> On 01/06/2022 18:50 Hippo Man <[email protected]> wrote:
>
>
>
> > There's a facility to add arbitrary code to the imap login process,
> > e.g., in "10-master.conf":
> >
> > service imap-postlogin {
> > executable = script-login /local/bin/imap-wrapper
> > user = $default_internal_user
> > unix_listener imap-postlogin {
> > }
> > }
>
> Just wondering: is there some sort of pre-login scripting facility for
> validation,
> as well as this post-login mechanism? I couldn't find anything like this in
> the Dovecot docs, but perhaps I missed something.
>
> I'd like to be able to have the IP address, the protocol, the user ID, and
> the password examined before even passing the request to the standard
> login mechanism, and I'd like to be able to reject the request even prior
> to login. And a nice-to-have would also be the ability to alter the request
> before it gets passed on to the login mechansim.
>
> Am I out of luck?
>
> --
> [email protected]
> Take a hippopotamus to lunch today.
In authentication, you can use %{service} variable to expand into whatever
service the user is trying to log into.
Dovecot also has auth policy server support, which allows you to do various
prederminations prior actual authentication, see
https://doc.dovecot.org/configuration_manual/authentication/auth_policy/
Akki
