[Dovecot] Dovecot + SASL + allow_nets

Marc Cuypers m.cuypers at mgvd.be
Tue Dec 4 10:42:07 EET 2007


Noel Jones schreef:
> On Dec 3, 2007 7:36 AM, Marc Cuypers <m.cuypers at mgvd.be> wrote:
>> Hi,
>>
>> When using dovecot for authentication of an SASL (postfix) request, i
>> cannot use the allow_nets parameter.  The IP-address of the requester is
>> not known in dovecot.
>>
>> I would like to allow sasl for certain users, others are not allowed to
>> access via SASL.
>> Some users can have access to imap and pop3 from certain IP-addresses.
>>
>> How could i combine this in then dovecot configuration?
>>
>> --
>> Best regards,
>>
>> Marc
>>
> 
> You can do this in postfix main.cf using the
> smtpd_sasl_exceptions_networks parameter. Normally this parameter
> lists networks *not* allowed to use AUTH, but you can exempt certain
> hosts by proceeding them with a "!".  Note that order matters, here;
> exceptions must come before the static:all entry.
> 
> For example. to offer AUTH only to 192.0.2.0-192.0.2.255:
> # main.cf
> smtpd_sasl_exceptions_networks = !192.0.2.0/24 static:all
> 
> See also
> http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks
> Or for an alternative method:
> http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps
> 
OK, thanks,

But it is not user related.  I want some user to be able to SASL, others 
don't.

--
Marc


More information about the dovecot mailing list