Displaying 20 results from an estimated 3000 matches similar to: "allow_nets and mysql question"
2008 Oct 28
3
allow_nets overridden by cache
Hi,
I've just started trying allow_nets on one of my servers. I have
auth_debug and auth_verbose both enabled and the output is as follows:
Oct 28 13:05:48 mink dovecot: auth-worker(default):
auth(user at domain.net,x.x.x.x): allow_nets: Matching for network
127.0.0.1/8
Oct 28 13:05:48 mink dovecot: auth-worker(default):
auth(user at domain.net,x.x.x.x): allow_nets: Matching for network
2019 Apr 30
8
Feature request: exclude IP/network in allow_nets extra field
Dear all,
We use `allow_nets`[1] to restrict login clients, it works fine.
Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"?
Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'".
Can we have this feature?
i guess it should be done
2009 Feb 28
1
allow_nets
Hello,
Im using Ubuntu 8.10 with Dovecot 1.0.10.
I am using passwd files, not a MySQL database.
I have 2 files, a "users" file, and a "passwd" file.
I have added:
allow_nets=10.1.10.1 to the end of a specific users entry in the users file.
When that user tries to login, I get the following in the logs:
dovecot: 2009-02-28 09:06:59 Error: IMAP(bob at mydomain.com):
2015 Dec 22
2
allow_nets=local in passdb gets "auth: Panic"
Hi,
I have the following configuration in my dovecot.conf for Dovecot 2.2.21:
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24
}
This triggers "auth: Panic" on POP3/IMAP logins as the below:
Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets:
2008 Mar 31
2
Allow_nets + MySQL failing when using range notation
Hello all,
I am testing my dovecot installation in order to restrict access via
POP3 for IPs outside my network. I have read and understood the
instructions in the wiki and I have reached a configuration that works
ONLY when single IPs are listed in allow_nets but not when ranges in the
notation x.x.x.x/y are listed. Some examples should be more explanatory.
I am using 1.0.rc15 patched as
2009 Apr 10
1
allow_nets and deliver + userdb lookup
Hello!
I'm trying to restrict imap logins to our internal network for several
users, but this breaks dovecot delivery too
Even if i set allow_nets to NULL or 0.0.0.0/0 deliver exits with "Error:
Auth lookup returned failure"
i'm running it as 'command = /usr/lib/dovecot/deliver -e -d
"$local_part@$domain" -s' in exim.conf
i guess delivery lookups should
2019 Apr 30
3
Feature request: exclude IP/network in allow_nets extra field
> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot <dovecot at dovecot.org> wrote:
>
> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote:
>> Recently we need to allow some users to login from everywhere except some IP/networks,
>
> Can you use firewall rules for this?
I suppose not. We don't restrict ALL users this way,
2007 Jan 12
1
dovecot Digest, Vol 45, Issue 18
>
> I use postfx 2.3.5 + dovecot (pop3/imap/lda/auth daemon for postfix) rc15.
>
> root at post /etc/postfix# grep dovecot main.cf
> smtpd_sasl_type = dovecot
> virtual_transport = dovecot
> dovecot_destination_recipient_limit = 1
>
> root at post /etc/dovecot# grep password_query dovecot-sql.conf
> password_query = SELECT mail as user, cryptp as password,
>
2014 Jan 25
1
allow_nets + default + ldap
Hello,
I'm playing with allow_nets function. It is really cool!
In a filebased passwd backend you simply add "allow_nets=192.0.2.143/32"
as mentioned in http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
But if I use an LDAP backend it looks different.
Following http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds and
2010 Feb 15
2
Problem with allow_nets passdb parameter and Postfix
I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I
have:
smtpd_sasl_type = dovecot
It works good, but now I need to allow users to connect by IMAP only from
given IP adresses. I've added extra field allow_nets to passdb in Dovecot,
and IMAP authentication works fine. But now I can't connect to my SMTP
server because when smtpd ask dovecot about user
2007 Nov 23
3
dovecot with ldap and allow_nets
Hi,
I'm using dovecot on debian etch:
||/ Name Version
ii dovecot-common 1.0.rc15-2etch1
ii dovecot-imapd 1.0.rc15-2etch1
ii dovecot-pop3d 1.0.rc15-2etch1
# dovecot --version
1.0.rc15
Now here is my question.
