-
Notifications
You must be signed in to change notification settings - Fork 3
/
dovecotconf.go
47 lines (37 loc) · 1.29 KB
/
dovecotconf.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
// SPDX-FileCopyrightText: 2022 Lightmeter <hello@lightmeter.io>
//
// SPDX-License-Identifier: AGPL-3.0-only
package main
import (
"fmt"
uuid "github.com/satori/go.uuid"
)
func setupDovecotConfig(dovecotIsOld bool) {
authTpl := func() string {
if dovecotIsOld {
return ""
}
return `
# Check Lightmeter blocklist before auth (pre-auth), not after
# Also, report un·successful auth attempts
auth_policy_check_before_auth = yes
auth_policy_check_after_auth = no
auth_policy_report_after_auth = yes
`
}()
nonce := uuid.NewV4().String()
var tpl = `
# Dovecot will query Lightmeter's blocklist for every incoming IMAP/POP3 connection
auth_policy_server_url = https://auth.intelligence.lightmeter.io/auth
# See https://doc.dovecot.org/settings/core/#core_setting-auth_policy_hash_nonce for more information
auth_policy_hash_nonce = ` + nonce + `
# The remote IP address, that is trying to authenticate, is the minimal bit of information
# needed by Lightmeter to block illegitimate authentication attempts
# See https://doc.dovecot.org/settings/core/#setting-auth-policy-request-attributes for more information
auth_policy_request_attributes = remote=%{rip}
# The following is needed to verify the number of blocked auth attempts
auth_verbose = yes
` + authTpl
//nolint:forbidigo
fmt.Println(tpl)
}