Hello again,
I am afraid that I must come back with this issue. Following advice from the Debian package maintainers, I installed a backported 1.0.13 version which keeps behaving wrongly. To be more specific:
My software version is now: prisni:/# dovecot --version 1.0.13
My debian packages, just to be redundant: prisni:/# dpkg -l dovecot* ii dovecot-common 1.0.13-1~bpo40+1 secure mail server that supports mbox and maildir mailboxes ii dovecot-imapd 1.0.13-1~bpo40+1 secure IMAP server that supports mbox and maildir mailboxes ii dovecot-pop3d 1.0.13-1~bpo40+1 secure POP3 server that supports mbox and maildir mailboxes
A login attempt from one IP in the allowed network... prisni:/etc/postfix# telnet 10.34.133.64 143 Trying 10.34.133.64... Connected to prisni.tiscali.red. Escape character is '^]'.
- OK Bienvenido a prisni.inicia.es. 001 login user@domain password 001 NO Authentication failed. 002 logout
- BYE Logging out 002 OK Logout completed. Connection closed by foreign host.
... fails :-(
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default):
sql(user@domain,10.34.133.64): query: select pd.contrasena as password,
pd.allow_nets from v_permisos_direcciones pd where ( pd.imap = 1 ) and
pd.correo = 'user@domain'
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default):
auth(user@domain,10.34.133.64): allow_nets: Matching for network
10.34.133.0/24
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default):
passdb(user@domain,10.34.133.64): allow_nets check failed: IP not in
allowed networks
dovecot: 2008-05-07 17:58:35 Info: auth(default): client out: FAIL
1 user=user@domain
dovecot: 2008-05-07 17:58:37 Info: imap-login: user=<user@domain>,
method=PLAIN, rip=10.34.133.64, lip=10.34.133.64, secured: Aborted login
(1 authentication attempts)
I wonder if this option is rare enough to this issue have remained undiscovered through versions... Is there anyone out there using allow_nets in the same way as I am trying to do? Note that using a list single IPs has always worked in my environment.
Thanks in advance, Javier
Javier García escribió:
Hello,
Thanks Timo for the response. I will then ask the Debian package maintainers on this specific issue.
Regards, Javier
Timo Sirainen escribió:
On Mon, 2008-03-31 at 12:56 +0200, Javier García wrote:
Hello all,
I am testing my dovecot installation in order to restrict access via POP3 for IPs outside my network. I have read and understood the instructions in the wiki and I have reached a configuration that works ONLY when single IPs are listed in allow_nets but not when ranges in the notation x.x.x.x/y are listed. Some examples should be more explanatory. I am using 1.0.rc15 patched as for last week as distributed in Debian etch.
I don't see any obvious entries in ChangeLog related to this, but it seems to work correctly in v1.0.13 and v1.1.rc4, so maybe it was just broken in rc15.