This method indeed seems to work ... thank you again! In summary, I did this:
passdb { driver = passwd-file deny = yes args = username_format=%{rip} /etc/dovecot/deny.ip } ... and the "deny.ip" file looks like this: 1.2.3.4:::::::: nopassword 5.6.7.8:::::::: nopassword One further question: whenever I add additional lines to the "deny.ip" file, will I need to restart dovecot, or will dovecot always read the latest version of that file whenever it is validating a new IMAP connection? -- hippo...@gmail.com Take a hippopotamus to lunch today. .---------, 0__0 / ( oo'---, / oo\ ,\ | | \ ,=__/ \ / / /------| /| |__|-' |__|' On Tue, Aug 1, 2023 at 12:44 PM Hippo Man <hippo...@gmail.com> wrote: > Oh, OK. I'll investigate and test it. > Thank you! > > -- > hippo...@gmail.com > Take a hippopotamus to lunch today. > > .---------, 0__0 > / ( oo'---, > / oo\ > ,\ | > | \ ,=__/ > \ / > / /------| /| > |__|-' |__|' > > > > On Tue, Aug 1, 2023 at 12:24 PM aki.tuomi via dovecot <dovecot@dovecot.org> > wrote: > >> 1.2.3.4::::::::: nopassword >> >> I think. Didn't have a chance to test it. >> >> Aki >> >> >> -------- Original message -------- >> From: Hippo Man <hippo...@gmail.com> >> Date: 8/1/23 19:03 (GMT+02:00) >> To: "aki.tuomi" <aki.tu...@open-xchange.com> >> Cc: dovecot@dovecot.org >> Subject: Re: Forcing imap authentication failure for certain IP addresses >> >> Thank you very much! >> >> In your example, what would be the contents of the >> /etc/dovecot/deny.ip file? >> >> -- >> hippo...@gmail.com >> Take a hippopotamus to lunch today. >> >> .---------, 0__0 >> / ( oo'---, >> / oo\ >> ,\ | >> | \ ,=__/ >> \ / >> / /------| /| >> |__|-' |__|' >> >> >> >> On Tue, Aug 1, 2023 at 11:44 AM aki.tuomi via dovecot < >> dovecot@dovecot.org> wrote: >> >>> One way is to use >>> https://doc.dovecot.org/configuration_manual/authentication/auth_policy/ >>> >>> or you can use >>> >>> passdb { >>> driver = passwd-file >>> deny = yes >>> args = username_formar=%{rip} /etc/dovecot/deny.ip >>> } >>> >>> or you can use >>> https://doc.dovecot.org/configuration_manual/authentication/lua_based_authentication/ >>> >>> and write this in Lua. >>> >>> Aki >>> >>> >>> -------- Original message -------- >>> From: Hippo Man <hippo...@gmail.com> >>> Date: 8/1/23 18:14 (GMT+02:00) >>> To: dovecot@dovecot.org >>> Subject: Forcing imap authentication failure for certain IP addresses >>> >>> I'm running dovecot 2.3.18 under Debian 11. >>> >>> I want to do something that's a bit unusual: when IMAP connections are >>> attempted >>> from a few specific IP addresses, I want to force an IMAP authentication >>> failure >>> from those connections, no matter what user ID and password are >>> specified. >>> >>> I know that I can use iptables to completely block imap access from >>> those IP >>> addresses to the IMAP ports. However, in these specific cases, I'd >>> prefer that >>> the connection goes through to dovecot, but for dovecot then to always >>> generate >>> authentication failures for those specific connections ... even if a >>> valid >>> user ID and password happen to be specified. >>> >>> Is there a way to do this in dovecot? >>> >>> Thank you very much in advance. >>> >>> -- >>> hippo...@gmail.com >>> Take a hippopotamus to lunch today. >>> >>> .---------, 0__0 >>> / ( oo'---, >>> / oo\ >>> ,\ | >>> | \ ,=__/ >>> \ / >>> / /------| /| >>> |__|-' |__|' >>> >>> _______________________________________________ >>> dovecot mailing list -- dovecot@dovecot.org >>> To unsubscribe send an email to dovecot-le...@dovecot.org >>> >> _______________________________________________ >> dovecot mailing list -- dovecot@dovecot.org >> To unsubscribe send an email to dovecot-le...@dovecot.org >> >
_______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org