-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 22 Oct 2014, A. Schulze wrote:
> I like to enable the allow_nets Feature
> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
> for my customers. To help them knowing there own IP I imagine a special
> mailbox/loginuser at the pop3 server.
>
> That user could give a valid pop3 answer from a dummy pop3 server or
> simply throw a login error with customised answer containing the IP
> information.
let's put aside the question, if this way is sensible or not.
I would give the http://wiki2.dovecot.org/PostLoginScripting a try. Maybe
you can enable it for your dummy account via ExtraFields specifically.
Because I wonder, if you will be successful with "throw a login error with
customised answer" [any MUA displays what it wants], you might prefer a
MUA-independ script or program that queries your server. And if you are at
it, maybe a dummy server with a self-made script that returns "+OK POP3
your IP is ....", then return +FAIL for any further command. You need to
return the greeting and keep the connection open, in order to bypass IDS
firewalls.
Now back to sensible or not ;-) :
Of course, if you use a dummy server (IP address) for probing the IP
address, an intermediate firewall could re-route the connection
differently. If you use another demon [port] on the same server, the same
may happen.
If you or your customers do not have control over the routing and final
public IP address, that IP might change any now and then anyway. So, if
you've experienced problems in this regard, you probably need to implement
a completely different protection scheme, that are independed on the IP
address.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVEiwU3z1H7kL/d9rAQJJxwgAxEzY+h8Yfh2xTdvwX8wuVOcMVSzK2MLC
Cfq4BitXPZEZliVL4un8b5SjFOhMFS32wG4DtlUxbkL6rrJUuM6U+2pUhOE6a1hM
hAMAUyZYYwhCc517XfEkp+YEb85cCgaMX6BRfnWHnFklMAtWK3WoLlfY6ZzMeTt3
zPjgRlb0JRw5CPE5r6v9GElk4QdwR8LZAMvIzx1FcMv5lG/bOqIUAkoQewwzoIP5
vpWkfR3thkT0Dh4ibcoP5Vp7ecC+EDsJobOjBkRQIbCedojk0V515xsXK9h9q6qm
3JLTWNVO/PyoClgpVmNI0ZFW8S2vijc5DVb9lxr4neehBfTMNlZ9Gg==2mdO
-----END PGP SIGNATURE-----