Another good alternative is to use auth_policy_server along with Weakforced
(https://github.com/PowerDNS/weakforced) to do this filtering. It has GeoIP
support, and since dovecot does auth policy lookup before and after user
authentication, you can set some cos attribute in the user's account and
pass that on to weakforced so it knows to refuse the login if it comes from
unexpected country.
Aki
> On October 16, 2017 at 5:21 AM Gary <lists at lazygranch.com> wrote:
>
>
> For a global filter, that is filter all accounts, I use the data provided
by ip2location. I put the CIDRs for all the countries where I don't plan on
sending or retrieving mail in the ipfw firewall. Block all mail ports other than
25.
>
> Noye by not blocking 25, you can still receive email independent of the
countries you blocked. You just can send or retrieve via pop/images.
>
> This assumes an email server using 587.
>
> I have an extensive list of IP space consisting of hosts, VPN, and VPS that
I also keep away from the server excluding 25. Basically you can block IP space
that you don't expect to use. Since my server is just for me, I can get very
aggressive in blocking.
>
>
>
> ? Original Message ?
> From: anvar at anvartay.com
> Sent: October 15, 2017 6:43 PM
> To: dovecot at dovecot.org
> Subject: Filtering by country
>
> Is it possible to filter out logins by country (I would like to limit
dovecot instance users to log in only from specific countries)???
>
> Anvar?Kuchkartaev?
> anvar at anvartay.com