[prev in list] [next in list] [prev in thread] [next in thread]
List: dovecot
Subject: Re: It works! ... and one more question (Was: Forcing imap authentication failure for certain IP add
From: Aki Tuomi via dovecot <dovecot () dovecot ! org>
Date: 2023-08-02 17:27:29
Message-ID: 1373383078.696.1690997249812 () appsuite-dev ! open-xchange ! com
[Download RAW message or body]
[Attachment #2 (text/html)]
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
passwd files are automatically re-read when they are changed. No restart needed.
</div>
<div class="default-style">
</div>
<div class="default-style">
Aki
</div>
<blockquote type="cite">
<div>
On 02/08/2023 19:03 EEST Hippo Man <hippoman@gmail.com> wrote:
</div>
<div>
</div>
<div>
</div>
<div dir="ltr">
<div dir="ltr">
<div class="gmail_default" style="font-family: monospace;">
This method indeed seems to work ... thank you again!
<br>
<br>
</div>
<div class="gmail_default" style="font-family: monospace;">
In summary, I did this:
<br>
<br>
</div>
<div class="gmail_default" style="font-family: monospace;">
passdb {
<br>
driver = passwd-file
<br>
deny = yes
<br>
args = username_format=%{rip} /etc/dovecot/deny.ip
<br>
}
</div>
<div class="gmail_default" style="font-family: monospace;">
</div>
<div class="gmail_default" style="font-family: monospace;">
... and the "deny.ip" file looks like this:
</div>
<div class="gmail_default" style="font-family: monospace;">
</div>
<div class="gmail_default" style="font-family: monospace;">
1.2.3.4:::::::: nopassword
<br>
5.6.7.8:::::::: nopassword
</div>
<div class="gmail_default" style="font-family: monospace;">
</div>
<div class="gmail_default" style="font-family: monospace;">
One further question: whenever I add additional lines to the "deny.ip"
</div>
<div class="gmail_default" style="font-family: monospace;">
file, will I need to restart dovecot, or will dovecot always read the
</div>
<div class="gmail_default" style="font-family: monospace;">
latest version of that file whenever it is validating a new IMAP
</div>
<div class="gmail_default" style="font-family: monospace;">
connection?
</div>
<div>
<div class="gmail_signature" dir="ltr">
<div dir="ltr">
<div>
<span style="font-family: monospace;"> </span>
</div>
<div>
<span style="font-family: monospace;">-- <br>
<a href="mailto:hippoman@gmail.com" target="_blank" \
rel="noopener">hippoman@gmail.com</a><br> Take a hippopotamus to lunch \
today.</span> </div>
<div>
<span style="font-family: monospace;"><br>
.---------, 0__0<br>
/ \
( oo'---,<br>
/ \
oo\<br>
,\ \
|<br>
| \ \
,=__/<br>
\
\ /<br> \
/ /------| /|<br> \
|__|-' |__|'<br></span> </div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div class="gmail_attr" dir="ltr">
On Tue, Aug 1, 2023 at 12:44 PM Hippo Man <<a \
href="mailto:hippoman@gmail.com">hippoman@gmail.com</a>> wrote: </div>
<blockquote>
<div dir="ltr">
<div style="font-family: monospace;">
Oh, OK. I'll investigate and test it.
</div>
<div style="font-family: monospace;">
Thank you!
</div>
<div>
<div class="gmail_signature" dir="ltr">
<div dir="ltr">
<div>
<span style="font-family: monospace;"> </span>
</div>
<div>
<span style="font-family: monospace;">-- <br>
<a href="mailto:hippoman@gmail.com" target="_blank" \
rel="noopener">hippoman@gmail.com</a><br> Take a hippopotamus to lunch \
today.</span> </div>
<div>
<span style="font-family: monospace;"><br>
.---------, 0__0<br>
\
/ ( \
oo'---,<br>
/ \
oo\<br>
,\ \
|<br>
| \ \
,=__/<br>
\
\ /<br> \
/ /------| /|<br> \
|__|-' |__|'<br></span> </div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div class="gmail_attr" dir="ltr">
On Tue, Aug 1, 2023 at 12:24 PM aki.tuomi via dovecot <<a \
href="mailto:dovecot@dovecot.org" target="_blank" \
rel="noopener">dovecot@dovecot.org</a>> wrote: </div>
<blockquote>
<div dir="auto">
<div dir="auto">
1.2.3.4::::::::: nopassword
</div>
<div dir="auto">
</div>
<div dir="auto">
I think. Didn't have a chance to test it.
</div>
<div dir="auto">
</div>
<div dir="auto">
Aki
</div>
<div dir="auto">
</div>
<div>
</div>
<div dir="auto" style="font-size: 100%; color: #000000;" align="left">
<div>
-------- Original message --------
</div>
<div>
From: Hippo Man <<a href="mailto:hippoman@gmail.com" target="_blank" \
rel="noopener">hippoman@gmail.com</a>> </div>
<div>
Date: 8/1/23 19:03 (GMT+02:00)
</div>
<div>
To: "aki.tuomi" <<a href="mailto:aki.tuomi@open-xchange.com" \
target="_blank" rel="noopener">aki.tuomi@open-xchange.com</a>> </div>
<div>
Cc: <a href="mailto:dovecot@dovecot.org" target="_blank" \
rel="noopener">dovecot@dovecot.org</a> </div>
<div>
Subject: Re: Forcing imap authentication failure for certain IP addresses
</div>
<div>
</div>
</div>
<div dir="ltr">
<div style="font-family: monospace;">
Thank you very much!
<br>
<br>
</div>
<div style="font-family: monospace;">
In your example, what would be the contents of the
</div>
<div style="font-family: monospace;">
/etc/dovecot/deny.ip file?
