[Dovecot] Dovecot + SASL + allow_nets

Marc Cuypers m.cuypers at mgvd.be
Mon Dec 3 17:49:21 EET 2007


Timo Sirainen schreef:
> On 3.12.2007, at 17.39, Marc Cuypers wrote:
> 
>> Timo Sirainen schreef:
>>> On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
>>>> When using dovecot for authentication of an SASL (postfix) request, 
>>>> i cannot use the allow_nets parameter.  The IP-address of the 
>>>> requester is not known in dovecot.
>>>>
>>>> I would like to allow sasl for certain users, others are not allowed 
>>>> to access via SASL.
>>>> Some users can have access to imap and pop3 from certain IP-addresses.
>>>>
>>>> How could i combine this in then dovecot configuration?
>>> Since Postfix doesn't send the IP to Dovecot, there isn't anything on
>>> Dovecot's side you can do. You could try asking about this in Postfix
>>> list.. Someone at least had a patch which allowed sending local IP to
>>> Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends
>>> remote IP as well.
>> Would it be possible to use a different authentication method for 
>> pop/imap and sasl?
> 
> What do you mean by different authentication method? Also all of POP, 
> IMAP and SMTP use SASL actually, so I guess by SASL you mean Postfix? 
> http://wiki.dovecot.org/Sasl and 
> http://wiki.dovecot.org/Authentication/Mechanisms might be useful to read.
> 
> In any case if you want to add some IP checks to SMTP authentication, 
> there's no way to do that on Dovecot's side without changing Postfix.
What i meant was, is there a way to:
	IMAP/POP3: authenticate with dovecot and checking for allow_nets
	SASL (postfix): authenticate with dovecot without the checking for 
allow_nets (just another pass_attrs)

--
Marc


More information about the dovecot mailing list