This bug is finally fixed: http://hg.dovecot.org/dovecot-1.1/rev/e76f93b48187
On Tue, 2008-10-28 at 13:55 +0000, Guy wrote:
Hi,
I've just started trying allow_nets on one of my servers. I have auth_debug and auth_verbose both enabled and the output is as follows: Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user@domain.net,x.x.x.x): allow_nets: Matching for network 127.0.0.1/8 Oct 28 13:05:48 mink dovecot: auth-worker(default): auth(user@domain.net,x.x.x.x): allow_nets: Matching for network 10.0.7.176/28 Oct 28 13:05:48 mink dovecot: auth-worker(default): passdb(user@domain.net,x.x.x.x): allow_nets check failed: IP not in allowed networks Oct 28 13:05:50 mink dovecot: auth(default): client out: FAIL 1265 user=username@aluminati.net Oct 28 13:05:50 mink dovecot: auth(default): cache(user@domain.net,x.x.x.x): hit: <hidden> user=user@domain.net Oct 28 13:05:50 mink dovecot: auth(default): client out: OK 1266 user=user@domain.net
auth_cache_ttl is set to 300. If I set it to 1 then the allow_nets successfully rejects. Once I set it back up to 300 the cache overrides the result from the allow_nets check and let's the account log in even though the allow_nets check fails.
I've tried waiting for longer than the 300 seconds and then logged in again, but I still get the same result as above.
Is there a gotcha that I'm unaware of or have I done something stupid (which seems the most likely :P)?
Thanks Guy