Some of the mail users may only login from the LAN, while others can
login from the LAN and the internet.
I've read about
2010 Oct 21
1
allow_nets and local sockets
Hello,
i am running dovevot 2.0.5 using ldap authentication with the allow_nets
paramter to limit access to some local networks.
The problem is, when i want to use the local lmtp socket from postfix
*virtual_transport = lmtp:unix:private/dovecot-lmtp *
i get the follwing error:
*Oct 21 15:48:03 auth: Info: passdb(username): allow_nets check failed:
Remote IP not known
*When using the TCP
2007 Dec 03
4
Dovecot + SASL + allow_nets
Hi,
When using dovecot for authentication of an SASL (postfix) request, i
cannot use the allow_nets parameter. The IP-address of the requester is
not known in dovecot.
I would like to allow sasl for certain users, others are not allowed to
access via SASL.
Some users can have access to imap and pop3 from certain IP-addresses.
How could i combine this in then dovecot configuration?
--
Best
2008 Jan 02
2
Allow_nets
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I use the allow_nets password extra field [0] for my users. Is there a
way to use this functionality for ALL users, and not to edit my
passwd-file every time a new user is added ?
The alternative i am working for this is the TCP Wrappers.
[0]: http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
-----BEGIN PGP SIGNATURE-----
Version: GnuPG
2018 Aug 23
1
allow_nets based on RBL
This was brought up in 2014, and left without conclusion, so I thought
it would be time to bump it :)
I would love a way to do allow_nets based on an RBL check, could this be
added to the feature-list?
https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
Thanks
--
Tom
2008 Oct 20
1
Using allow_nets
Hi,
I'm wanting to implement allow_nets so that some users can be limited to
only use webmail while others can use client or webmail access.
Adding the sql to pull a list of IPs/ranges for webmail only users was easy
enough. For the users that are allowed to access from anywhere, do I need to
specify 0.0.0.0/0 or something or can I just let the sql query return a
blank field?
Thanks
Guy
--
2011 Oct 04
2
GSSAPI and deny=yes passdb
Hi. Is it possible to use GSSAPI authentication and deny passdb
together? Seems it doesn't work as I expect: GSSAPI doesn't check deny
passdb, so I'm not able to restrict access to GSSAPI-users.
I can see these in logs when user tries to connect with PLAIN
authentication (via pam_krb5):
Oct 4 11:14:31 vm03 auth: Debug: passwd-file(testuser,172.17.0.123):
lookup: user=testuser
2019 Apr 30
0
Feature request: exclude IP/network in allow_nets extra field
Hello, Zhang.
You can easily do this without a new feature in Dovecot.
- Create a post login script, for instance, in bash.
- install grepcidr on your server.
Your post login script can use grepcidr to check for white or black list.
https://wiki.dovecot.org/PostLoginScripting
I have implemented this myself on a small open source project, I can send you the links of you want.
Andr?.
Tue Apr
2019 Apr 30
0
Feature request: exclude IP/network in allow_nets extra field
> On 30 Apr 2019, at 4.56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote:
>
> Dear all,
>
> We use `allow_nets`[1] to restrict login clients, it works fine.
> Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"?
>
> Tried allow_nets="!a.b.c.d", but
2019 Apr 30
0
Feature request: exclude IP/network in allow_nets extra field
On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote:
> Recently we need to allow some users to login from everywhere except some IP/networks,
Can you use firewall rules for this?
> how can we accomplish this with "allow_nets"?
Allow_nets specifies allowed networks. Doesn't say anything else about any other use.
"The allow_nets