similar to: allow_nets based on RBL

Dear all, We use `allow_nets`[1] to restrict login clients, it works fine. Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"? Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'". Can we have this feature? i guess it should be done

Hello, I'm playing with allow_nets function. It is really cool! In a filebased passwd backend you simply add "allow_nets=192.0.2.143/32" as mentioned in http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets But if I use an LDAP backend it looks different. Following http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds and

Hello, I like to enable the allow_nets Feature (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) for my customers. To help them knowing there own IP I imagine a special mailbox/loginuser at the pop3 server. That user could give a valid pop3 answer from a dummy pop3 server or simply throw a login error with customised answer containing the IP information. Has anybody done

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use the allow_nets password extra field [0] for my users. Is there a way to use this functionality for ALL users, and not to edit my passwd-file every time a new user is added ? The alternative i am working for this is the TCP Wrappers. [0]: http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -----BEGIN PGP SIGNATURE----- Version: GnuPG

On 03/01/2015 06:34 PM, Benny Pedersen wrote: >> The other side of this equation, Postfix, has had this capability >> for years. Why it hasn't been added to dovecot is a mystery. It's >> the only thing (really, the ONLY thing!) that I dislike about dovecot. > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > then setup fail2ban to

Hello, Zhang. You can easily do this without a new feature in Dovecot. - Create a post login script, for instance, in bash. - install grepcidr on your server. Your post login script can use grepcidr to check for white or black list. https://wiki.dovecot.org/PostLoginScripting I have implemented this myself on a small open source project, I can send you the links of you want. Andr?. Tue Apr

Hi, I'm using dovecot on debian etch: ||/ Name Version ii dovecot-common 1.0.rc15-2etch1 ii dovecot-imapd 1.0.rc15-2etch1 ii dovecot-pop3d 1.0.rc15-2etch1 # dovecot --version 1.0.rc15 Now here is my question. Some of the mail users may only login from the LAN, while others can login from the LAN and the internet. I've read about

Dave McGuire writes: >> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets >> >> then setup fail2ban to manage extrafields > > Now that's a very interesting idea, thank you! I will investigate this. If you don't expect yor firewall to handle 45K+ IPs, I'm not how you expect dovecot will handle a comma separated string with 45K+ entries any

On 03/01/2015 04:25 AM, Reindl Harald wrote: >> I wonder if there is an easy way to provide dovecot a flat text >> file of ipv4 #'s which should be ignored or dropped? >> >> I have accumulated 45,000+ IPs which routinely try dictionary >> and 12345678 password attempts. The file is too big to create >> firewall drops, and I don't want to compile with

Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? Thanks, -Terry iPhone says Hello World! > On Sep 16, 2015, at 6:31 PM, Benny Pedersen <me at junc.eu> wrote: > > Terry Barnum skrev den 2015-09-17 02:32: > >> I've

> >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets rethink why its allownets not denynets > 45K+ IPs will work in a recent table > i have them too but for smtp only like have you seem a single user with 45k ips that does not make logs of login fails ?

Hello, Im using Ubuntu 8.10 with Dovecot 1.0.10. I am using passwd files, not a MySQL database. I have 2 files, a "users" file, and a "passwd" file. I have added: allow_nets=10.1.10.1 to the end of a specific users entry in the users file. When that user tries to login, I get the following in the logs: dovecot: 2009-02-28 09:06:59 Error: IMAP(bob at mydomain.com):

G'day All, I am new to dovecot. I've run across the "allow_net" to restrict access on what seems like a per user basis. Is the a way to global limit access to one or more networks? Marcus O.

Hey folks. One feature I'd really like to see in dovecot is the ability to point it at a database (with a configurable query) and have it allow or deny a connection based on looking up the source IP address in that database. I run Postfix, and I've got it configured to use a database server for its smtpd_client_restrictions checks. Ideally I'd like to point dovecot at

On March 2, 2015 10:50:59 PM Dave McGuire <mcguire at neurotica.com> wrote: > On 03/02/2015 05:34 AM, Joseph Tam wrote: > >>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets its not a big hint its not called denynets is it ? > I myself just want a mechanism to deny certain IP addresses when I > spot them, regardless of the implementation. But

Hi. I want to use allow_nets in my configuration, but i have some troubles which i cant resolve. To use allow_nets i creates `allow_nets` text field in my mysql users table. My query is: from: dovecot/sql.conf: password_query = SELECT crypt as password, maildir as userdb_mail, 6 AS userdb_uid,6 AS userdb_gid, allow_nets FROM users WHERE id = '%u' from dovecot.conf: auth default {

Hi, I've just started trying allow_nets on one of my servers. I have auth_debug and auth_verbose both enabled and the output is as follows: Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at domain.net,x.x.x.x): allow_nets: Matching for network 127.0.0.1/8 Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at domain.net,x.x.x.x): allow_nets: Matching for network

Hi, I have the following configuration in my dovecot.conf for Dovecot 2.2.21: passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24 } This triggers "auth: Panic" on POP3/IMAP logins as the below: Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets:

Hi everyone, I have a problem that hopefully has an easy solution. I am setting up an IMAP proxy in a DMZ network. It will connect to the real IMAP server and authenticate using "driver = imap", and this I have working really nicely. What I want to do is have it look up a list of users that are allowed to connect through the proxy before proxying the connection, as not all users with

Hello all, I am testing my dovecot installation in order to restrict access via POP3 for IPs outside my network. I have read and understood the instructions in the wiki and I have reached a configuration that works ONLY when single IPs are listed in allow_nets but not when ranges in the notation x.x.x.x/y are listed. Some examples should be more explanatory. I am using 1.0.rc15 patched as