similar to: dovecot with ldap and allow_nets

Hi, When using dovecot for authentication of an SASL (postfix) request, i cannot use the allow_nets parameter. The IP-address of the requester is not known in dovecot. I would like to allow sasl for certain users, others are not allowed to access via SASL. Some users can have access to imap and pop3 from certain IP-addresses. How could i combine this in then dovecot configuration? -- Best

Hi, I'm using debian sarge on my server and connected a MGE-ups ellipse via the serial port. I searched the internet for the answer, but can't find it. My config files: <upsd.users> [admin] password = pwd allowfrom = 127.0.0.1/32 actions = set instcmds = all [upsmon] password = pwd allowfrom = 127.0.0.1/32 10.0.0.224/32 upsmon master [upsslave] password

Dear all, We use `allow_nets`[1] to restrict login clients, it works fine. Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"? Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'". Can we have this feature? i guess it should be done

This was brought up in 2014, and left without conclusion, so I thought it would be time to bump it :) I would love a way to do allow_nets based on an RBL check, could this be added to the feature-list? https://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets Thanks -- Tom

Hello, I'm playing with allow_nets function. It is really cool! In a filebased passwd backend you simply add "allow_nets=192.0.2.143/32" as mentioned in http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets But if I use an LDAP backend it looks different. Following http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds and

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I use the allow_nets password extra field [0] for my users. Is there a way to use this functionality for ALL users, and not to edit my passwd-file every time a new user is added ? The alternative i am working for this is the TCP Wrappers. [0]: http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -----BEGIN PGP SIGNATURE----- Version: GnuPG

Hello, I like to enable the allow_nets Feature (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) for my customers. To help them knowing there own IP I imagine a special mailbox/loginuser at the pop3 server. That user could give a valid pop3 answer from a dummy pop3 server or simply throw a login error with customised answer containing the IP information. Has anybody done

On 03/01/2015 06:34 PM, Benny Pedersen wrote: >> The other side of this equation, Postfix, has had this capability >> for years. Why it hasn't been added to dovecot is a mystery. It's >> the only thing (really, the ONLY thing!) that I dislike about dovecot. > > http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > then setup fail2ban to

Hey folks. One feature I'd really like to see in dovecot is the ability to point it at a database (with a configurable query) and have it allow or deny a connection based on looking up the source IP address in that database. I run Postfix, and I've got it configured to use a database server for its smtpd_client_restrictions checks. Ideally I'd like to point dovecot at

Hi, I have the following configuration in my dovecot.conf for Dovecot 2.2.21: passdb { driver = ldap args = /etc/dovecot/dovecot-ldap.conf.ext default_fields = allow_nets=local,127.0.0.1,10.255.1.0/24 } This triggers "auth: Panic" on POP3/IMAP logins as the below: Dec 22 14:57:39 localhost dovecot: auth: ldap(u0000,::1,<oiF8SHYngqsAAAAAAAAAAAAAAAAAAAAB>): allow_nets:

Hi, I've just started trying allow_nets on one of my servers. I have auth_debug and auth_verbose both enabled and the output is as follows: Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at domain.net,x.x.x.x): allow_nets: Matching for network 127.0.0.1/8 Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user at domain.net,x.x.x.x): allow_nets: Matching for network

Hi. I want to use allow_nets in my configuration, but i have some troubles which i cant resolve. To use allow_nets i creates `allow_nets` text field in my mysql users table. My query is: from: dovecot/sql.conf: password_query = SELECT crypt as password, maildir as userdb_mail, 6 AS userdb_uid,6 AS userdb_gid, allow_nets FROM users WHERE id = '%u' from dovecot.conf: auth default {

Hello! I'm trying to restrict imap logins to our internal network for several users, but this breaks dovecot delivery too Even if i set allow_nets to NULL or 0.0.0.0/0 deliver exits with "Error: Auth lookup returned failure" i'm running it as 'command = /usr/lib/dovecot/deliver -e -d "$local_part@$domain" -s' in exim.conf i guess delivery lookups should

Hello, Im using Ubuntu 8.10 with Dovecot 1.0.10. I am using passwd files, not a MySQL database. I have 2 files, a "users" file, and a "passwd" file. I have added: allow_nets=10.1.10.1 to the end of a specific users entry in the users file. When that user tries to login, I get the following in the logs: dovecot: 2009-02-28 09:06:59 Error: IMAP(bob at mydomain.com):

> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot <dovecot at dovecot.org> wrote: > > On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote: >> Recently we need to allow some users to login from everywhere except some IP/networks, > > Can you use firewall rules for this? I suppose not. We don't restrict ALL users this way,

G'day All, I am new to dovecot. I've run across the "allow_net" to restrict access on what seems like a per user basis. Is the a way to global limit access to one or more networks? Marcus O.

I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I have: smtpd_sasl_type = dovecot It works good, but now I need to allow users to connect by IMAP only from given IP adresses. I've added extra field allow_nets to passdb in Dovecot, and IMAP authentication works fine. But now I can't connect to my SMTP server because when smtpd ask dovecot about user

Hi everyone, I have a problem that hopefully has an easy solution. I am setting up an IMAP proxy in a DMZ network. It will connect to the real IMAP server and authenticate using "driver = imap", and this I have working really nicely. What I want to do is have it look up a list of users that are allowed to connect through the proxy before proxying the connection, as not all users with

Hello all, I am testing my dovecot installation in order to restrict access via POP3 for IPs outside my network. I have read and understood the instructions in the wiki and I have reached a configuration that works ONLY when single IPs are listed in allow_nets but not when ranges in the notation x.x.x.x/y are listed. Some examples should be more explanatory. I am using 1.0.rc15 patched as

Hello, Zhang. You can easily do this without a new feature in Dovecot. - Create a post login script, for instance, in bash. - install grepcidr on your server. Your post login script can use grepcidr to check for white or black list. https://wiki.dovecot.org/PostLoginScripting I have implemented this myself on a small open source project, I can send you the links of you want. Andr?. Tue Apr