search for: allow_net

Dear all, We use `allow_nets`[1] to restrict login clients, it works fine. Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"? Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b...

Hello all, I am testing my dovecot installation in order to restrict access via POP3 for IPs outside my network. I have read and understood the instructions in the wiki and I have reached a configuration that works ONLY when single IPs are listed in allow_nets but not when ranges in the notation x.x.x.x/y are listed. Some examples should be more explanatory. I am using 1.0.rc15 patched as for last week as distributed in Debian etch. First of all, everything related to this is stored in a MySQL database, here is my password query: password_query = S...

Hi, I've just started trying allow_nets on one of my servers. I have auth_debug and auth_verbose both enabled and the output is as follows: Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at domain.net,x.x.x.x): allow_nets: Matching for network 127.0.0.1/8 Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at do...

Hi. I want to use allow_nets in my configuration, but i have some troubles which i cant resolve. To use allow_nets i creates `allow_nets` text field in my mysql users table. My query is: from: dovecot/sql.conf: password_query = SELECT crypt as password, maildir as userdb_mail, 6 AS userdb_uid,6 AS userdb_gid, allow_nets F...

Hi, I have the following configuration in my dovecot.conf for Dovecot 2.2.21: passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24 } This triggers "auth: Panic" on POP3/IMAP logins as the below: Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets: Invalid network 'local' Dec 22 14:57:39 localhost dovecot: auth: Panic: f...

Hello, I'm playing with allow_nets function. It is really cool! In a filebased passwd backend you simply add "allow_nets=192.0.2.143/32" as mentioned in http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets But if I use an LDAP backend it looks different. Following http://wiki2.dovecot.org/AuthDatabase/LDAP/Aut...

...1.0.rc15-2etch1 ii dovecot-imapd 1.0.rc15-2etch1 ii dovecot-pop3d 1.0.rc15-2etch1 # dovecot --version 1.0.rc15 Now here is my question. Some of the mail users may only login from the LAN, while others can login from the LAN and the internet. I've read about allow_nets but i can't find very much info when dovecot is used with ldap. Can someone give me a direction (url, configuration file, ...). Thanks in advance. -- Best regards, Marc

Hello, Im using Ubuntu 8.10 with Dovecot 1.0.10. I am using passwd files, not a MySQL database. I have 2 files, a "users" file, and a "passwd" file. I have added: allow_nets=10.1.10.1 to the end of a specific users entry in the users file. When that user tries to login, I get the following in the logs: dovecot: 2009-02-28 09:06:59 Error: IMAP(bob at mydomain.com): Ambiguous mail location setting, don't know what to do with it: allow_nets=10.1.10.1 (try prefixing...

Hello! I'm trying to restrict imap logins to our internal network for several users, but this breaks dovecot delivery too Even if i set allow_nets to NULL or 0.0.0.0/0 deliver exits with "Error: Auth lookup returned failure" i'm running it as 'command = /usr/lib/dovecot/deliver -e -d "$local_part@$domain" -s' in exim.conf i guess delivery lookups should be independent of allow_nets i'm using dovecot...

...d, > CONCAT('/home/vmail/',homedir,'/',maildir,'/') as userdb_home, uid as userdb_uid, gid as > userdb_gid, CONCAT('dirsize:/home/vmail/',homedir,'/',maildir,'/',':storage=',quota/1024) as > userdb_quota, nice as userdb_nice, hosts as allow_nets FROM users WHERE mail = '%u' and access = > 'Y' and %Ls = 'Y'; > > > When I insert allow_nets (and it should be used without userdb_ prefix) into password_query I could > not send any more letters. In logs next: > > Dec 19 11:25:30 post dovecot: auth-wo...

...or black list. https://wiki.dovecot.org/PostLoginScripting I have implemented this myself on a small open source project, I can send you the links of you want. Andr?. Tue Apr 30 02:57:18 GMT+01:00 2019 Zhang Huangbin via dovecot <dovecot at dovecot.org>: > Dear all, > > We use `allow_nets`[1] to restrict login clients, it works fine. > Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"? > > Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid net...

...some users to login from everywhere except some IP/networks, > > Can you use firewall rules for this? I suppose not. We don't restrict ALL users this way, just few of them. And the client IP addresses may change frequently, not static IPs. >> how can we accomplish this with "allow_nets"? > > Allow_nets specifies allowed networks. Doesn't say anything else about any other use. > > "The allow_nets field is a comma separated list of IP addresses and/or networks where the user is allowed to log in from." I understand what "allow" means. Bu...

I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I have: smtpd_sasl_type = dovecot It works good, but now I need to allow users to connect by IMAP only from given IP adresses. I've added extra field allow_nets to passdb in Dovecot, and IMAP authentication works fine. But now I can't connect to my SMTP server because when smtpd ask dovecot about user authentification, dovecot always denied it. Even if I try to connect to SMTP from correct IP, listed in allow_nets for user. In dovecot log I have messa...

> On 30 Apr 2019, at 4.56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote: > > Dear all, > > We use `allow_nets`[1] to restrict login clients, it works fine. > Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"? > > Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid ne...

Hello, i am running dovevot 2.0.5 using ldap authentication with the allow_nets paramter to limit access to some local networks. The problem is, when i want to use the local lmtp socket from postfix *virtual_transport = lmtp:unix:private/dovecot-lmtp * i get the follwing error: *Oct 21 15:48:03 auth: Info: passdb(username): allow_nets check failed: Remote IP not known *...

Hi, When using dovecot for authentication of an SASL (postfix) request, i cannot use the allow_nets parameter. The IP-address of the requester is not known in dovecot. I would like to allow sasl for certain users, others are not allowed to access via SASL. Some users can have access to imap and pop3 from certain IP-addresses. How could i combine this in then dovecot configuration? -- Best...

This was brought up in 2014, and left without conclusion, so I thought it would be time to bump it :) I would love a way to do allow_nets based on an RBL check, could this be added to the feature-list? https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets Thanks -- Tom

On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote: > Recently we need to allow some users to login from everywhere except some IP/networks, Can you use firewall rules for this? > how can we accomplish this with "allow_nets"? Allow_nets specifies allowed networks. Doesn't say anything else about any other use. "The allow_nets field is a comma separated list of IP addresses and/or networks where the user is allowed to log in from."

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use the allow_nets password extra field [0] for my users. Is there a way to use this functionality for ALL users, and not to edit my passwd-file every time a new user is added ? The alternative i am working for this is the TCP Wrappers. [0]: http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -----BEGIN...

...x, control and allow nets in my userdb per user. I am trying to have the same configuration with dovecot 1.1 and MySQL. According to log files when a virtual user is connecting to dovecot, the dovecot reads from MySQL the correct values but dovecot doesnt create the dirs for INDEX, CONTROL and the allow_nets is bypasses. - From my logs : dovecot: May 14 20:56:23 Info: auth(default): master out: USER 12 ebalaskas at ebalaskas.gr uid=1002 gid=8 mail=maildir:/var/mail/ebalaskas.gr/ebalaskas INDEX=/var/mail/.index/ebalaskas.gr/ebalaskas CONTROL=/var/mail/.control/ebalaskas.gr/ebalaskas allow_nets=10.10.1...