This documentation is for Dovecot v2.x, see wiki1 for v1.x documentation.
Differences between revisions 22 and 23
Revision 22 as of 2021-09-22 07:08:16
Size: 4684
Editor: PageImporter
Comment:
Revision 23 as of 2022-04-26 07:08:37
Size: 5169
Editor: PageImporter
Comment:
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
<p><b>doveadm</b> [<b>-Dv</b>] <b>kick</b> [ -a <i>anvil_socket_path</i>] [<b>-f</b>]
<i>user</i><br>
<b>doveadm</b> [<b>-Dv</b>] <b>kick</b> [ -a <i>anvil_socket_path</i>] [<b>-f</b>]
<i>ip</i>[<b>/</b><i>mask</i>]<br>
<b>doveadm</b> [<b>-Dv</b>] <b>kick</b> [ -a <i>anvil_socket_path</i>] [<b>-f</b>] <i>user</i>
<i>ip</i>[<b>/</b><i>mask</i>]</p>
<p><b>doveadm</b> [<b>-Dv</b>] <b>kick</b> [<b>-a</b> <i>anvil_socket_path</i>] [<b>-f</b>
<i>passdb_field</i>] [<b>-h</b> <i>dest_host</i>] <i>user_mask</i><br>
<b>doveadm</b> [<b>-Dv</b>] <b>kick</b> [<b>-a</b> <i>anvil_socket_path</i>] [<b>-f</b>
<i>passdb_field</i>] [<b>-h</b> <i>dest_host</i>] <i>ip</i>[<b>/</b><i>bits</i>]<br>
<b>doveadm</b> [<b>-Dv</b>] <b>kick</b> [<b>-a</b> <i>anvil_socket_path</i>] [<b>-f</b>
<i>passdb_field</i>] [<b>-h</b> <i>dest_host</i>] <i>user_mask</i>
<i>ip</i>[<b>/</b><i>bits</i>]<br>
<b>doveadm</b> [<b>-Dv</b>] <b>kick</b> [<b>-a</b> <i>anvil_socket_path</i>] [<b>-f</b>
<i>passdb_field</i>] <b>-h</b> <i>dest_host</i></p>
Line 15: Line 18:
<p><b>doveadm</b>&#39;s&nbsp;<b>kick</b> command is used to disconnect users by <i>user</i> name <p><b>doveadm</b>&#39;s&nbsp;<b>kick</b> command is used to disconnect users by <i>user_mask</i>
Line 17: Line 20:
<p>In the first form, all users, whose login name matches the <i>user</i> argument, will be <p>In the first form, all users, whose login name matches the <i>user_mask</i> argument, will be
Line 21: Line 24:
<p>In the last form, only users connected from the given IP address or networks range and a <p>In the third form, only users connected from the given IP address or networks range and a
Line 23: Line 26:
<p>In the last form, all proxy connections to the given destination host are disconnected.</p>
Line 43: Line 47:
<dt><b>-f</b></dt>
<dd>Enforce the disconnect, even when there are multiple <i>user</i>s, from different networks,
connected to a single process. This option may be only required when you have configured something
like:
<pre>
service imap {
  ...
  client_limit = <i>1+n</i>
  service_count = 0
  ...
}
</pre></dd>
<dt><b>-f&nbsp;</b><i>passdb_field</i></dt>
<dd>Alternative username field to use for kicking, as returned by passdb. Only the passdb fields
beginning with the <i>user_</i> prefix are tracked.</dd>
<dt><b>-h&nbsp;</b><i>dest_host</i></dt>
<dd>Disconnect proxy connections to the given <i>dest_host</i>.</dd>
Line 58: Line 55:
<dt><i>ip</i>[/<i>mask</i>]</dt>
<dd><i>ip</i> or <i>ip</i><b>/</b><i>mask</i> is the host or network, from which the users are
<dt><i>ip</i>[/<i>bits</i>]</dt>
<dd><i>ip</i> or <i>ip</i><b>/</b><i>bits</i> is the host or network, from which the users are
Line 61: Line 58:
<dt><i>user</i></dt>
<dd>Is a <i>user</i>&#39;s login name. Depending on the configuration, a login name may be for
example <b>jane</b> or <b>john@example.com</b>. It&#39;s also possible to use &#39;<b>*</b>&#39;
and &#39;<b>?</b>&#39; wildcards (e.g. -u *@example.org).</dd>
<dt><i>user_mask</i></dt>
<dd>Is a user&#39;s login name, or the altenative username (user_* field) if the <b>-f</b>
parameter is used
. Depending on the configuration, a login name may be for example <b>jane</b> or
<b>john@example.com</b>. It&#39;s also possible to use &#39;<b>*</b>&#39; and &#39;<b>?</b>&#39;
wildcards (e.g. -u *@example.org).</dd>
Line 72: Line 70:
username proto pid ip
jane imap 8192 ::1
james imap 8203 2001:db8:543:2::1
<b>doveadm kick ba?</b>
kicked connections from the following users:
bar baz
username service pid ip
jane imap 8192 ::1
jano imap 8196 ::2
james imap 8203 2001:db8:543:2::1
<b>doveadm kick jan?</b>
The connections for jane and jano are kicked.
Line 82: Line 80:
username proto pid  ip
foo imap 8135 fd95:4eed:38ba::25
foo imap 9112 192.0.2.53
foo imap 8216 192.0.2.111
username service pid ip
foo imap  8135 fd95:4eed:38ba::25
foo imap  9112 192.0.2.53
foo imap  8216 192.0.2.111
Line 87: Line 85:
kicked connections from the following users:
foo
Line 90: Line 87:
username # proto (pids) (ips)
foo 1 imap (8135) (fd95:4eed:38ba::25)
username # service (pids) (ips)
foo 1 imap   (8135) (fd95:4eed:38ba::25)

