Suggestion: Split login_trusted_networks

Peter Mogensen apm at one.com
Fri Jun 20 07:01:57 UTC 2014


Hi,

It seems the use of login_trusted_networks is overloaded.

Example:
* It's used for indicating which hosts you trust to provide XCLIENT 
remote IP's.
* It's used for indicating from which hosts you trust logins enough to 
disable auth penalty. (like in a webmail)

However... trustwise, this is trusting two different entities.
The first case you put trust in the host.
In the second case, you actually put trust in the user which uses the 
webmail (unless of course the webmail it self implements auth-penalties).

So you can't have one set of hosts which you trust for XCLIENT and 
another set of hosts you trust for not being the origin of brute force 
attacks.

/Peter


More information about the dovecot mailing list