[Dovecot] Dovecot's as ip/user based login filter?
Sysadmin
sysadmin at e-positive.ee
Tue Apr 11 10:18:24 EEST 2006
Tere.
> Dovecot 1.0beta4 and newer support "allow_nets" field userdb. So with
> SQL you'd do eg.:
>
> select uid, gid, home, allow_nets from users where username = '%u'
>
> where allow_nets contains something like: 192.168.0.0/24,10.0.0.0/8
>
> Or the same is possible with passwd-file, etc.
>
Thank You from hint, I looks promising.
However, I don't use SQL, dovecot.conf shows using passdb pam, so passwd
file solution seems reasonable, would You kindly give more hints about
this allow_nets parameter and I still can't figure out how to set
different settings, basically situation is - I have firewall protected
network in which also mailserver runs, and everyone with account, can
access it. Now I have some privileged users which need access also from
outside, true firewall, so seems I must use kind of two pair of rules,
something like:
First, default rule, where I define my networks, like
192.168.0.0/24,10.0.0.0/8 and this allow all users from these networks
to access dovecot. I presume I can't define networks this way =
192.168.0.0/24,10.0.0.0/8:993
Second, special rule, where I define other networks, like 0.0.0.0 and
allowe some privileged users to access from these networks.
Or You mean that all others use default networks like before, and with
this allow_nets I just add 0.0.0.0 to every privileged user? Can I make
a group or I must list every one with his own rule?
I need also give also Postfix-sasl access for these privileges users,
but I think I'll solve it adding their account/password for sasl into
sasldb only.
--
Sysadmin
More information about the dovecot
mailing list