[Dovecot] Dovecot + SASL + allow_nets

Noel Jones noeldude at gmail.com
Mon Dec 3 20:10:14 EET 2007


On Dec 3, 2007 7:36 AM, Marc Cuypers <m.cuypers at mgvd.be> wrote:
> Hi,
>
> When using dovecot for authentication of an SASL (postfix) request, i
> cannot use the allow_nets parameter.  The IP-address of the requester is
> not known in dovecot.
>
> I would like to allow sasl for certain users, others are not allowed to
> access via SASL.
> Some users can have access to imap and pop3 from certain IP-addresses.
>
> How could i combine this in then dovecot configuration?
>
> --
> Best regards,
>
> Marc
>

You can do this in postfix main.cf using the
smtpd_sasl_exceptions_networks parameter. Normally this parameter
lists networks *not* allowed to use AUTH, but you can exempt certain
hosts by proceeding them with a "!".  Note that order matters, here;
exceptions must come before the static:all entry.

For example. to offer AUTH only to 192.0.2.0-192.0.2.255:
# main.cf
smtpd_sasl_exceptions_networks = !192.0.2.0/24 static:all

See also
http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks
Or for an alternative method:
http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_maps

-- 
Noel Jones


More information about the dovecot mailing list