[Dovecot] Restrict user on IMAP or POP

Geert Hendrickx ghen at telenet.be
Fri Feb 15 16:51:47 EET 2008


On Fri, Feb 15, 2008 at 03:36:01PM +0100, Geert Hendrickx wrote:
> There are some clever tricks on that page to keep the LDAP/SQL database
> Dovecot-agnostic and putting the logic in the query.  Do you know a similar
> trick for allow_nets;  I have users stored in a PgSQL database and want to
> allow everyone from our local network (a combination of three CIDR blocks),
> and only some users from the Internet (0/0).  Is it possible to do this
> using a simple boolean (y/n) "remote" column in my users table?  i.e.
> remote=n should be mapped to allow_nets=x.y.z.0/24,a.b.c.0/24,d.e.0.0/16
> and remote=y to allow_nets=0/0.
> 
> If the %a (local port) variable where available in the imap service, this
> could be done by binding imap to two ports and using "remote = true or '%a'
> = '143'", and redirect the public port on the NAT-router to the other
> (non-standard) port on the server.


Looks like PostgreSQL supports conditional expressions in queries which
make this very easy:

password_query = SELECT md5_pw AS password, CASE WHEN remote='t' THEN '0/0'
ELSE 'ournetblocks' END AS allow_nets FROM imap_users WHERE email='%u'


	Geert




More information about the dovecot mailing list