Hi list, I have a setup with postfix+dovecot+mysql unser CentOS 5, running 50 odd domains with virtual users. Access is allowed for public POP3, and a webmail on apache+PHP solution through local IMAP. I'm not gonna give you the long story about the why, but I'm looking for a way to give public IMAP access only to one domain, knowing that users log in with full email (user at domain.tld). Anybody has a trick for that? Running dovecot 2.0.13. I know there should be a way to do it through the database, but quite heavy change on our side for a million odd users. Regards, Thierry
Am 03.11.2011 19:13, schrieb Thierry de Montaudry:> Hi list, > > I have a setup with postfix+dovecot+mysql unser CentOS 5, running 50 odd domains with virtual users. Access is allowed for public POP3, and a webmail on apache+PHP solution through local IMAP. > I'm not gonna give you the long story about the why, but I'm looking for a way to give public IMAP access only to one domain, knowing that users log in with full email (user at domain.tld). > Anybody has a trick for that? Running dovecot 2.0.13. > > I know there should be a way to do it through the database, but quite heavy change on our side for a million odd users. > > Regards, > > Thierryi am shot in time , with a databse this should be get to work i have it as flag for all users, so i can forbid imap to special ones as far i remember ther should be examples on the dovecot site , and it was written about here on the list before -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
On Thu, 2011-11-03 at 19:13 +0100, Thierry de Montaudry wrote:> Hi list, > > I have a setup with postfix+dovecot+mysql unser CentOS 5, running 50 odd domains with virtual users. Access is allowed for public POP3, and a webmail on apache+PHP solution through local IMAP. > I'm not gonna give you the long story about the why, but I'm looking for a way to give public IMAP access only to one domain, knowing that users log in with full email (user at domain.tld). > Anybody has a trick for that? Running dovecot 2.0.13. > > I know there should be a way to do it through the database, but quite heavy change on our side for a million odd users.So assuming all users can log in from 127.0.0.1 and domain.com only elsewhere, you can do stuff like: a) Change password_query so that it succeeds only if '%l' = '127.0.0.1' or '%d' = 'domain.com' b) Add a deny=yes passdb with e.g. sqlite backend that basically does the same as a) but reversed. http://wiki2.dovecot.org/Authentication/RestrictAccess has passwd-file example, example config files should have also something. c) Add a new Dovecot proxy facing the public internet where it lets in only those users with '%d'='domain.com' (again maybe sqlite) Possibly other ways too..