Hi Aki, On 03/21/2018 05:43 PM, Aki Tuomi wrote:> Mar 21 07:13:48 mail dovecot: auth: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets check failed: IP not in allowed networks > > this indicates that the request is marked failed.So, what you are saying is: the logline "Allowing any password" is 'wrong'? Access was actually DENIED, even though it says "Allowing any password" and even though one line later it says: "auth: Debug: auth client connected (pid=6174)"? This is all very misleading.... MJ
> On 21 March 2018 at 18:58 mj <lists at merit.unu.edu> wrote: > > > Hi Aki, > > On 03/21/2018 05:43 PM, Aki Tuomi wrote: > > Mar 21 07:13:48 mail dovecot: auth: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets check failed: IP not in allowed networks > > > > this indicates that the request is marked failed. > > So, what you are saying is: the logline "Allowing any password" is > 'wrong'? Access was actually DENIED, even though it says "Allowing any > password" and even though one line later it says: "auth: Debug: auth > client connected (pid=6174)"? >The auth client connected does not mean that connection has been successfully authenticated, but, then again, it is still allowing any password, even though the request has been failed. Perhaps this can be improved in 2.3.x, maybe... Aki> This is all very misleading.... > > MJ
ok, fyi: I have now also tested/confirmed this, while looking at the logs, and indeed: Even when the connection is denied because of a wrong password, the message "Allowing any password" is showing up in the logs. Perhaps it is because we have set debug options:> auth_debug = yes > auth_debug_passwords = yes > auth_verbose = yesIt would be nice if the "Allowing any password" could be rephrased, or taken out. It really had me scared for a while. Thanks Aki, MJ