Feature request: exclude IP/network in allow_nets extra field
andre
andre at rodier.me
Tue Apr 30 17:45:48 EEST 2019
Sorry for the top posting, I have not setup my new phone yet.
Here the script sample: https://github.com/progmaticltd/homebox/blob/dev/install/playbooks/roles/dovecot/files/access-check-whitelist.sh
André.
Tue Apr 30 15:33:51 GMT+01:00 2019 andre <andre at rodier.me>:
>
> Hello, Zhang.
>
> You can easily do this without a new feature in Dovecot.
>
> - Create a post login script, for instance, in bash.
> - install grepcidr on your server.
>
> Your post login script can use grepcidr to check for white or black list.
>
> https://wiki.dovecot.org/PostLoginScripting
>
> I have implemented this myself on a small open source project, I can send you the links of you want.
>
> André.
>
> Tue Apr 30 02:57:18 GMT+01:00 2019 Zhang Huangbin via dovecot <dovecot at dovecot.org>:
>
>> Dear all,
>>
>> We use `allow_nets`[1] to restrict login clients, it works fine.
>> Recently we need to allow some users to login from everywhere except some IP/networks, how can we accomplish this with "allow_nets"?
>>
>> Tried allow_nets="!a.b.c.d", but Dovecot reports error "allow_nets: Invalid network '!a.b.c.d'".
>>
>> Can we have this feature?
>>
>> i guess it should be done in function "auth_request_validate_networks"[2] in file src/auth/auth-request.c.
>>
>> [1] allow_nets: https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>> [2] https://github.com/dovecot/core/blob/fbc3ccc4a9a02b82073585a33254eacedc6a9950/src/auth/auth-request.c#L1990
>
More information about the dovecot
mailing list