diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index a2f3368..5479c0c 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -289,6 +289,23 @@ mail_user_ports="$standard_mailuser_ports" mail_client_ips="" forward_mail_client_ips="" + +# - Dovecot auth service +# - +dovecot_auth_service=false + +# - Port listen for dovecot auth requests +# - +dovecot_auth_port=44444 + +# - Client Network(s) allowed to connect to dovecot's auth service +# - +# - Example: +# - dovecot_auth_allowed_networks="192.68.11.64/27 194.150.169.139" +# - +dovecot_auth_allowed_networks="" + + # - FTP Server # - ftp_server_ips="" diff --git a/conf/main_ipv6.conf.sample b/conf/main_ipv6.conf.sample index 261ea32..768feb4 100644 --- a/conf/main_ipv6.conf.sample +++ b/conf/main_ipv6.conf.sample @@ -305,6 +305,23 @@ mail_user_ports="$standard_mailuser_ports" mail_client_ips="" forward_mail_client_ips="" + +# - (local) Dovecot auth service +# - +dovecot_auth_service=false + +# - Port listen for dovecot auth requests +# - +dovecot_auth_port=44444 + +# - Client Network(s) allowed to connect to dovecot's auth service +# - +# - Example: +# - dovecot_auth_allowed_networks="2001:678:a40:3000::/64 2a01:30:0:13:2f7:50ff:fed2:cef7" +# - +dovecot_auth_allowed_networks="" + + # - FTP Server # - ftp_server_ips="" diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 89056af..2ebc4bc 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -272,6 +272,14 @@ for _ip in $forward_mail_client_ips ; do forward_mail_client_ip_arr+=("$_ip") done +# --- +# - (local) Dovecot auth service +# --- +declare -a dovecot_auth_allowed_network_arr +for _port in $dovecot_auth_allowed_networks ; do + dovecot_auth_allowed_network_arr+=("$_port") +done + # --- # - IP Addresses Mumble Server # --- diff --git a/ip6t-firewall-server b/ip6t-firewall-server index 01d1cb8..9461923 100755 --- a/ip6t-firewall-server +++ b/ip6t-firewall-server @@ -1361,6 +1361,27 @@ else fi +# --- +# - (local) Dovecot auth service +# --- + +echononl "\t\t(local) Dovecot auth service" + +if [[ -n "$dovecot_auth_service" ]] && $dovecot_auth_service ; then + + if [[ ${#dovecot_auth_allowed_network_arr[@]} -gt 0 ]] && [[ -n "$dovecot_auth_port" ]]; then + for _ip in ${dovecot_auth_allowed_network_arr[@]} ; do + $ip6t -A INPUT -p tcp -s $_ip --dport $dovecot_auth_port -m state --state NEW -j ACCEPT + done + echo_done + else + echo_failed + fi +else + echo_skipped +fi + + # --- # - Mail Client (Submission/SMTPS/POPS/IMAPS) out only # --- diff --git a/ipt-firewall-server b/ipt-firewall-server index 25e411f..eaed5bd 100755 --- a/ipt-firewall-server +++ b/ipt-firewall-server @@ -1637,6 +1637,27 @@ else fi +# --- +# - (local) Dovecot auth service +# --- + +echononl "\t\t(local) Dovecot auth service" + +if [[ -n "$dovecot_auth_service" ]] && $dovecot_auth_service ; then + + if [[ ${#dovecot_auth_allowed_network_arr[@]} -gt 0 ]] && [[ -n "$dovecot_auth_port" ]]; then + for _ip in ${dovecot_auth_allowed_network_arr[@]} ; do + $ipt -A INPUT -p tcp -s $_ip --dport $dovecot_auth_port -m state --state NEW -j ACCEPT + done + echo_done + else + echo_failed + fi +else + echo_skipped +fi + + # --- # - HTTP(S) OUT # ---