dovecot - Aug 2007 - Disable IMAP for certain users, but not Webmailer

Hi everybody,

I'm planning to set up our new mail system using the Dovecot mailbox
server. It mostly works fine yet (it's quite straigt forward to set up,
I'd say), but there's a thing I haven't been able to find out yet.
We
provide POP3 access for all users, but want to restrict IMAP access to
some of them (because IMAP users tend to leave more messages on the
server, thus increasing storage needs).

I used to do it by providing two services. One provided the public imap
and checked a database flag during authentication, the other just
provided IMAP on localhost and did not check the "allowed to use IMAP"
flag.

What I've found for Dovecot is
http://wiki.dovecot.org/Authentication/RestrictAccess
While this allows me to provide full POP3 to everybody and in the same
time restricting IMAP, I don't see a possibility

Is there any possibility to achieve what I need without having two
completely separated instances of Dovecot running?

I'd appreciate any hints, pointers to documents etc.

Thanx,
Baltasar
-- 

_____ FORMER 03 GmbH
_____ infanteriestra?e 19 haus 6 eg
_____ 80797 muenchen

_____ baltasar.cevc at former03.de
_____ www.former03.de

_____ fon 089.322112.29
_____ fax 089.322112.11
_____ mobil 0178.691.2233

_____ gesch?ftsf?hrer
_____ sebastian fiedler
_____ gert zellentin

_____ handelsregister
_____ HRB M?nchen 148468 

_____ steuer
_____ ust.-id DE 2291076876

FORMER 03 | Baltasar Cevc wrote:
> Hi everybody,
>
> I'm planning to set up our new mail system using the Dovecot mailbox
> server. It mostly works fine yet (it's quite straigt forward to set up,
> I'd say), but there's a thing I haven't been able to find out
yet. We
> provide POP3 access for all users, but want to restrict IMAP access to
> some of them (because IMAP users tend to leave more messages on the
> server, thus increasing storage needs).
>
>   
[snip]

1 - storage is cheap - Costco sells a 1 TByte external drive for approx 
$US 300. That holds a LOT of e-mail. The 500 GByte is less than half 
that price.
2 - why not enforce quotas? I assume you could set quotas by user.

POP users could opt to keep a copy on the server, so that doesn't 
guarantee anything.

I prefer IMAP because then I can access the same mail from different 
clients computers...

On Sun, 2007-08-05 at 12:41 +0200, FORMER 03 | Baltasar Cevc
wrote:
> Is there any possibility to achieve what I need without having two
> completely separated instances of Dovecot running?
It depends on what passdb you want to use. SQL would be simple.
CheckPassword script would be possible. Others might, or might not.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20070805/2ee1aad4/attachment-0002.bin>

Hi Timo!

On Sun, 05 Aug 2007 20:02:28 +0300
Timo Sirainen <tss at iki.fi> wrote:
> On Sun, 2007-08-05 at 12:41 +0200, FORMER 03 | Baltasar Cevc wrote:
> > Is there any possibility to achieve what I need without having two
> > completely separated instances of Dovecot running?
> 
> It depends on what passdb you want to use. SQL would be simple.
> CheckPassword script would be possible. Others might, or might not.
I authenticate against a MySQL database. What I've figured out is how
to disable IMAP - I do it using the following line in dovecot-sql.conf
(I use prefetch, so that's the only query done):

password_query = SELECT username AS user, password_enc AS password FROM
mail_users WHERE username = '%u' AND ( (IF('%a'='143',
`imap`,'0'))='Y'
OR (IF('%a '='110', `pop3`, '0') = 'Y') OR 1 )

But I'd need some possibility to have two different IMAP listeners
(e.g. one on port 144 for webmail) or something similar, as I currently
disallow webmail (which connects to localhost via IMAP), too.

By the way: Thanx for the hints!

Baltasar
-- 

_____ FORMER 03 GmbH
_____ infanteriestra?e 19 haus 6 eg
_____ 80797 muenchen

_____ www.former03.de