr"><div><span \
style="font-family:monospace"><br></span></div><div><span \
style="font-family:monospace">-- <br> <a href="mailto:hippoman@gmail.com" \
target="_blank">hippoman@gmail.com</a><br> Take a hippopotamus to lunch \
today.</span></div><div><span style="font-family:monospace"><br> .---------, \
0__0<br> / ( oo'---,<br> / \
oo\<br> ,\ |<br> | \ \
,=__/<br> \ /<br> / /------| /|<br> \
|__|-' |__|'<br></span><br></div></div></div></div></div> \
</div>_______________________________________________<br> dovecot mailing list -- <a \
href="mailto:dovecot@dovecot.org" target="_blank">dovecot@dovecot.org</a><br> To \
unsubscribe send an email to <a href="mailto:dovecot-leave@dovecot.org" \
target="_blank">dovecot-leave@dovecot.org</a><br> </blockquote></div>
</div>_______________________________________________<br>
dovecot mailing list -- <a href="mailto:dovecot@dovecot.org" \
target="_blank">dovecot@dovecot.org</a><br> To unsubscribe send an email to <a \
href="mailto:dovecot-leave@dovecot.org" \
target="_blank">dovecot-leave@dovecot.org</a><br> </blockquote></div>
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic