[Dovecot] Dovecot configuration and question about IP trusted
Hello list,
I've just finished to install Dovecot and things seems to work so far. After some little efforts though. My version is 2.0.20
Question 1:
I'm trying to tighten the security a little bit and added in dovecot.conf
login_trusted_networks = 192.168.1.0/30 Then restarted Dovecot
My client has the IP 192.168.1.20 and it's still able to retrieve emails. I expected it to be forbidden. Am I missing something ?
# dovecot -n | grep trust login_trusted_networks = 192.168.1.0/30
Question 2: I feel that Dovecot is slow. I'm doing my test with my iphone as an imap client. Test 1: I retrieve a mail on a remote server provided by a hosting company, it takes 2 seconds Test 2: I retrieve a mail on my server which is on my LAN, the mail includes a few letters in the subject and a few letters in the body. The action takes about 8 seconds. It's quite subtule to measure so first I would like to know if Dovecot tries to do a dns reverse lookup or something like that. And it would explain the overhead.
Thank you
Hi,
I 'm trying to tighten the security a little bit and added in dovecot.conf
login_trusted_networks = 192.168.1.0/30 Then restarted Dovecot
My client has the IP 192.168.1.20 and it's still able to retrieve emails. I expected it to be forbidden. Am I missing something ?
My interpretation of the documentation indicates that the trusted network setting causes certain authentication and security checks to be bypassed if a computer is in the trusted network, and to not bypass those authentication and security checks if the computer is not in the trusted range. I see nothing indicating this setting will "forbid" anything...
I feel that Dovecot is slow. I'm doing my test with my iphone as an imap client. Test 1: I retrieve a mail on a remote server provided by a hosting company, it takes 2 seconds Test 2: I retrieve a mail on my server which is on my LAN, the mail includes a few letters in the subject and a few letters in the body. The action takes about 8 seconds. It's quite subtule to measure so first I would like to know if Dovecot tries to do a dns reverse lookup or something like that. And it would explain the overhead.
I don't know about the reverse lookup, but this sounds like a caching issue to me. http://wiki2.dovecot.org/IndexFiles
Thank you
--
Computerisms
Bob Miller
867-334-7117 / 867 633 3760
http://computerisms.ca
De : Bob Miller <bob@computerisms.ca>
Hi,
I'm trying to tighten the security a little bit and added in dovecot.conf
login_trusted_networks = 192.168.1.0/30 Then restarted Dovecot
My client has the IP 192.168.1.20 and it's still able to retrieve emails. I expected it to be forbidden. Am I missing something ?
My interpretation of the documentation indicates that the trusted network setting causes certain authentication and security checks to be bypassed if a computer is in the trusted network, and to not bypass those authentication and security checks if the computer is not in the trusted range. I see nothing indicating this setting will "forbid" anything...
I feel that Dovecot is slow. I'm doing my test with my iphone as an imap client. Test 1: I retrieve a mail on a remote server provided by a hosting company, it takes 2 seconds Test 2: I retrieve a mail on my server which is on my LAN, the mail includes a few letters in the subject and a few letters in the body. The action takes about 8 seconds. It's quite subtule to measure so first I would like to know if Dovecot tries to do a dns reverse lookup or something like that. And it would explain the overhead.
I don't know about the reverse lookup, but this sounds like a caching issue to me. http://wiki2.dovecot.org/IndexFiles
Hello Bob,
Thank you for this clarification about the parameter login_trusted_networks.
Regarding the indexfiles, I've read the page but I don't see at any moment, how to enable or disable the indexes.
Also how do you understand this sentence "# Don't use mmap() at all. This is required if you store indexes to shared # filesystems (NFS or clustered filesystem) or for some operating systems # which use a separate cache for mmap, such as OpenBSD. mmap_disable = yes" I've read it 10 times, and I don't know if this should be set to yes or no (probably because my english is not perfect). My operating system is OpenBSD and I don't share NFS or cluster filesystems.
Thank you
Hi Mik,
Also how do you understand this sentence "# Don't use mmap() at all. This is required if you store indexes to shared # filesystems (NFS or clustered filesystem) or for some operating systems # which use a separate cache for mmap, such as OpenBSD. mmap_disable = yes" I've read it 10 times, and I don't know if this should be set to yes or no (probably because my english is not perfect). My operating system is OpenBSD and I don't share NFS or cluster filesystems.
Well, your english is monumentally better than my second language (if you could even say I have one), so good on you...
I interpret this sentence as an if statement:
if [[ (using NFS||Cluster) == true || (using OS w separate cache for mmap, such as OpenBSD) == true ]]; then setting is required (set to yes/true) fi
Thank you
--
Computerisms
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
De : Bob Miller <bob@computerisms.ca>
Hi Mik,
Also how do you understand this sentence "# Don't use mmap() at all. This is required if you store indexes
to shared
# filesystems (NFS or clustered filesystem) or for some operating systems # which use a separate cache for mmap, such as OpenBSD. mmap_disable = yes" I've read it 10 times, and I don't know if this should be set to yes or no (probably because my english is not perfect). My operating system is OpenBSD and I don't share NFS or cluster filesystems.
Well, your english is monumentally better than my second language (if you could even say I have one), so good on you...
I interpret this sentence as an if statement:
if [[ (using NFS||Cluster) == true || (using OS w separate cache for mmap, such as OpenBSD) == true ]]; then setting is required (set to yes/true) fi
Thank you for your answers. Have a nice week end
participants (2)
-
Bob Miller
-
Mik J