On 05/07/2010 02:00 PM Thomas Hummel wrote:
Hello Timo,
is there a way, either in 1.2.x or in 2.x to activate
disable_plaintext_auth=yes
only for some address or network ?
The idea would be to enable clients from the internal networks to keep making clear text connections while forbidding it to the rest of the world.
Thanks.
By default "disable_plaintext_auth = yes" is set, in all Dovecot versions. With Dovecot v2.0 you can put something like the following in your dovecot.conf:
remote 192.168.111.0/24 { disable_plaintext_auth = no } remote fdfd:ffff:dddd::0/48 { disable_plaintext_auth = no }
Testing the settings:
~ # doveconf disable_plaintext_auth disable_plaintext_auth = yes ~ # doveconf -f rip=192.168.0.1 disable_plaintext_auth disable_plaintext_auth = yes ~ # doveconf -f rip=fdfd:ffff:dddd::abcd disable_plaintext_auth disable_plaintext_auth = no ~ # doveconf -f rip=192.168.111.234 disable_plaintext_auth disable_plaintext_auth = no
The dovecot.conf for v2.0 contains also: # Space separated list of trusted network ranges. Connections from these # IPs are allowed to override their IP addresses and ports (for logging and # for authentication checks). disable_plaintext_auth is also ignored for # these networks. Typically you'd specify your IMAP proxy servers here. #login_trusted_networks =
Regards, Pascal
The trapper recommends today: 5e1f1e55.1012716@localdomain.org