dovecot - Feb 2010 - Problem with allow_nets passdb parameter and Postfix

I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I
have:

smtpd_sasl_type = dovecot

It works good, but now I need to allow users to connect by IMAP only from
given IP adresses. I've added extra field allow_nets to passdb in Dovecot,
and IMAP authentication works fine. But now I can't connect to my SMTP
server because when smtpd ask dovecot about user authentification, dovecot
always denied it. Even if I try to connect to SMTP from correct IP, listed
in allow_nets for user. In dovecot log I have messages about incorrect ip
like this:

dovecot: 2010-02-15 13:28:51 Info: auth(default): passwd-file(malamut):
lookup: user=malamut file=/etc/dovecot/temp.users
dovecot: 2010-02-15 13:28:51 Info: auth(default): passdb(malamut):
allow_nets check failed: Remote IP not known
dovecot: 2010-02-15 13:28:53 Info: auth(default): client out: FAIL 7
user=malamut

Problem is clear: smtpd don't send client IP to dovecot authentication
socket. But I need to limit the ability of connection to users only from
specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15
and Postfix 2.5.5 on Debian Lenny.

On Mon, 2010-02-15 at 14:00 +0300, ????????? ?????
wrote:
> allow_nets check failed: Remote IP not known
> Problem is clear: smtpd don't send client IP to dovecot authentication
> socket. 
Yep. The only way you can get Postfix to send IP to Dovecot is by
patching Postfix sources.
> But I need to limit the ability of connection to users only from
> specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot
1.0.15
> and Postfix 2.5.5 on Debian Lenny.
Do you mean all users must connect from only specific IP, or is it a
per-user configuration? If all users, maybe you can do this on Postfix
side some other way. Or require clients to use submission port or a
different IP and use a firewall.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20100218/0b5d8d9f/attachment-0002.bin>

Well, I've asked this question in Postfix mail list and after discussion as
I understand Postfix 2.7 send all necessary client information to Dovecot
socket. But I haven't try this solution yet.

2010/2/18 Timo Sirainen <tss at iki.fi>
> On Mon, 2010-02-15 at 14:00 +0300, ????????? ????? wrote:
> > allow_nets check failed: Remote IP not known
>
> > Problem is clear: smtpd don't send client IP to dovecot
authentication
> > socket.
>
> Yep. The only way you can get Postfix to send IP to Dovecot is by
> patching Postfix sources.
>
> > But I need to limit the ability of connection to users only from
> > specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot
> 1.0.15
> > and Postfix 2.5.5 on Debian Lenny.
>
> Do you mean all users must connect from only specific IP, or is it a
> per-user configuration? If all users, maybe you can do this on Postfix
> side some other way. Or require clients to use submission port or a
> different IP and use a firewall.
>