Re: [exim] Dovecot style Authentication Policy Server for Ex…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andrew C Aitchison
Datum:  
To: Mike Tubby
CC: exim users
Betreff: Re: [exim] Dovecot style Authentication Policy Server for Exim?
On Tue, 17 Mar 2020, Mike Tubby via Exim-users wrote:

> The PHP back-end accepts a POST on a URI with form data that contains:
>
> * email address
> * password
> * remote IP address
>
> the back-end considers:
>
>    a) the username/password pair - for authentication
>    b) the GEOIP of the remote IP address - for authorization

>
> in the virtual mailbox/virtual user database, plus the remote IP in a local
> copy of the DBIP GeoIP database and returns a HTTP response code:
>
> * 204 On success (no data)
> * 403 Forbidden (for authentication failure or GEOIP authorization fail)
> * 400 Bad Request (for non supported methods or incomplete form data)
>
> and logs the username (email address) and remote IP address along with
> authentication success/fail and GEOIP policy success/fail and country code to
> a 'connection_log' table in MySQL.


If/when a legitimate user goes to a GEOIP restricted location
(OK that isn't likely while covid-19 ...) they will send their password
before being told to go away.

Is there a reason you cannot do the GeoIP block at connection time,
or at least before the password prompt ?

-- 
Andrew C. Aitchison                    Kendal, UK
             andrew@???