[Dovecot] Restricting IP and/or user access (POP3/IMAP)
Hi,
The documentation says to authenticate only from a specific IP or network… if you set this to 127.0.0.1 to indicate the local loop then this effectively blocks every IP address but this one. Since the extra field is in passdb then this would imply it can be done on a per user basis.
Have you tried this?
Phil
From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org] On Behalf Of Jos Chrispijn Sent: 24 August 2006 15:08 To: dovecot@dovecot.org Subject: [Dovecot] Restricting IP and/or user access (POP3/IMAP)
Hi, Just new on this mailinglist; I sure hope my questions wouldn't be too dumb for words :-)
Q: Restricting IP and/or user access (POP3/IMAP)
What I would like to do is blocking some of my user from fetching their mail with neither POP3 nor IMAP. The only way of letting them read/write their e-mail is to be done with my/their Webmail client.
On the site of Dovecot I read: 'It's possible to allow user to authenticate only from a specific IP or network. This is especially useful for master users. This can be done by returning allow_nets extra field in passdb.'
Actually I am looking for a way of _blocking_ user(names) or certain IP adress(es) instead of _allowing_ certain IP adresses to get their POP3/IMAP mail. Pls could someone hint me out on this?
Thanks in advance. Jos
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.405 / Virus Database: 268.11.5/426 - Release Date: 23/08/2006
Phil,
The documentation says to authenticate only from a specific IP or network… if you set this to 127.0.0.1 to indicate the local loop then this effectively blocks every IP address but this one. Since the extra field is in passdb then this would imply it can be done on a per user basis I considered this solution, but it isn't what I have in mind; everyone must be able to fetch POP3/IMAP mail, but some users have to be blocked. In other words: user JohnDoe can't fetch his mail thru Dovecot, but can still logon thru webmail with his username/password. JaneDoe can both fetch her mail with POP3/IMAP as well as thru webmail with her username/password.
I think I overlook something here, but haven't find a right solution yet. Perhaps a plugin??
Jos
On Thu, Aug 24, 2006 at 05:39:42PM +0200, Jos Chrispijn wrote:
I considered this solution, but it isn't what I have in mind; everyone must be able to fetch POP3/IMAP mail, but some users have to be blocked. In other words: user JohnDoe can't fetch his mail thru Dovecot, but can still logon thru webmail with his username/password. JaneDoe can both fetch her mail with POP3/IMAP as well as thru webmail with her username/password.
Then for JohnDoe set allow_nets to 127.0.0.1 (or the IP of the server running the webmail interface), and for JaneDoe don't set a restriction (or set it to 0.0.0.0, haven't tried it).
GeertGeert Hendrickx schreef (24-08-06 18:02):
Then for JohnDoe set allow_nets to 127.0.0.1 (or the IP of the server running the webmail interface), and for JaneDoe don't set a restriction (or set it to 0.0.0.0, haven't tried it).
I will try that as well. Thanks you all for replying on my question!
Jos
participants (3)
-
Geert Hendrickx
-
Jos Chrispijn
-
Phil Clare