Hi,
I've been using dovecot for some time now, always with the setting:
disable_plaintext_auth = yes
so that no user can accidentally expose their username/password in the open.
However, I'm now trying to configure a webmail client in a nearby server
which doesn't support TLS or SSL IMAP connections :-(
Is there any way to allow plaintext_auth only for a small set of IP
addresses (for what I see in the comment, this is automatic for local
addresses, alas, the webmail client is on another host).
TIA
--
Mariano Absatz - "El Baby"
el.baby at gmail.com
www.clueless.com.ar
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- Theory is when you know something but it doesn't work.
- Practice is when something works but you don't know why.
- Usually we combine theory and practice:
Nothing works and we don't know why.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* TagZilla 0.066 * http://tagzilla.mozdev.org
On Tue, 2009-11-10 at 17:41 -0300, Mariano Absatz wrote:> Is there any way to allow plaintext_auth only for a small set of IP > addresses (for what I see in the comment, this is automatic for local > addresses, alas, the webmail client is on another host).# Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20091110/68343073/attachment-0002.bin>
On Tue, Nov 10, 2009 at 19:44, Timo Sirainen <tss at iki.fi> wrote:> On Tue, 2009-11-10 at 17:41 -0300, Mariano Absatz wrote: >> Is there any way to allow plaintext_auth only for a small set of IP >> addresses (for what I see in the comment, this is automatic for local >> addresses, alas, the webmail client is on another host). > > # Space separated list of trusted network ranges. Connections from these > # IPs are allowed to override their IP addresses and ports (for logging and > # for authentication checks). disable_plaintext_auth is also ignored for > # these networks. Typically you'd specify your IMAP proxy servers here. > #login_trusted_networks It seems my version is too old for this... I'm using the standardubuntu server package (1.1.11-0ubuntu4.1 http://packages.ubuntu.com/jaunty-updates/dovecot-imapd), which seems to be 1.1.11 plus security patches... In what version did this feature appears? -- Mariano Absatz - El Baby www.clueless.com.ar