Displaying 20 results from an estimated 1000 matches similar to: "dovecot with ldap and allow_nets"
2007 Dec 03
4
Dovecot + SASL + allow_nets
Hi,
When using dovecot for authentication of an SASL (postfix) request, i
cannot use the allow_nets parameter. The IP-address of the requester is
not known in dovecot.
I would like to allow sasl for certain users, others are not allowed to
access via SASL.
Some users can have access to imap and pop3 from certain IP-addresses.
How could i combine this in then dovecot configuration?
--
Best
2006 Jan 09
2
Master privileges unavailable
Hi,
I'm using debian sarge on my server and connected a MGE-ups ellipse via
the serial port.
I searched the internet for the answer, but can't find it.
My config files:
<upsd.users>
[admin]
password = pwd
allowfrom = 127.0.0.1/32
actions = set
instcmds = all
[upsmon]
password = pwd
allowfrom = 127.0.0.1/32 10.0.0.224/32
upsmon master
[upsslave]
password
2019 Apr 30
8
Feature request: exclude IP/network in allow_nets extra field
Dear all,
We use `allow_nets`[1] to restrict login clients, it works fine.
Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"?
Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'".
Can we have this feature?
i guess it should be done
2018 Aug 23
1
allow_nets based on RBL
This was brought up in 2014, and left without conclusion, so I thought
it would be time to bump it :)
I would love a way to do allow_nets based on an RBL check, could this be
added to the feature-list?
https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
Thanks
--
Tom
2014 Jan 25
1
allow_nets + default + ldap
Hello,
I'm playing with allow_nets function. It is really cool!
In a filebased passwd backend you simply add "allow_nets=192.0.2.143/32"
as mentioned in http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
But if I use an LDAP backend it looks different.
Following http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds and
2008 Jan 02
2
Allow_nets
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I use the allow_nets password extra field [0] for my users. Is there a
way to use this functionality for ALL users, and not to edit my
passwd-file every time a new user is added ?
The alternative i am working for this is the TCP Wrappers.
[0]: http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
-----BEGIN PGP SIGNATURE-----
Version: GnuPG
2014 Oct 22
2
special "what's my ip" pop account
Hello,
I like to enable the allow_nets Feature
(http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
for my customers. To help them knowing there own IP I imagine a
special mailbox/loginuser at the pop3 server.
That user could give a valid pop3 answer from a dummy pop3 server or
simply throw a login error with customised answer containing the IP
information.
Has anybody done
2015 Mar 02
2
IP drop list
On 03/01/2015 06:34 PM, Benny Pedersen wrote:
>> The other side of this equation, Postfix, has had this capability
>> for years. Why it hasn't been added to dovecot is a mystery. It's
>> the only thing (really, the ONLY thing!) that I dislike about dovecot.
>
> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>
> then setup fail2ban to
2008 Apr 07
3
feature request: deny IP address via database
Hey folks. One feature I'd really like to see in dovecot is the
ability to point it at a database (with a configurable query) and
have it allow or deny a connection based on looking up the source IP
address in that database.
I run Postfix, and I've got it configured to use a database server
for its smtpd_client_restrictions checks. Ideally I'd like to point
dovecot at
2015 Dec 22
2
allow_nets=local in passdb gets "auth: Panic"
Hi,
I have the following configuration in my dovecot.conf for Dovecot 2.2.21:
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24
}
This triggers "auth: Panic" on POP3/IMAP logins as the below:
Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets:
2008 Oct 28
3
allow_nets overridden by cache
Hi,
I've just started trying allow_nets on one of my servers. I have
auth_debug and auth_verbose both enabled and the output is as follows:
Oct 28 13:05:48 mink dovecot: auth-worker(default):
auth(user at domain.net,x.x.x.x): allow_nets: Matching for network
127.0.0.1/8
Oct 28 13:05:48 mink dovecot: auth-worker(default):
auth(user at domain.net,x.x.x.x): allow_nets: Matching for network
2006 Oct 17
2
allow_nets and mysql question
Hi.
I want to use allow_nets in my configuration, but i have some troubles
which i cant resolve.
To use allow_nets i creates `allow_nets` text field in my mysql users
table. My query is:
from: dovecot/sql.conf:
password_query = SELECT crypt as password, maildir as userdb_mail, 6 AS
userdb_uid,6 AS userdb_gid, allow_nets FROM users WHERE id = '%u'
from dovecot.conf:
auth default {
2009 Apr 10
1
allow_nets and deliver + userdb lookup
Hello!
I'm trying to restrict imap logins to our internal network for several
users, but this breaks dovecot delivery too
Even if i set allow_nets to NULL or 0.0.0.0/0 deliver exits with "Error:
Auth lookup returned failure"
i'm running it as 'command = /usr/lib/dovecot/deliver -e -d
"$local_part@$domain" -s' in exim.conf
i guess delivery lookups should
2009 Feb 28
1
allow_nets
Hello,
Im using Ubuntu 8.10 with Dovecot 1.0.10.
I am using passwd files, not a MySQL database.
I have 2 files, a "users" file, and a "passwd" file.
I have added:
allow_nets=10.1.10.1 to the end of a specific users entry in the users file.
When that user tries to login, I get the following in the logs:
dovecot: 2009-02-28 09:06:59 Error: IMAP(bob at mydomain.com):
2019 Apr 30
3
Feature request: exclude IP/network in allow_nets extra field
> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot <dovecot at dovecot.org> wrote:
>
> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote:
>> Recently we need to allow some users to login from everywhere except some IP/networks,
>
> Can you use firewall rules for this?
I suppose not. We don't restrict ALL users this way,
2007 Apr 29
2
Method to globally limit network access
G'day All,
I am new to dovecot. I've run across the "allow_net" to restrict access
on what seems like a per user basis. Is the a way to global limit access
to one or more networks?
Marcus O.
2010 Feb 15
2
Problem with allow_nets passdb parameter and Postfix
I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I
have:
smtpd_sasl_type = dovecot
It works good, but now I need to allow users to connect by IMAP only from
given IP adresses. I've added extra field allow_nets to passdb in Dovecot,
and IMAP authentication works fine. But now I can't connect to my SMTP
server because when smtpd ask dovecot about user
2014 May 05
1
Dovecot proxy
Hi everyone,
I have a problem that hopefully has an easy solution.
I am setting up an IMAP proxy in a DMZ network. It will connect to the real IMAP server and authenticate using "driver = imap", and this I have working really nicely.
What I want to do is have it look up a list of users that are allowed to connect through the proxy before proxying the connection, as not all users with
2008 Mar 31
2
Allow_nets + MySQL failing when using range notation
Hello all,
I am testing my dovecot installation in order to restrict access via
POP3 for IPs outside my network. I have read and understood the
instructions in the wiki and I have reached a configuration that works
ONLY when single IPs are listed in allow_nets but not when ranges in the
notation x.x.x.x/y are listed. Some examples should be more explanatory.
I am using 1.0.rc15 patched as
2019 Apr 30
0
Feature request: exclude IP/network in allow_nets extra field
Hello, Zhang.
You can easily do this without a new feature in Dovecot.
- Create a post login script, for instance, in bash.
- install grepcidr on your server.
Your post login script can use grepcidr to check for white or black list.
https://wiki.dovecot.org/PostLoginScripting
I have implemented this myself on a small open source project, I can send you the links of you want.
Andr?.
Tue Apr