On Dec 3, 2007 7:36 AM, Marc Cuypers m.cuypers@mgvd.be wrote:
Hi,
When using dovecot for authentication of an SASL (postfix) request, i cannot use the allow_nets parameter. The IP-address of the requester is not known in dovecot.
I would like to allow sasl for certain users, others are not allowed to access via SASL. Some users can have access to imap and pop3 from certain IP-addresses.
How could i combine this in then dovecot configuration?
-- Best regards,
Marc
You can do this in postfix main.cf using the smtpd_sasl_exceptions_networks parameter. Normally this parameter lists networks *not* allowed to use AUTH, but you can exempt certain hosts by proceeding them with a "!". Note that order matters, here; exceptions must come before the static:all entry.
For example. to offer AUTH only to 192.0.2.0-192.0.2.255: # main.cf smtpd_sasl_exceptions_networks = !192.0.2.0/24 static:all
See also http://www.postfix.org/postconf.5.html#smtpd_sasl_exceptions_networks Or for an alternative method: http://www.postfix.org/postconf.5.html#smtpd_discard_ehlo_keyword_address_ma...
-- Noel Jones