Re: [Dovecot] Dovecot + SASL + allow_nets
Timo Sirainen schreef:
On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
When using dovecot for authentication of an SASL (postfix) request, i cannot use the allow_nets parameter. The IP-address of the requester is not known in dovecot.
I would like to allow sasl for certain users, others are not allowed to access via SASL. Some users can have access to imap and pop3 from certain IP-addresses.
How could i combine this in then dovecot configuration?
Since Postfix doesn't send the IP to Dovecot, there isn't anything on Dovecot's side you can do. You could try asking about this in Postfix list.. Someone at least had a patch which allowed sending local IP to Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends remote IP as well.
I wrote that patch. It passes both endpoints (remote & local) through to dovecot . This lets you restrict smtp-auth just like pop3 or imap using the remote IP. In my case, I had played around with a quick hack for doing per-ip realming (using the local IP) w/ dovecot-sql.
Andrew Garner schreef:
Timo Sirainen schreef:
On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
When using dovecot for authentication of an SASL (postfix) request, i cannot use the allow_nets parameter. The IP-address of the requester is not known in dovecot.
I would like to allow sasl for certain users, others are not allowed to access via SASL. Some users can have access to imap and pop3 from certain IP-addresses.
How could i combine this in then dovecot configuration? Since Postfix doesn't send the IP to Dovecot, there isn't anything on Dovecot's side you can do. You could try asking about this in Postfix list.. Someone at least had a patch which allowed sending local IP to Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends remote IP as well.
I wrote that patch. It passes both endpoints (remote & local) through to dovecot . This lets you restrict smtp-auth just like pop3 or imap using the remote IP. In my case, I had played around with a quick hack for doing per-ip realming (using the local IP) w/ dovecot-sql. Hi Andrew,
Where can i find the patch?
-- Marc
Marc Cuypers, on 12/13/2007 5:36 AM, said the following:
Since Postfix doesn't send the IP to Dovecot, there isn't anything on Dovecot's side you can do. You could try asking about this in Postfix list.. Someone at least had a patch which allowed sending local IP to Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends remote IP as well.
I wrote that patch. It passes both endpoints (remote & local) through to dovecot. This lets you restrict smtp-auth just like pop3 or imap using the remote IP. In my case, I had played around with a quick hack for doing per-ip realming (using the local IP) w/ dovecot-sql.
Hi Andrew,
Where can i find the patch?
And more importantly, was it submitted to Wietse for possible integration with the source? I'd be interested in this functionality in the future, but I don't like manually applying patches (I'm not a programmer, yadda yadda)...
--
Best regards,
Charles
On Dec 13, 2007 4:36 AM, Marc Cuypers <m.cuypers@mgvd.be> wrote:
Andrew Garner schreef:
Timo Sirainen schreef:
On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
When using dovecot for authentication of an SASL (postfix) request, i cannot use the allow_nets parameter. The IP-address of the requester is not known in dovecot.
I would like to allow sasl for certain users, others are not allowed to access via SASL. Some users can have access to imap and pop3 from certain IP-addresses.
How could i combine this in then dovecot configuration? Since Postfix doesn't send the IP to Dovecot, there isn't anything on Dovecot's side you can do. You could try asking about this in Postfix list.. Someone at least had a patch which allowed sending local IP to Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends remote IP as well.
I wrote that patch. It passes both endpoints (remote & local) through to dovecot . This lets you restrict smtp-auth just like pop3 or imap using the remote IP. In my case, I had played around with a quick hack for doing per-ip realming (using the local IP) w/ dovecot-sql. Hi Andrew,
Where can i find the patch?
-- Marc
Sorry for taking so long to respond. Here's the patch, attached. It's been tested against the Postfix 2.3/2.4 series, but not the 2.5.x "non-production"/development series. People have reported success on Postfix 2.4.6+. I'm not sure that it'll get accepted for the stable series, and I need to clean it up for 2.5 (which changed the dovecot xsasl plugin somewhat). I'll try to work on getting it integrated, since there seems to be some interest and no one else has submitted a better/any_other patch.
Andrew Garner schreef:
On Dec 13, 2007 4:36 AM, Marc Cuypers <m.cuypers@mgvd.be> wrote:
Andrew Garner schreef:
Timo Sirainen schreef:
On Mon, 2007-12-03 at 14:36 +0100, Marc Cuypers wrote:
When using dovecot for authentication of an SASL (postfix) request, i cannot use the allow_nets parameter. The IP-address of the requester is not known in dovecot.
I would like to allow sasl for certain users, others are not allowed to access via SASL. Some users can have access to imap and pop3 from certain IP-addresses.
How could i combine this in then dovecot configuration? Since Postfix doesn't send the IP to Dovecot, there isn't anything on Dovecot's side you can do. You could try asking about this in Postfix list.. Someone at least had a patch which allowed sending local IP to Dovecot (http://marc.info/?t=119306971600010&r=1&w=2). Maybe it sends remote IP as well. I wrote that patch. It passes both endpoints (remote & local) through to dovecot . This lets you restrict smtp-auth just like pop3 or imap using the remote IP. In my case, I had played around with a quick hack for doing per-ip realming (using the local IP) w/ dovecot-sql. Hi Andrew,
Where can i find the patch?
Sorry for taking so long to respond. Here's the patch, attached. It's been tested against the Postfix 2.3/2.4 series, but not the 2.5.x "non-production"/development series. People have reported success on Postfix 2.4.6+. I'm not sure that it'll get accepted for the stable series, and I need to clean it up for 2.5 (which changed the dovecot xsasl plugin somewhat). I'll try to work on getting it integrated, since there seems to be some interest and no one else has submitted a better/any_other patch. Hi Andrew,
I used the patch on debian/etch, postfix 2.3.8, and it seems to work.
Thank you very much.
-- Marc
participants (3)
-
Andrew Garner
-
Charles Marcus
-
Marc Cuypers