At the risk of being pedestrian, I just use something like `sudo netstat -an | grep ?:[ IMAP_PORT ]?` I?m pretty sure you thought of this but still, thought I would toss it out? Cheers - - - On 16 Aug 2022, at 13:15, Jaroslaw Rafa wrote:> Hello Dovecot community, > > I have a question: is it possible to programmatically get from Dovecot > a > list of currently active IMAP sessions (with IP addresses)? Via a > plugin or > something? > > Or just check if there is an IMAP session currently open from a > particular IP > address, with true/false type answer? > > I'm planning to implement a policy service for *Postfix* that will > revive > the old "POP before SMTP" authorization concept (only it will be "IMAP > before SMTP" this time). This policy service will reject connections > to > mail submission ports (465, 587) - without even going to SMTP AUTH > phase - > unless the connecting IP address has currently an IMAP session open to > Dovecot, to mitigate SMTP AUTH attacks. > > But for this I need some way to check from within this policy service > if the > particular IP address has a connection open or not. It could be of > course > obtained by scanning Dovecot logs, but this involves quite a large > overhead. > Therefore I'm looking for the way to get this information directly > from > Dovecot's current state. > > Can you advise me of any way to do this? > > Or maybe someone has already written such a piece of software and it > is > available somewhere on the Net? > -- > Regards, > Jaroslaw Rafa > raj at rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once > there > was a Hushpuppy, and she lived with her daddy in the Bathtub."-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220816/278165f1/attachment-0001.htm>
On 2022-08-16 16:46, Antonio Leding wrote:> At the risk of being pedestrian, I just use something like |sudo netstat > -an | grep ?:[ IMAP_PORT ]?| > > I?m pretty sure you thought of this but still, thought I would toss it out? >Hi Antonio and Jaroslaw, I don't think the second solution is pedestrian; I think it's cool that people have come up with different solutions for the same problem! I am thinking that this may not be the solution that Jaroslaw is looking for, as this also requires spawning a process to run netstat and then capturing the results. The socket approach avoids an additional process. - J
Hi, I think this i wrong. With that command you catch all _established_ connections. If I just connect to 993/143 WITHOUT auth, I will have a smtp connection open. Il 16/08/2022 22:46, Antonio Leding ha scritto:> At the risk of being pedestrian, I just use something like |sudo netstat > -an | grep ?:[ IMAP_PORT ]?| > > I?m pretty sure you thought of this but still, thought I would toss it out? > > Cheers > > ------------------------------------------------------------------------ > > On 16 Aug 2022, at 13:15, Jaroslaw Rafa wrote: > > Hello Dovecot community, > > I have a question: is it possible to programmatically get from > Dovecot a > list of currently active IMAP sessions (with IP addresses)? Via a > plugin or > something? > > Or just check if there is an IMAP session currently open from a > particular IP > address, with true/false type answer? > > I'm planning to implement a policy service for *Postfix* that will > revive > the old "POP before SMTP" authorization concept (only it will be "IMAP > before SMTP" this time). This policy service will reject connections to > mail submission ports (465, 587) - without even going to SMTP AUTH > phase - > unless the connecting IP address has currently an IMAP session open to > Dovecot, to mitigate SMTP AUTH attacks. > > But for this I need some way to check from within this policy > service if the > particular IP address has a connection open or not. It could be of > course > obtained by scanning Dovecot logs, but this involves quite a large > overhead. > Therefore I'm looking for the way to get this information directly from > Dovecot's current state. > > Can you advise me of any way to do this? > > Or maybe someone has already written such a piece of software and it is > available somewhere on the Net? > -- > Regards, > Jaroslaw Rafa > raj at rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: > once there > > was a Hushpuppy, and she lived with her daddy in the Bathtub." >-- ############################### # Cristiano Deana # # # # Senior Network Engineer # # Digital Response Team # # CittaStudi S.p.a. # # off. +39 015 855 1172 # # cell +39 328 310 6392 # ###############################