search for: authpolicy

...Policy feature: https://wiki2.dovecot.org/Authentication/Policy I had kinda hoped that I would be able to enfore this in a proxy running in front of several backends. This proxy does not authenticate. It use "nopassword". But I realize that the "succes" reported in the final authpolicy req. (command=report) is not what is actaully happening on the IMAP protocol level, but rather the result of the passdb chain in the proxy. (I should probably have predicted this, it's kinda reasonable). However... since the proxy use "nopassword", ALL passdb lookups result in "...

...ovecot.org/Authentication/Policy > > I had kinda hoped that I would be able to enfore this in a proxy running > in front of several backends. This proxy does not authenticate. It use > "nopassword". > > > But I realize that the "succes" reported in the final authpolicy req. > (command=report) is not what is actaully happening on the IMAP protocol > level, but rather the result of the passdb chain in the proxy. > (I should probably have predicted this, it's kinda reasonable). > > However... since the proxy use "nopassword", ALL passdb...

> On 14 Dec 2017, at 8.30, Peter Mogensen <apm at one.com> wrote: > However... since the proxy use "nopassword", ALL passdb lookups result > in "success", so the proxy will never report an authentication failure > to the authpolicy server. Why not authenticate the sessions at the proxy level already? Is there any reason not to do that? Sami

Hi, like I have written in the subject line I want to limit the pop login per user and per minute. Currently I am having several customers which are fetching their email with popcon (MS Exchange). This has never been a problem. But... They all have got the same "technician" which take care of their systems. The problem is, that he misconfigured the servers of these customers. In