I have blocked some pop3 user sessions: Dec 8 00:03:38 xxxxxx pop3-login: Disconnected: user=<johndoe> Is there a way of sending a message to a user that constantly tries to establish a block pop3 session? Example: From: noreply at mysite.com Subject: Your POP3 session Message: Hello, Your POP3 session is blocked; please contact systemmanagement -- -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20061208/0f9417c1/attachment-0002.html>
* On 08/12/06 02:22 +0100, Jos Chrispijn wrote:
| I have blocked some pop3 user sessions:
|
| Dec 8 00:03:38 xxxxxx pop3-login: Disconnected: user=<johndoe>
|
| Is there a way of sending a message to a user that constantly tries to
| establish a block pop3 session?
How do you suppose they will access that msg you are sending them? Via
IMAP?
Well, then just device a method of writing a properly formatted mail
file into their mailbox and chown to them. The challenge of making it
work is left to you!
-Wash
http://www.netmeister.org/news/learn2quote.html
DISCLAIMER: See http://www.wananchi.com/bms/terms.php
--
+======================================================================+
|\ _,,,---,,_ | Odhiambo Washington <wash at wananchi.com>
Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com
|,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922
'---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733
744121
+======================================================================+
If I don't see you in the future, I'll see you in the pasture.
Alan Premselaar schreef (08-12-06 3:06):> if you're blocking their POP3 access, how are those users ever supposed > to receive that mail notification? >That's simple: i am blocking them on username. Example: I am blocking johndoe's pop3 session. In Postfix I forward all mail for johndoe to johndoe at another.email.adress.com So johndoe can still receive mail.> Also, what if it's a brute force bot or something trying to access a > random blocked account via POP3? (alright, not as likely, but still > possible) >There you've got a point...> a more suitable solution would be if there was a way to return an error > during the authentication process that was returned as a result of > trying to authenticate to a blocked user. >The text I am sending could be any text, from 'your pop3 box = blocked' to '<any errornumber> on your POP3 box' Jos
On Fri, 08 Dec 2006 02:22:28 +0100 Jos Chrispijn <jos at webrz.net> wrote:> I have blocked some pop3 user sessions: > > Dec 8 00:03:38 xxxxxx pop3-login: Disconnected: user=<johndoe> > > Is there a way of sending a message to a user that constantly tries to > establish a block pop3 session?An alternative which does this is to replace their mailbox with a read-only mbox or maildir containing a single mail with the 'you have been blocked' message you want. Obviously you would need to allow them to log in again, but they would only receive the message you choose. Just make sure that new mail doesn't go into it. Dominic
Dominic Marks: > An alternative which does this is to replace their mailbox with > a read-only mbox or maildir containing a single mail with the > 'you have been blocked' message you want. Obviously you would > need to allow them to log in again, but they would only receive > the message you choose. I block pop3 to force my users to use webmail (that is in fact using IMAP). What mechanism should trigger sending a message that pop3 is blocked? Once this message is send, it is either send by postfix to alternative email account (Postfix forward) or just read once thru Webmail. In the mean time this user is trying to establish pop3 on a 24/7 basis $-) Jos -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20061208/a783bfe2/attachment-0001.html>
> I block pop3 to force my users to use webmail (that is in fact using IMAP). > What mechanism should trigger sending a message that pop3 is blocked? > Once this message is send, it is either send by postfix to alternative > email account (Postfix forward) or just read once thru Webmail. In the > mean time this user is trying to establish pop3 on a 24/7 basis $-)What's wrong with just ignoring the login attempts? Why not stop listening for POP3 altogether? Or, you can block the particular user at the firewall. Or if you have a special someone who is allowed POP3 you can give them an alternate port to login with, and not listen at all on port 110 if it really bothers you. -- Kenny Dail <kend at amigo.net>
On Fri, 8 Dec 2006, dovecot-request at dovecot.org wrote:> Date: Fri, 08 Dec 2006 12:33:04 +0100 > From: Jos Chrispijn <jos at webrz.net> > Subject: Re: [Dovecot] Blocked > > ... > I block pop3 to force my users to use webmail (that is in fact using IMAP). > What mechanism should trigger sending a message that pop3 is blocked? > Once this message is send, it is either send by postfix to alternative > email account (Postfix forward) or just read once thru Webmail. In the > mean time this user is trying to establish pop3 on a 24/7 basis $-)If you are not selective on which users get the message (i.e. you want this notice to go out to all POP users), then you can do what the previous poster said and make a read-only mailbox and redirect the user's INBOX to this file (via symlinks, or dovecot.conf or what-have-you). This is probably the easier route. Another easy solution might to use tcp-wrappers and reply to all connections to port 110 with -ERR Please contact ... Some (most?) mail readers will pop this message to the user. Another solution which I employed (for another reason) is to make your own mini-dameon which enters into a fake POP session. Just allow any authentication information and server up your fake notice. The POP3 protocol is fairly simple and you only have to implement a small subset of commands: user(noop), pass(noop), list, stat, retr, top, rset(noop), noop(noop), dele(noop), quit. I return a "OK" for most of these commands and most of them are noops. I wrote a patch for qpopper to do this but you could probably modify the source to make it a stand-alone server: http://www.math.ubc.ca/~tam/Software/Qpopper.M2W/m2w.patch For the curious, the reason why I had to make this bizarre patch: http://www.math.ubc.ca/~tam/Software/Qpopper.M2W/ Joseph Tam <tam at math.ubc.ca>