[Dovecot] Dovecot + SASL + allow_nets
Marc Cuypers
m.cuypers at mgvd.be
Mon Dec 3 17:49:21 EET 2007
Timo Sirainen schreef:
> On 3.12.2007, at 17.39, Marc Cuypers wrote:
>
>> Timo Sirainen schreef:
>>> On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
>>>> When using dovecot for authentication of an SASL (postfix) request,
>>>> i cannot use the allow_nets parameter. The IP-address of the
>>>> requester is not known in dovecot.
>>>>
>>>> I would like to allow sasl for certain users, others are not allowed
>>>> to access via SASL.
>>>> Some users can have access to imap and pop3 from certain IP-addresses.
>>>>
>>>> How could i combine this in then dovecot configuration?
>>> Since Postfix doesn't send the IP to Dovecot, there isn't anything on
>>> Dovecot's side you can do. You could try asking about this in Postfix
>>> list.. Someone at least had a patch which allowed sending local IP to
>>> Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends
>>> remote IP as well.
>> Would it be possible to use a different authentication method for
>> pop/imap and sasl?
>
> What do you mean by different authentication method? Also all of POP,
> IMAP and SMTP use SASL actually, so I guess by SASL you mean Postfix?
> http://wiki.dovecot.org/Sasl and
> http://wiki.dovecot.org/Authentication/Mechanisms might be useful to read.
>
> In any case if you want to add some IP checks to SMTP authentication,
> there's no way to do that on Dovecot's side without changing Postfix.
What i meant was, is there a way to:
IMAP/POP3: authenticate with dovecot and checking for allow_nets
SASL (postfix): authenticate with dovecot without the checking for
allow_nets (just another pass_attrs)
--
Marc
More information about the dovecot
mailing list