search for: allownet

Hello, I'm playing with allow_nets function. It is really cool! In a filebased passwd backend you simply add "allow_nets=192.0.2.143/32" as mentioned in http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets But if I use an LDAP backend it looks different. Following http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds and http://wiki2.dovecot.org/AuthDatabase/LDAP/Userdb#Attribute_templates_.28v2.1.29 my pass_attrs looks this: pass_attrs = =user=%{ldap:uid}, \ =allow_nets=%{ldap:allowne...

Dave McGuire writes: >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >> >> then setup fail2ban to manage extrafields > > Now that's a very interesting idea, thank you! I will investigate this. If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries an...

...; The other side of this equation, Postfix, has had this capability >> for years. Why it hasn't been added to dovecot is a mystery. It's >> the only thing (really, the ONLY thing!) that I dislike about dovecot. > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > then setup fail2ban to manage extrafields Now that's a very interesting idea, thank you! I will investigate this. -Dave -- Dave McGuire, AK4HZ/3 New Kensington, PA

Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? Thanks, -Terry iPhone says Hello World! > On Sep 16, 2015, at 6:31 PM, Benny Pedersen <me at junc.eu> wrote: > > Terry Barnum s...

> >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets rethink why its allownets not denynets > 45K+ IPs will work in a recent table > i have them too but for smtp only like have you seem a single user with 45k ips that does not make logs of login fails ?

Hi, I'm using dovecot on debian etch: ||/ Name Version ii dovecot-common 1.0.rc15-2etch1 ii dovecot-imapd 1.0.rc15-2etch1 ii dovecot-pop3d 1.0.rc15-2etch1 # dovecot --version 1.0.rc15 Now here is my question. Some of the mail users may only login from the LAN, while others can login from the LAN and the internet. I've read about

Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this. Thanks, -Terry Terry Barnum digital OutPost

Hello, I've been running dovecot for over 3 years now and it works with no problems. I have it setup so that it authenticates users against Active Directory via LDAP and so far no problems. What I would like to know is if there is any way that I could deny access for users trying to access email via cellphones or email clients outside the company. I can

Hello, I like to enable the allow_nets Feature (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) for my customers. To help them knowing there own IP I imagine a special mailbox/loginuser at the pop3 server. That user could give a valid pop3 answer from a dummy pop3 server or simply throw a login error with customised answer containing the IP information. Has anybody done something simi...

...ide of this equation, Postfix, has had this capability >>> for years. Why it hasn't been added to dovecot is a mystery. It's >>> the only thing (really, the ONLY thing!) that I dislike about dovecot. >> >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >> >> then setup fail2ban to manage extrafields > > Now that's a very interesting idea, thank you! I will investigate this. Does allownets support negative CIDRs? - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVPQfMXz1H7kL/d9rAQLP6Qf+KLmEwyV...

Am 02.03.2015 um 20:01 schrieb Benny Pedersen: > >> >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > rethink why its allownets not denynets > >> 45K+ IPs will work in a recent table >> i have them too but for smtp only like > > have you seem a single user with 45k ips that does not make logs of > login fails ? the most problem may nat and false positves, with...

On March 2, 2015 10:50:59 PM Dave McGuire <mcguire at neurotica.com> wrote: > On 03/02/2015 05:34 AM, Joseph Tam wrote: > >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets its not a big hint its not called denynets is it ? > I myself just want a mechanism to deny certain IP addresses when I > spot them, regardless of the implementation. But anything that offloads > my mail servers from anything that doesn't involve serving mail makes me > happy....

This was brought up in 2014, and left without conclusion, so I thought it would be time to bump it :) I would love a way to do allow_nets based on an RBL check, could this be added to the feature-list? https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets Thanks -- Tom

I have written a script that connects (localhost) to the dovecot/imap server and performs various maintenance on my mail, by folder..... deleting old stuff, keeping the n most recent, that sort of crap, er good stuff. :-) My script is written in php (I use the various imap_* functions), and it connects to the imap server running on the same machine... is there a way to connect to the server

...t Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'". Can we have this feature? i guess it should be done in function "auth_request_validate_networks"[2] in file src/auth/auth-request.c. [1] allow_nets: https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets [2] https://github.com/dovecot/core/blob/fbc3ccc4a9a02b82073585a33254eacedc6a9950/src/auth/auth-request.c#L1990

On 03/01/2015 04:25 AM, Reindl Harald wrote: >> I wonder if there is an easy way to provide dovecot a flat text >> file of ipv4 #'s which should be ignored or dropped? >> >> I have accumulated 45,000+ IPs which routinely try dictionary >> and 12345678 password attempts. The file is too big to create >> firewall drops, and I don't want to compile with

> The other side of this equation, Postfix, has had this capability > for years. Why it hasn't been added to dovecot is a mystery. It's > the only thing (really, the ONLY thing!) that I dislike about dovecot. http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets then setup fail2ban to manage extrafields

Am 02.03.2015 um 11:34 schrieb Joseph Tam: > Dave McGuire writes: > >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >>> >>> then setup fail2ban to manage extrafields >> >> Now that's a very interesting idea, thank you! I will investigate this. > > If you don't expect yor firewall to handle 45K+ IPs, I'm not how you > expect dovecot will handle a comma separa...

On 03/02/2015 05:34 AM, Joseph Tam wrote: >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >>> >>> then setup fail2ban to manage extrafields >> >> Now that's a very interesting idea, thank you! I will investigate this. > > If you don't expect yor firewall to handle 45K+ IPs, I'm not how you > expect dovecot will handle a comma separa...

Terry Barnum skrev den 2015-09-17 02:32: > I've searched but haven't found how to accomplish this. http://wiki2.dovecot.org/Authentication/RestrictAccess http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets took me 3 sec :=)