[Dovecot] Restricting IMAP access
tss at iki.fi
Fri Nov 4 23:09:49 EET 2011
On Thu, 2011-11-03 at 19:13 +0100, Thierry de Montaudry wrote:
> Hi list,
> I have a setup with postfix+dovecot+mysql unser CentOS 5, running 50 odd domains with virtual users. Access is allowed for public POP3, and a webmail on apache+PHP solution through local IMAP.
> I'm not gonna give you the long story about the why, but I'm looking for a way to give public IMAP access only to one domain, knowing that users log in with full email (user at domain.tld).
> Anybody has a trick for that? Running dovecot 2.0.13.
> I know there should be a way to do it through the database, but quite heavy change on our side for a million odd users.
So assuming all users can log in from 127.0.0.1 and domain.com only
elsewhere, you can do stuff like:
a) Change password_query so that it succeeds only if '%l' = '127.0.0.1'
or '%d' = 'domain.com'
b) Add a deny=yes passdb with e.g. sqlite backend that basically does
the same as a) but reversed.
http://wiki2.dovecot.org/Authentication/RestrictAccess has passwd-file
example, example config files should have also something.
c) Add a new Dovecot proxy facing the public internet where it lets in
only those users with '%d'='domain.com' (again maybe sqlite)
Possibly other ways too..
More information about the dovecot