Search The ForumSearch   RegisterRegister  LoginLogin

AfterLogic WebMail Pro
 AfterLogic Forum : AfterLogic WebMail Pro
Subject Topic: 2FA + IMAP/SMTP/POP Post ReplyPost New Topic
Author
Message << Prev Topic | Next Topic >>
dermitdemdino
Newbie
Newbie
Avatar

Joined: 08 July 2020
Location: Germany
Online Status: Offline
Posts: 4
Posted: 09 July 2020 at 9:50am | IP Logged Quote dermitdemdino
You can activate the two-factor authentication in webmail. But how useful is this feature if IMAP/SMTP/POP can still be used without additional protection? Are there any thoughts on how this could be improved?

If necessary, block IMAP/SMTP (if desired)? Or maybe other users have completely different suggestions?

I am looking forward to a discussion about this ...

two-factor authentication
Back to Top View dermitdemdino's Profile Search for other posts by dermitdemdino Visit dermitdemdino's Homepage
 
solkmaaker
Senior Member
Senior Member


Joined: 28 June 2020
Online Status: Offline
Posts: 153
Posted: 02 August 2020 at 2:46pm | IP Logged Quote solkmaaker
Faced (sort of) same problem, some years ago.
This is what we came up with:
We created plugin, which allows user to select from which country he can log on, and using what protocol.
Plugin was written to Rainloop, but since Rainloop development seems to be stuck, we are considering to move to Afterlogic Aurora now. (i guess we have to rewrite plugin for that)
Current plugin looks like that: https://pasteboard.co/JkyCaXc.png
So basically it works like that: plugin stores user selected country ISO codes in storage file (Rainloop specific thing). Since by default storage file does not exist, user cannot use any imap/pop3/smtp clients right away. While user is created, he receives welcome message which contains instructions and help URL for enabling mail client program access to server.
In background, imap/pop3/smtp connections go trough proxy, so proxy will check upon authentication if user IP can use imap/pop3/smtp or not, depending on geoip lookup. So overall result is, if user has not allowed Germany (for example) and correct protocol, he wont be able to log in even with correct user/pass combination.
At first we thought that this feature creates problems to users when they are travelling (smartphones), but turned out that mobile clients (at least in here), when travelling, are using domestic IP addresses somehow, so their requests come from home country IP addresses, not the country they traveled to.
Back to Top View solkmaaker's Profile Search for other posts by solkmaaker
 
solkmaaker
Senior Member
Senior Member


Joined: 28 June 2020
Online Status: Offline
Posts: 153
Posted: 22 August 2020 at 7:04am | IP Logged Quote solkmaaker
Update:

We rewrote plugin to work with Afterlogic Aurora.
Looks like this: https://pasteboard.co/Jnyhoep.png

As for 2FA for imap/pop3/smtp - i think it can be achieved, but only using external programs and imap/pop3/smtp proxy.
Back to Top View solkmaaker's Profile Search for other posts by solkmaaker
 

If you wish to post a reply to this topic you must first login
If you are not already registered you must first register

  Post ReplyPost New Topic
Printable version Printable version

Forum Jump

Powered by Web Wiz Forums version 7.9
Copyright ©2001-2004 Web Wiz Guide