Suggestion: Split login_trusted_networks

Peter Mogensen apm at one.com
Mon Jun 27 12:46:07 UTC 2016


Hi,

For the upcoming 2.3 development, I'd like to re-suggest this:

It seems the use of login_trusted_networks is overloaded.

Example:
* It's used for indicating which hosts you trust to provide XCLIENT 
remote IP's. (like a proxy)
* It's used for indicating from which hosts you trust logins enough to 
disable auth penalty. (like in a webmail)

Often these two uses cases have a different set of hosts.

So you can't have one set of hosts which you trust for XCLIENT and 
another set of hosts you trust for not being the origin of brute force 
attacks.

/Peter


More information about the dovecot mailing list