[Dovecot] Allow_nets + MySQL failing when using range notation

Javier García javier.garcia at ibercom.com
Wed May 7 19:15:17 EEST 2008 

Hello again,

I am afraid that I must come back with this issue. Following advice from 
the Debian package maintainers, I installed a backported 1.0.13 version 
which keeps behaving wrongly. To be more specific:

My software version is now:
prisni:/# dovecot --version
1.0.13

My debian packages, just to be redundant:
prisni:/# dpkg -l dovecot*
ii  dovecot-common              1.0.13-1~bpo40+1            secure mail 
server that supports mbox and maildir mailboxes
ii  dovecot-imapd               1.0.13-1~bpo40+1            secure IMAP 
server that supports mbox and maildir mailboxes
ii  dovecot-pop3d               1.0.13-1~bpo40+1            secure POP3 
server that supports mbox and maildir mailboxes

A login attempt from one IP in the allowed network...
prisni:/etc/postfix# telnet 10.34.133.64 143
Trying 10.34.133.64...
Connected to prisni.tiscali.red.
Escape character is '^]'.
* OK Bienvenido a prisni.inicia.es.
001 login user at domain password
001 NO Authentication failed.
002 logout
* BYE Logging out
002 OK Logout completed.
Connection closed by foreign host.

... fails :-(
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default): 
sql(user at domain,10.34.133.64): query: select pd.contrasena as password, 
pd.allow_nets from v_permisos_direcciones pd where ( pd.imap = 1 ) and 
pd.correo = 'user at domain'
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default): 
auth(user at domain,10.34.133.64): allow_nets: Matching for network 
10.34.133.0/24
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default): 
passdb(user at domain,10.34.133.64): allow_nets check failed: IP not in 
allowed networks
dovecot: 2008-05-07 17:58:35 Info: auth(default): client out: FAIL      
1       user=user at domain
dovecot: 2008-05-07 17:58:37 Info: imap-login: user=<user at domain>, 
method=PLAIN, rip=10.34.133.64, lip=10.34.133.64, secured: Aborted login 
(1 authentication attempts)

I wonder if this option is rare enough to this issue have remained 
undiscovered through versions... Is there anyone out there using 
allow_nets in the same way as I am trying to do? Note that using a list 
single IPs has always worked in my environment.

Thanks in advance,
Javier

Javier García escribió:
> Hello,
>
> Thanks Timo for the response. I will then ask the Debian package 
> maintainers on this specific issue.
>
> Regards,
> Javier
>
> Timo Sirainen escribió:
>> On Mon, 2008-03-31 at 12:56 +0200, Javier García wrote:
>>  
>>> Hello all,
>>>
>>> I am testing my dovecot installation in order to restrict access via 
>>> POP3 for IPs outside my network. I have read and understood the 
>>> instructions in the wiki and I have reached a configuration that 
>>> works ONLY when single IPs are listed in allow_nets but not when 
>>> ranges in the notation x.x.x.x/y are listed. Some examples should be 
>>> more explanatory. I am using 1.0.rc15 patched as for last week as 
>>> distributed in Debian etch.
>>>     
>>
>> I don't see any obvious entries in ChangeLog related to this, but it
>> seems to work correctly in v1.0.13 and v1.1.rc4, so maybe it was just
>> broken in rc15.
>>
>>   
>
>

More information about the dovecot mailing list