[Dovecot] Problem with allow_nets passdb parameter and Postfix
I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I have:
smtpd_sasl_type = dovecot
It works good, but now I need to allow users to connect by IMAP only from given IP adresses. I've added extra field allow_nets to passdb in Dovecot, and IMAP authentication works fine. But now I can't connect to my SMTP server because when smtpd ask dovecot about user authentification, dovecot always denied it. Even if I try to connect to SMTP from correct IP, listed in allow_nets for user. In dovecot log I have messages about incorrect ip like this:
dovecot: 2010-02-15 13:28:51 Info: auth(default): passwd-file(malamut): lookup: user=malamut file=/etc/dovecot/temp.users dovecot: 2010-02-15 13:28:51 Info: auth(default): passdb(malamut): allow_nets check failed: Remote IP not known dovecot: 2010-02-15 13:28:53 Info: auth(default): client out: FAIL 7 user=malamut
Problem is clear: smtpd don't send client IP to dovecot authentication socket. But I need to limit the ability of connection to users only from specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15 and Postfix 2.5.5 on Debian Lenny.
On Mon, 2010-02-15 at 14:00 +0300, Неворотин Вадим wrote:
allow_nets check failed: Remote IP not known
Problem is clear: smtpd don't send client IP to dovecot authentication socket.
Yep. The only way you can get Postfix to send IP to Dovecot is by patching Postfix sources.
Do you mean all users must connect from only specific IP, or is it a per-user configuration? If all users, maybe you can do this on Postfix side some other way. Or require clients to use submission port or a different IP and use a firewall.
participants (2)
-
Timo Sirainen
-
Неворотин Вадим