On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot <dovecot@dovecot.org> wrote:
On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot@dovecot.org> wrote:
Recently we need to allow some users to login from everywhere except some IP/networks,
Can you use firewall rules for this?
I suppose not. We don't restrict ALL users this way, just few of them. And the client IP addresses may change frequently, not static IPs.
how can we accomplish this with "allow_nets"?
Allow_nets specifies allowed networks. Doesn't say anything else about any other use.
"The allow_nets field is a comma separated list of IP addresses and/or networks where the user is allowed to log in from."
I understand what "allow" means. But it will be very handy to support something like "!a.b.c.d" to allow all but just exclude few IPs/networks. Isn't it? :)