restrict map-login by geoip?
Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this.
Thanks, -Terry
Terry Barnum digital OutPost http://www.dop.com
I don't know if dovecot does, but your firewall should be able to.
On 09/16/2015 07:32 PM, Terry Barnum wrote:
Is there a way to restrict my user logins from a set of IPs? For example, all my users are in the US so there shouldn't be any logins from other countries. Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone point me to docs on how to set this up? I've searched but haven't found how to accomplish this.
Thanks, -Terry
Terry Barnum digital OutPost http://www.dop.com
Terry Barnum skrev den 2015-09-17 02:32:
I've searched but haven't found how to accomplish this.
http://wiki2.dovecot.org/Authentication/RestrictAccess http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
took me 3 sec :=)
Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this?
Thanks, -Terry
iPhone says Hello World!
On Sep 16, 2015, at 6:31 PM, Benny Pedersen <me@junc.eu> wrote:
Terry Barnum skrev den 2015-09-17 02:32:
I've searched but haven't found how to accomplish this.
http://wiki2.dovecot.org/Authentication/RestrictAccess http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
took me 3 sec :=)
Terry Barnum skrev den 2015-09-17 03:56:
Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this?
i did not write the wiki or dovecot c code, you asked how dovecot if it could doit, i searched the link for you, but i admit i du not understand the wiki self here :(
but basicly
127.0.0.0/8 is one cidr range with many ips 127.0.0.2/32 is a single ip cidr range
for ipv6 its possible aswell, but i dont know how to
On Sep 16, 2015, at 6:31 PM, Benny Pedersen <me@junc.eu> wrote:
Terry Barnum skrev den 2015-09-17 02:32:
I've searched but haven't found how to accomplish this.
http://wiki2.dovecot.org/Authentication/RestrictAccess http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
took me 3 sec :=)
On Sep 16, 2015, at 6:56 PM, Terry Barnum <terry@dop.com> wrote:
Thanks Benny. I should've said I saw AllowNets but in researching it looked like it expected a smaller comma separated list, not hundreds of IP blocks. Is that what you are using to accomplish this?
You could use a geoip table [1] in your firewall or in dovecot with sql and variables [2].
[1] https://dev.maxmind.com/geoip/geoip2/geolite2/ [2] http://wiki2.dovecot.org/Variables
Regards, Bradley Giesbrecht (pixilla)
participants (4)
-
Benny Pedersen
-
Bradley Giesbrecht
-
Edgar Pettijohn
-
Terry Barnum