Hello Dovecot community, I have a question: is it possible to programmatically get from Dovecot a list of currently active IMAP sessions (with IP addresses)? Via a plugin or something? Or just check if there is an IMAP session currently open from a particular IP address, with true/false type answer? I'm planning to implement a policy service for *Postfix* that will revive the old "POP before SMTP" authorization concept (only it will be "IMAP before SMTP" this time). This policy service will reject connections to mail submission ports (465, 587) - without even going to SMTP AUTH phase - unless the connecting IP address has currently an IMAP session open to Dovecot, to mitigate SMTP AUTH attacks. But for this I need some way to check from within this policy service if the particular IP address has a connection open or not. It could be of course obtained by scanning Dovecot logs, but this involves quite a large overhead. Therefore I'm looking for the way to get this information directly from Dovecot's current state. Can you advise me of any way to do this? Or maybe someone has already written such a piece of software and it is available somewhere on the Net? -- Regards, Jaroslaw Rafa raj at rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
Have you tried `doveadm who`? Aki> On 16/08/2022 23:15 EEST Jaroslaw Rafa <raj at rafa.eu.org> wrote: > > > Hello Dovecot community, > > I have a question: is it possible to programmatically get from Dovecot a > list of currently active IMAP sessions (with IP addresses)? Via a plugin or > something? > > Or just check if there is an IMAP session currently open from a particular IP > address, with true/false type answer? > > I'm planning to implement a policy service for *Postfix* that will revive > the old "POP before SMTP" authorization concept (only it will be "IMAP > before SMTP" this time). This policy service will reject connections to > mail submission ports (465, 587) - without even going to SMTP AUTH phase - > unless the connecting IP address has currently an IMAP session open to > Dovecot, to mitigate SMTP AUTH attacks. > > But for this I need some way to check from within this policy service if the > particular IP address has a connection open or not. It could be of course > obtained by scanning Dovecot logs, but this involves quite a large overhead. > Therefore I'm looking for the way to get this information directly from > Dovecot's current state. > > Can you advise me of any way to do this? > > Or maybe someone has already written such a piece of software and it is > available somewhere on the Net? > -- > Regards, > Jaroslaw Rafa > raj at rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once there > was a Hushpuppy, and she lived with her daddy in the Bathtub."
At the risk of being pedestrian, I just use something like `sudo netstat -an | grep ?:[ IMAP_PORT ]?` I?m pretty sure you thought of this but still, thought I would toss it out? Cheers - - - On 16 Aug 2022, at 13:15, Jaroslaw Rafa wrote:> Hello Dovecot community, > > I have a question: is it possible to programmatically get from Dovecot > a > list of currently active IMAP sessions (with IP addresses)? Via a > plugin or > something? > > Or just check if there is an IMAP session currently open from a > particular IP > address, with true/false type answer? > > I'm planning to implement a policy service for *Postfix* that will > revive > the old "POP before SMTP" authorization concept (only it will be "IMAP > before SMTP" this time). This policy service will reject connections > to > mail submission ports (465, 587) - without even going to SMTP AUTH > phase - > unless the connecting IP address has currently an IMAP session open to > Dovecot, to mitigate SMTP AUTH attacks. > > But for this I need some way to check from within this policy service > if the > particular IP address has a connection open or not. It could be of > course > obtained by scanning Dovecot logs, but this involves quite a large > overhead. > Therefore I'm looking for the way to get this information directly > from > Dovecot's current state. > > Can you advise me of any way to do this? > > Or maybe someone has already written such a piece of software and it > is > available somewhere on the Net? > -- > Regards, > Jaroslaw Rafa > raj at rafa.eu.org > -- > "In a million years, when kids go to school, they're gonna know: once > there > was a Hushpuppy, and she lived with her daddy in the Bathtub."-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220816/278165f1/attachment-0001.htm>