[Dovecot] Dovecot + SASL + allow_nets

[Marc Cuypers]

Andrew Garner schreef:
> On Dec 13, 2007 4:36 AM, Marc Cuypers <m.cuypers at mgvd.be> wrote:
>> Andrew Garner schreef:
>>
>>>> Timo Sirainen schreef:
>>>>> On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
>>>>>> When using dovecot for authentication of an SASL (postfix) request, i
>>>>>> cannot use the allow_nets parameter.  The IP-address of the requester is
>>>>>> not known in dovecot.
>>>>>>
>>>>>> I would like to allow sasl for certain users, others are not allowed to
>>>>>> access via SASL.
>>>>>> Some users can have access to imap and pop3 from certain IP-addresses.
>>>>>>
>>>>>> How could i combine this in then dovecot configuration?
>>>>> Since Postfix doesn't send the IP to Dovecot, there isn't anything on
>>>>> Dovecot's side you can do. You could try asking about this in Postfix
>>>>> list.. Someone at least had a patch which allowed sending local IP to
>>>>> Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends
>>>>> remote IP as well.
>>> I wrote that patch.   It passes both endpoints (remote & local)
>>> through to dovecot .    This lets you restrict smtp-auth just like
>>> pop3 or imap using the remote IP.    In my case, I had played around
>>> with a quick hack for doing per-ip realming (using the local IP) w/
>>> dovecot-sql.
>> Hi Andrew,
>>
>> Where can i find the patch?
>>
> 
> Sorry for taking so long to respond.    Here's the patch, attached.
> It's been tested against the Postfix 2.3/2.4 series, but not the 2.5.x
> "non-production"/development series.    People have reported success
> on Postfix 2.4.6+.     I'm not sure that it'll get accepted for the
> stable series, and I need to clean it up for 2.5 (which changed the
> dovecot xsasl plugin somewhat).    I'll try to work on getting it
> integrated, since there seems to be some interest and no one else has
> submitted a better/any_other patch.
Hi Andrew,

I used the patch on debian/etch, postfix 2.3.8, and it seems to work.

Thank you very much.

--
Marc