Suggestion: Split login_trusted_networks
apm at one.com
Fri Jun 20 07:01:57 UTC 2014
It seems the use of login_trusted_networks is overloaded.
* It's used for indicating which hosts you trust to provide XCLIENT
* It's used for indicating from which hosts you trust logins enough to
disable auth penalty. (like in a webmail)
However... trustwise, this is trusting two different entities.
The first case you put trust in the host.
In the second case, you actually put trust in the user which uses the
webmail (unless of course the webmail it self implements auth-penalties).
So you can't have one set of hosts which you trust for XCLIENT and
another set of hosts you trust for not being the origin of brute force
More information about the dovecot