Home / server / Questions / 585820
Accepted
initall
Asked: 2014-04-01 23:51:47 +0800 CST

Allow IMAP for Roundcube and as external service only for some special users. How to configure?

  • 772

It's easy to set up a special passdb query in dovecot to restrict IMAP access to certain users, e.g. see this documentation on the dovecot wiki.

But when I use a webmailer like Roundcube and want to allow every other user to use it (and not just the users I allowed to use IMAP per method above) this approach fails.

What would be a working configuration idea?

The webmailer is on the same server as dovecot. Maybe a special crafted SQL-passdb-statement along with a allow_nets extra field to the local address for all webmailer-only users? Or a special option in Roundcube itself?

dovecot

2 Answers

  1. You could do some sort of CASE statement in your MySQL query, based on the allow_nets field, something like SELECT password CASE WHEN allow_nets = '127.0.0.1' OR <whatever you're using> THEN allow_imap = 'true' ELSE allow_imap = 'false' END FROM users WHERE userid = '%u' and active='1'

    Look into the CASE statement, I'm pretty sure mine won't actually work, but the idea should be solid.

    • 1
  2. Best Answer

    I found a way to not go into an extra_fields overhead and use a simple variable, '%r', instead. It resolves to the remote ip, so I can use something like

    WHERE active = '1'\
   AND ('%s' = 'pop3' OR (imap_allowed = true OR '%r' = '1.2.3.4'))

    The default case pop3 is tested first (via '%s') then

    1. who is always allowed to IMAP? (imap_allowed column in the table)
    2. or who uses the webmailer (remote ip == webmailer ip)
    • 1