Feature request: exclude IP/network in allow_nets extra field

andre andre at rodier.me
Tue Apr 30 17:37:57 EEST 2019


Hello, Zhang.

You can easily do this without a new feature in Dovecot.

- Create a post login script, for instance, in bash.
 - install grepcidr on your server.

Your post login script can use grepcidr to check for white or black list.

https://wiki.dovecot.org/PostLoginScripting

I have implemented this myself on a small open source project, I can send you the links of you want.

André.

Tue Apr 30 02:57:18 GMT+01:00 2019 Zhang Huangbin via dovecot <dovecot at dovecot.org>:

> Dear all,
>
> We use `allow_nets`[1] to restrict login clients, it works fine.
> Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"?
>
> Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'".
>
> Can we have this feature?
>
> i guess it should be done in function "auth_request_validate_networks"[2] in file src/auth/auth-request.c.
>
> [1] allow_nets: https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
> [2] https://github.com/dovecot/core/blob/fbc3ccc4a9a02b82073585a33254eacedc6a9950/src/auth/auth-request.c#L1990



More information about the dovecot mailing list