</div>
<div style="font-family: monospace;">
</div>
<div>
<div class="gmail_signature" dir="ltr">
<div dir="ltr">
<div>
</div>
<div>
<span style="font-family: monospace;">-- <br>
<a href="mailto:hippoman@gmail.com" target="_blank" \
rel="noopener">hippoman@gmail.com</a><br> Take a hippopotamus to lunch \
today.</span> </div>
<div>
<span style="font-family: monospace;"><br>
.---------, 0__0<br>
\
/ ( \
oo'---,<br>
\
/ \
oo\<br>
,\ \
|<br>
| \
\ \
,=__/<br>
\
\ /<br> \
/ /------| /|<br>
|__|-' |__|'<br></span>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div class="gmail_attr" dir="ltr">
On Tue, Aug 1, 2023 at 11:44 AM aki.tuomi via dovecot <<a \
href="mailto:dovecot@dovecot.org" target="_blank" \
rel="noopener">dovecot@dovecot.org</a>> wrote: </div>
<blockquote>
<div dir="auto">
<div dir="auto">
One way is to use <a \
href="https://doc.dovecot.org/configuration_manual/authentication/auth_policy/" \
target="_blank" rel="noopener">https://doc.dovecot.org/configuration_manual/authentication/auth_policy/</a>
</div>
<div dir="auto">
</div>
<div dir="auto">
or you can use
</div>
<div dir="auto">
</div>
<div dir="auto">
passdb {
</div>
<div dir="auto">
driver = passwd-file
</div>
<div dir="auto">
deny = yes
</div>
<div dir="auto">
args = username_formar=%{rip} /etc/dovecot/deny.ip
</div>
<div dir="auto">
}
</div>
<div dir="auto">
</div>
<div dir="auto">
or you can use <a \
href="https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/" \
target="_blank" rel="noopener">https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/</a>
</div>
<div dir="auto">
</div>
<div dir="auto">
and write this in Lua.
</div>
<div dir="auto">
</div>
<div dir="auto">
Aki
</div>
<div dir="auto">
</div>
<div>
</div>
<div dir="auto" style="font-size: 100%; color: #000000;" align="left">
<div>
-------- Original message --------
</div>
<div>
From: Hippo Man <<a href="mailto:hippoman@gmail.com" target="_blank" \
rel="noopener">hippoman@gmail.com</a>> </div>
<div>
Date: 8/1/23 18:14 (GMT+02:00)
</div>
<div>
To: <a href="mailto:dovecot@dovecot.org" target="_blank" \
rel="noopener">dovecot@dovecot.org</a> </div>
<div>
Subject: Forcing imap authentication failure for certain IP addresses
</div>
<div>
</div>
</div>
<div dir="ltr">
<div style="font-family: monospace;">
I'm running dovecot 2.3.18 under Debian 11.
<br>
<br>
</div>
<div style="font-family: monospace;">
I want to do something that's a bit unusual: when IMAP connections are \
attempted </div>
<div style="font-family: monospace;">
from a few specific IP addresses, I want to force an IMAP \
authentication failure </div>
<div style="font-family: monospace;">
from those connections, no matter what user ID and password are \
specified. </div>
<div style="font-family: monospace;">
</div>
<div style="font-family: monospace;">
I know that I can use iptables to completely block imap access from \
those IP </div>
<div style="font-family: monospace;">
addresses to the IMAP ports. However, in these specific cases, I'd \
prefer that </div>
<div style="font-family: monospace;">
the connection goes through to dovecot, but for dovecot then to always \
generate </div>
<div style="font-family: monospace;">
authentication failures for those specific connections ... even if a \
valid </div>
<div style="font-family: monospace;">
user ID and password happen to be specified.
<br>
<br>
</div>
<div style="font-family: monospace;">
Is there a way to do this in dovecot?
<br>
<br>
</div>
<div style="font-family: monospace;">
Thank you very much in advance.
</div>
<div>
<div class="gmail_signature" dir="ltr">
<div dir="ltr">
<div>
<span style="font-family: monospace;"> </span>
</div>
<div>
<span style="font-family: monospace;">-- <br>
<a href="mailto:hippoman@gmail.com" target="_blank" \
rel="noopener">hippoman@gmail.com</a><br> Take a hippopotamus to lunch \
today.</span> </div>
<div>
<span style="font-family: monospace;"><br>
.---------, 0__0<br>
\
/ ( \
oo'---,<br>
\
/ \
oo\<br>
,\ \
|<br>
| \
\ \
,=__/<br>
\
\ /<br> \
/ /------| /|<br>
|__|-' |__|'<br></span>
</div>
</div>
</div>
</div>
</div>
</div> _______________________________________________
<br>
dovecot mailing list -- <a href="mailto:dovecot@dovecot.org" \
target="_blank" rel="noopener">dovecot@dovecot.org</a> <br>
To unsubscribe send an email to <a href="mailto:dovecot-leave@dovecot.org" \
target="_blank" rel="noopener">dovecot-leave@dovecot.org</a> </blockquote>
</div>
</div> _______________________________________________
<br>
dovecot mailing list -- <a href="mailto:dovecot@dovecot.org" target="_blank" \
rel="noopener">dovecot@dovecot.org</a> <br>
To unsubscribe send an email to <a href="mailto:dovecot-leave@dovecot.org" \
target="_blank" rel="noopener">dovecot-leave@dovecot.org</a> </blockquote>
</div>
</blockquote>
</div>
</div> _______________________________________________
<br>
dovecot mailing list -- dovecot@dovecot.org
<br>
To unsubscribe send an email to dovecot-leave@dovecot.org
</blockquote>
</body>
</html>
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-leave@dovecot.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic