In a scenario where a customer requires 2FA for email, and is happy to always use webmail/roundcube that supports 2FA, we would need to lock down the normal smtp/pop/imap access. While this could be done server-wide using firewall rules, this is not gonna work for shared servers. The goal would be to only allow smtp/pop/imap logins from our webmail service for the customer's domain/accounts.
Dovecot has something called
For exim, I haven't yet found a way to achieve something similar, but it seems maybe the easiest way is to implement support for
Does this sound like something that should/could be implemented? If it is, and we can perhaps iron out some of the uncertainties, I can add it as a feature request.
Dovecot has something called
allow_nets that can be set as part of the passwd file (https://doc.dovecot.org/configuration_manual/authentication/allow_nets/). Support for this could be added to DirectAdmin, either on a per domain level, or per account level, or both. At first glance, I don't see where this would be put, as the example on that link doesn't quite add up with what's in /etc/virtual/%d/passwd. I see the dovecot.conf tries to include conf/custom_passdb.conf and conf/alternate_passwd.conf if they exist, but I haven't found any information about what they are for.For exim, I haven't yet found a way to achieve something similar, but it seems maybe the easiest way is to implement support for
allow_nets into the smtpauth subroutine in /etc/exim.pl?Does this sound like something that should/could be implemented? If it is, and we can perhaps iron out some of the uncertainties, I can add it as a feature request.
Last edited: