associating usernames with geo location using maxmind database

[carlatpg99]

I'd like a way to specify using either a plugin or as part of roundcube itself.

When someone attempts to login, I want to do the following:

• Check their ip address against maxmind database.  Currently it is available in the file format of GeoLite2-City.mmdb.
• Get their country code, state, and possibly the city.
• Check against the username they are trying to login as against the country code, state, and city matches against the country code, state, and city they are allowed to login from.
• If they are allowed to login from that location, attempt to log them in.  Then they can either be logged in if the correct password is sent or not.
• If they are not allowed to login, show an error message.

Currently the way I am protecting it is by limiting which ip addresses can connect using the maxminddb module for apache based on the geolocation their ip address is coming from.  I also have the roundcube rcguard plugin enabled with a captcha required before you can login.

[SKaero]

That could be done with a plugin. Take a look at the autologon plugin that comes with Roundcube https://github.com/roundcube/roundcubemail/blob/master/plugins/autologon/autologon.php While you don't need the autologon part of the plugin you can see how you could use the authenticate hook to set "valid" to false if the lookup doesn't allow them to login.