Doveadm-Kick

Name

doveadm-kick - Disconnect users by user name and/or IP address

Synopsis

doveadm [-Dv] kick [-a anvil_socket_path] [-f passdb_field] [-h dest_host] user_mask
doveadm [-Dv] kick [-a anvil_socket_path] [-f passdb_field] [-h dest_host] ip[/bits]
doveadm [-Dv] kick [-a anvil_socket_path] [-f passdb_field] [-h dest_host] user_mask ip[/bits]
doveadm [-Dv] kick [-a anvil_socket_path] [-f passdb_field] -h dest_host

Description

doveadm's kick command is used to disconnect users by user_mask and/or the ip address, from which they are connected.

In the first form, all users, whose login name matches the user_mask argument, will be disconnected.

In the second form, all users, connected from the given IP address or network range, will be disconnected.

In the third form, only users connected from the given IP address or networks range and a matching login name will be disconnected.

In the last form, all proxy connections to the given destination host are disconnected.

Options

Global doveadm(1) options:

-D
Enables verbosity and debug messages.
-o setting=value
Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the userdb with the given value. In order to override multiple settings, the -o option may be specified multiple times.
-v
Enables verbosity, including progress counter.

Command specific options:

-a anvil_socket_path
This option is used to specify an absolute path to an alternative UNIX domain socket.

By default doveadm(1) will use the socket /var/run/dovecot/anvil. The socket may be located in another directory, when the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.

-f passdb_field
Alternative username field to use for kicking, as returned by passdb. Only the passdb fields beginning with the user_ prefix are tracked.
-h dest_host
Disconnect proxy connections to the given dest_host.

Arguments

ip[/bits]
ip or ip/bits is the host or network, from which the users are connected.
user_mask
Is a user's login name, or the altenative username (user_* field) if the -f parameter is used. Depending on the configuration, a login name may be for example jane or john@example.com. It's also possible to use '*' and '?' wildcards (e.g. -u *@example.org).

Example

If you don't want to disconnect all users at once, you can check who's currently logged in. The first example demonstrates how to disconnect all users whose login name is 3 characters long and begins with ba.

doveadm who -1 ja*
username                      service pid ip
jane                          imap   8192 ::1
jano                          imap   8196 ::2
james                         imap   8203 2001:db8:543:2::1
doveadm kick jan?
The connections for jane and jano are kicked.

The next example shows how to kick user foo's connections from 192.0.2.*.

doveadm who -1 foo
username                     service pid ip
foo                          imap   8135 fd95:4eed:38ba::25
foo                          imap   9112 192.0.2.53
foo                          imap   8216 192.0.2.111
doveadm kick foo 192.0.2.0/24

doveadm who f*
username                  # service (pids) (ips)
foo                       1 imap    (8135) (fd95:4eed:38ba::25)

See Also

doveadm(1), doveadm-who(1)


CategoryMan

None: Tools/Doveadm/Kick (last edited 2022-04-26 07:08:37 by PageImporter)