[Dovecot] Dovecot + SASL + allow_nets

Timo Sirainen tss at iki.fi
Mon Dec 3 17:45:22 EET 2007


On 3.12.2007, at 17.39, Marc Cuypers wrote:

> Timo Sirainen schreef:
>> On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
>>> When using dovecot for authentication of an SASL (postfix)  
>>> request, i cannot use the allow_nets parameter.  The IP-address  
>>> of the requester is not known in dovecot.
>>>
>>> I would like to allow sasl for certain users, others are not  
>>> allowed to access via SASL.
>>> Some users can have access to imap and pop3 from certain IP- 
>>> addresses.
>>>
>>> How could i combine this in then dovecot configuration?
>> Since Postfix doesn't send the IP to Dovecot, there isn't anything on
>> Dovecot's side you can do. You could try asking about this in Postfix
>> list.. Someone at least had a patch which allowed sending local IP to
>> Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends
>> remote IP as well.
> Would it be possible to use a different authentication method for  
> pop/imap and sasl?

What do you mean by different authentication method? Also all of POP,  
IMAP and SMTP use SASL actually, so I guess by SASL you mean Postfix?  
http://wiki.dovecot.org/Sasl and http://wiki.dovecot.org/ 
Authentication/Mechanisms might be useful to read.

In any case if you want to add some IP checks to SMTP authentication,  
there's no way to do that on Dovecot's side without changing Postfix.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20071203/57cdb4ec/attachment.bin 


More information about the dovecot mailing list