dovecot - Oct 2014 - special "what's my ip" pop account

Hello,

I like to enable the allow_nets Feature  
(http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
for my customers. To help them knowing there own IP I imagine a  
special mailbox/loginuser at the pop3 server.

That user could give a valid pop3 answer from a dummy pop3 server or
simply throw a login error with customised answer containing the IP  
information.

Has anybody done something similar or ideas to build such a system?

Thanks for ideas
Andreas

Am 22.10.2014 um 16:14 schrieb A. Schulze:
> I like to enable the allow_nets Feature
> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
> for my customers. To help them knowing there own IP I imagine a special
> mailbox/loginuser at the pop3 server.
>
> That user could give a valid pop3 answer from a dummy pop3 server or
> simply throw a login error with customised answer containing the IP
> information.
>
> Has anybody done something similar or ideas to build such a system?
jesus - why that complex?

just point them to a website which display the remote IP or just to 
http://whatismyipaddress.com/

<?php echo htmlentities($_SERVER['REMOTE_ADDR']);?>
http://php.net/manual/de/reserved.variables.server.php

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20141022/32fe162b/attachment.sig>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 22 Oct 2014, A. Schulze wrote:
> I like to enable the allow_nets Feature 
> (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
> for my customers. To help them knowing there own IP I imagine a special 
> mailbox/loginuser at the pop3 server.
>
> That user could give a valid pop3 answer from a dummy pop3 server or
> simply throw a login error with customised answer containing the IP 
> information.
let's put aside the question, if this way is sensible or not.

I would give the http://wiki2.dovecot.org/PostLoginScripting a try. Maybe 
you can enable it for your dummy account via ExtraFields specifically.

Because I wonder, if you will be successful with "throw a login error with 
customised answer" [any MUA displays what it wants], you might prefer a 
MUA-independ script or program that queries your server. And if you are at 
it, maybe a dummy server with a self-made script that returns "+OK POP3 
your IP is ....", then return +FAIL for any further command. You need to 
return the greeting and keep the connection open, in order to bypass IDS 
firewalls.

Now back to sensible or not ;-) :

Of course, if you use a dummy server (IP address) for probing the IP 
address, an intermediate firewall could re-route the connection 
differently. If you use another demon [port] on the same server, the same 
may happen.

If you or your customers do not have control over the routing and final 
public IP address, that IP might change any now and then anyway. So, if 
you've experienced problems in this regard, you probably need to implement 
a completely different protection scheme, that are independed on the IP 
address.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVEiwU3z1H7kL/d9rAQJJxwgAxEzY+h8Yfh2xTdvwX8wuVOcMVSzK2MLC
Cfq4BitXPZEZliVL4un8b5SjFOhMFS32wG4DtlUxbkL6rrJUuM6U+2pUhOE6a1hM
hAMAUyZYYwhCc517XfEkp+YEb85cCgaMX6BRfnWHnFklMAtWK3WoLlfY6ZzMeTt3
zPjgRlb0JRw5CPE5r6v9GElk4QdwR8LZAMvIzx1FcMv5lG/bOqIUAkoQewwzoIP5
vpWkfR3thkT0Dh4ibcoP5Vp7ecC+EDsJobOjBkRQIbCedojk0V515xsXK9h9q6qm
3JLTWNVO/PyoClgpVmNI0ZFW8S2vijc5DVb9lxr4neehBfTMNlZ9Gg==2mdO
-----END PGP SIGNATURE-----