1. Janos SUTO Avatar Janos SUTO
  2. Piler
  3. piler
  4. Issues

Forcing TOTP and disabling SMTP

Issue #1222 closed
Kilian Legters created an issue

Hi,

I cannot find the mailing list so instead I am asking these questions here. Might be useful for others in the future too.

I am looking to force users into using TOTP, or at the very least disable the option for them to disable it.

Besides this I would like to disable incoming SMTP functionalities, is this possible? Currently I am simply blocking port 25 with IPTables, which works, but to keep everything nice and tidy I’d like Piler to stop listening on port 25 too.

Comments (4)

  1. Janos SUTO repo owner

    Hello, why would you disable the smtp daemon? Anyway, you may either bind it to 127.0.0.1 or just stop it by editing either the /etc/init.d/rc.piler script or by disabling the piler-smtp systemd service (not sure which one you use).

    Forcing TOTP at the piler side is not possible. To do so you need to create a totp secret for each user, and each user needs to activate it on his phone using the appropriate app, eg. google authenticator or similar. I’m not sure how you could achieve that. I think your best bet is to use sso, and have the sso provider to enforce totp.

    Btw. the mailing list is at https://www.mailpiler.org/ at the bottom of the wiki page.

  2. Kilian Legters reporter

    @Janos SUTO

    Because I am only ever importing mail with piler-import.

    We’ve looked into SSO it’s not something we want to support right now. We might be able to show the authenticator code in the user-management section of the interface? Then the administrator can spread the registration code for the Authenticators? And we’d disable the checkbox on user-side of the account-management logic.

  3. Janos SUTO repo owner

    OK, then feel free to disable the piler-smtp daemon.

    “show the authenticator code in the user-management section of the interface?”

    I’m not sure. If you have a few users only, then you may seed the authenticator code in the user_settings table, and set ga_enabled=1 for everyone (and somehow distribute the per user code to them). Sure, you may disable the checkbox for them. However, usually (perhaps your use case is an exception) it’s worth to use an external user database, eg. ldap, etc. instead of the local piler db.

  5. Log in to comment
Assignee
Type
bug
Priority
trivial
Status
closed
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!