similar to: Restrict user on IMAP or POP

Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this. Thanks, -Terry Terry Barnum digital OutPost

Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this? Thanks, -Terry iPhone says Hello World! > On Sep 16, 2015, at 6:31 PM, Benny Pedersen <me at junc.eu> wrote: > > Terry Barnum skrev den 2015-09-17 02:32: > >> I've

I use MySQL to store my virtual users passwords and I am running the latest version of Dovecot. What I need to do is have one particular user have ONLY access to their email via Roundcube (webmail) and no IMAP/SMTP access. Therefore, how do I disable IMAP/SMTP access for just one user?

It would be great to have a HOWTO in the wiki, on how to restrict services by username in dovecot, so some users are allowed IMAP and others not allowed. As concerns restricting users by IP, I believe that is a bad idea. It's almost a useless idea, imnsho, because they can connect from another IP. It's easy to restrict services by IP using a firewall or by using inetd. -Wash

Awesome, thanks! Sent from my mobile device please excuse. 11.11.2017 2:48 PM "Gedalya" <gedalya at gedalya.net> napisa?(a): > On 11/10/2017 11:03 PM, Joseph Tam wrote: > > > > The toughest situation (using script techniques) is for > > CIDR ranges just shy of a full octet boundary e.g. /25. > > Actually there is a great tool for that, grepcidr >

Hello, I have all userdata in a ldapserver. Every user has the right to use pop3. There is no explicit attribute allowing that. It's simply possible. Now I like to add imap. For a starting period I like to restrict, who may use imap. http://wiki2.dovecot.org/Authentication/RestrictAccess mention a solution where I could modify ldap pass_filter. But that require an attribute

> > > Morning Louis, Unless I totally misread this, the OP only > wants the DC > to query itself, no clients. > > I could understand it if they only wanted domain members to > query the DC. > > Stop and think about this, a client wants to know where > another domain > member is, or worse still, where the DC is, who does it ask ? It asks > its

Hi list, I have a setup with postfix+dovecot+mysql unser CentOS 5, running 50 odd domains with virtual users. Access is allowed for public POP3, and a webmail on apache+PHP solution through local IMAP. I'm not gonna give you the long story about the why, but I'm looking for a way to give public IMAP access only to one domain, knowing that users log in with full email (user at domain.tld).

Hello, I like to enable the allow_nets Feature (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) for my customers. To help them knowing there own IP I imagine a special mailbox/loginuser at the pop3 server. That user could give a valid pop3 answer from a dummy pop3 server or simply throw a login error with customised answer containing the IP information. Has anybody done

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#ffffff" text="#000000"> <font size="-1">Hi,<br> Just new on this mailinglist; I sure hope my questions wouldn't

Salut alex, est-ce qu''il est possible d''avoir la liste de tous les accents qu''il est possible de représenter avec wxruby2, comme "é" par exemple. merci Sebastien _______________________________________________ wxruby-users mailing list wxruby-users@rubyforge.org http://rubyforge.org/mailman/listinfo/wxruby-users

Dear all, We use `allow_nets`[1] to restrict login clients, it works fine. Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"? Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'". Can we have this feature? i guess it should be done

Hello, my enviroment: All Servers are Ubuntun 16.04-18.04 SAMBA AD DC Server and several SAMABA DOMAIN MEMBER (connected via WINBIND). In ADDC I've created a group "restrictaccess" and added some users. Now when im typing "id <username>" on a Domain Member, for some users the group "restrictaccess" are listed for some not! For example: ON DC: #

Hey folks. One feature I'd really like to see in dovecot is the ability to point it at a database (with a configurable query) and have it allow or deny a connection based on looking up the source IP address in that database. I run Postfix, and I've got it configured to use a database server for its smtpd_client_restrictions checks. Ideally I'd like to point dovecot at

On 03/01/2015 06:34 PM, Benny Pedersen wrote: >> The other side of this equation, Postfix, has had this capability >> for years. Why it hasn't been added to dovecot is a mystery. It's >> the only thing (really, the ONLY thing!) that I dislike about dovecot. > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > then setup fail2ban to

Just a trivial question... Do the hosts allow and hosts deny clauses (i.e. within smb.conf) support the use of IPv4 CIDR notation (e.g. A.B.C.D/maskbits) ? The specific documentation page I was looking at, i.e.: https://www.samba.org/samba/docs/using_samba/ch06.html was rather entirely ambiguous on this one small point. When describing the interfaces clause, it says explicitly that CIDRs

Hi, I've just started trying allow_nets on one of my servers. I have auth_debug and auth_verbose both enabled and the output is as follows: Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at domain.net,x.x.x.x): allow_nets: Matching for network 127.0.0.1/8 Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at domain.net,x.x.x.x): allow_nets: Matching for network

Hi, I have the following configuration in my dovecot.conf for Dovecot 2.2.21: passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24 } This triggers "auth: Panic" on POP3/IMAP logins as the below: Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets:

Dear openssh-unix-dev list, in OpenSSH 5.1 you introduced CIDR address/masklen matching for "Match address" blocks in sshd_config as well as supporting CIDR matching in ~/.ssh/authorized_keys from="..." restrictions in sshd. I wonder whether CIDR address/masklen matching will be implemented for permitopen="host:port" restrictions in sshd as well, that would be quite

Crossbow team, The following is of interest to the Crossbow project. Since a large chunk of these changes also exist in the Crossbow gate, the delivery of this wad will result in fewer lines of changes for Crossbow''s delivery. If someone on Crossbow could participate in this review, that would be a bonus (Eric Cheng made original changes in the Crossbow gate at some point last year).