search for: deniedservice

On Tue, 24 Feb 2015 18:56:03 +0100 Reindl Harald <h.reindl at thelounge.net> wrote: > * if you cahnge the pwd SASL auth is taken away True. But this way the user will be unable to read his/her mail, including my message saying "Hey, you've got a new virus!". Thanks anyway, luciano. -- /"\ /Via A. Salaino, 7 - 20144 Milano (Italy) \ / ASCII

On 06/06/2017 03:18 PM, Steffen Kaiser wrote: > (!(service=%s)) > > or better name this attribute > > deniedService Thanks, this is quite helpful already. Regarding the other question about all the services that can be used there, I tried to grep the source code for certain keywords but could not really find anything useful with "service", "services" and some service names (e. g. "imap...

Hello, I am using Dovecot with an LDAP-backend for authentication. According to the documentation at https://wiki.dovecot.org/Authentication/RestrictAccess with LDAP and "pass_filter" it is possible to filter allowed services for the user with: pass_filter = (&(objectClass=posixAccount)(uid=%u)(service=%s)) Thats pretty cool. Now, in the LDAP-settings I created corresponding

no this is not the intented behaviour for thsi attribute. In general every user can use pop3 but only a few can use imap so what I want is: - permit pop3 by default - check if the attribute is 0 or 1 - depending on the result a user can login with imap protocol regards Markus Am 08.09.2017 um 17:59 schrieb Ralph Seichter: > On 08.09.2017 17:11, Markus Rosjat wrote: > >> I

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 30 Jul 2014, Jogi Hofm?ller wrote: >> Or better - disable LMTP service in Dovecot. Incoming mail will stay on >> your MTA and when you're done, you just tell it to deliver everything >> that piled up in the queue in the meantime > > Better but still not perfect ;) We have users that work late and I am > sure

...rvices which are allowed, the other, not mentioned > services stop to work. > > Is it possible to "flip" that setting so its not allowing certain > services but denying the ones that are added to the "service"-fields? (!(service=%s)) or better name this attribute deniedService - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBWTarunz1H7kL/d9rAQJS8gf8CMBPSi99lYOKNQMou/pxXvVAwmJg74Qt rNjHAK3w8G3NoIlSReSYdBURtL6vN6z3iY2cmY7XYFuV5cz/SK2itVIYF20KvhaS R8I4m2AP087AQeC1AAAyErca5fiC9fzKLg3VRugTs/lCiZ0YQnp/d5LvJ5B5XxAW 8j7L76roTOj2o6YM6n1AfyGoYH6sRE2cM...

...f the attribute is 0 or 1 > - depending on the result a user can login with imap protocol What's the name of the attribute? Maybe you can use %s in the the pass_filter string. If the name does not contain "imap", you need to change the logic, e.g. invent a general LDAP attribute deniedService and set deniedServer=imap Or AllowedService=imap allowedService=pop3 Or DeniedIMAP=1 > Am 08.09.2017 um 17:59 schrieb Ralph Seichter: >> On 08.09.2017 17:11, Markus Rosjat wrote: >> >>> I have a LDAP dir with an attribute set to 0 or 1 and in my old setup >>> (a...

...b) > Instead of to put/remove the user, you can overwrite the file, if there is > just one user, and remove the file at the very end. Maybe, you need not no other userdb, but you can make use of %s in your LDAP userdb - filter, e.g. user_filter = (&(objectClass=posixAccount)(uid=%u)(!(deniedService=%Ls))) however, you must test, if Dovecot's auth caching does honor the different values of %s in this case. I mean, if doveadm queries the user data, the result will be cached, if the LMTP service queries next: does it get the result of doveadm or not. I suppose, this applies to both varia...

Hello Timo, I want to deny access to some users. For now I'm doing it using 2 passdb's and listing users in a text file. !include auth-deny.conf.ext -> passwd-file driver !include auth-ldap.conf.ext -> ldap driver I want to do the same using only LDAP. I'm not quite sure how to do it : a) should I . change the driver of the first passdb from passwd-file to ldap . for user

...s_filter = (&(objectClass=posixAccount)(uid=%u)) >> >> to something like >> >> pass_filter = (&(objectClass=posixAccount)(uid=%u)(!foo=yes)) >> > > This is working but I don't know if this is the recommended way of doing it. Actually I use "(!(deniedService=%Ls))", but keep in mind that you do not "deny" an user knowingly, but that this user is not found. The semantic is different. What you could try - I do not remember anybody posting something like this - - is to combine a ldap passdb with deny=yes. The doc http://wiki2.dovecot.o...

...searching user_attrs = =home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n user_filter = (&(objectClass=fhMailAlias)(uid=%n)) pass_attrs = userPassword=password pass_filter = (&(objectClass=fhMailAlias)(uid=%Ln)(!(deniedService=%Ls))) iterate_filter = (objectClass=fhMailAlias) Note the pass_attrs. Then I submitted a new message with: socat stdin UNIX:/var/run/dovecot2.2/lmtp LHLO loc mail from:<me at example.com> rcpt to:<other at example.com> data Subject: 1 1 . successfully. Maildir was created and messa...

...; =home=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n > user_filter = (&(objectClass=fhMailAlias)(uid=%n)) > pass_attrs = userPassword=password > pass_filter = > (&(objectClass=fhMailAlias)(uid=%Ln)(!(deniedService=%Ls))) > iterate_filter = (objectClass=fhMailAlias) > > Note the pass_attrs. Then I submitted a new message with: > > socat stdin UNIX:/var/run/dovecot2.2/lmtp > LHLO loc > mail from:<me at example.com> > rcpt to:<other at example.com> > data > Subject: 1 &...

...e=/var/spool/mail/%d/%n,=mail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n >> user_filter = (&(objectClass=fhMailAlias)(uid=%n)) >> pass_attrs = userPassword=password >> pass_filter = (&(objectClass=fhMailAlias)(uid=%Ln)(!(deniedService=%Ls))) >> iterate_filter = (objectClass=fhMailAlias) >> >> Note the pass_attrs. Then I submitted a new message with: >> >> socat stdin UNIX:/var/run/dovecot2.2/lmtp >> LHLO loc >> mail from:<me at example.com> >> rcpt to:<other at example.c...

...ail=maildir:/var/spool/mail/%d/%n/Maildir:INDEX=/var/spool/mail/%d/%n:CONTROL=/var/spool/mail/%d/%n >>> user_filter = (&(objectClass=fhMailAlias)(uid=%n)) >>> pass_attrs = userPassword=password >>> pass_filter = >>> (&(objectClass=fhMailAlias)(uid=%Ln)(!(deniedService=%Ls))) >>> iterate_filter = (objectClass=fhMailAlias) >>> >>> Note the pass_attrs. Then I submitted a new message with: >>> >>> socat stdin UNIX:/var/run/dovecot2.2/lmtp >>> LHLO loc >>> mail from:<me at example.com> >>>...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 22 Jun 2015, lejeczek wrote: > On 22/06/15 09:16, lejeczek wrote: >> >> to=<me at my.domain>,orig_to=<root at localhost>, relay=dovecot, delay=39296, >> delays=39294/2.2/0/0.27, dsn=4.3.0, status=deferred (temporary failure) >> >> and dovecot logs no error, despite having debug to yes in couple