On 30 Apr 2019, at 00:20, Zhang Huangbin via dovecot <dovecot@dovecot.org> wrote: > On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot <dovecot@dovecot.org> wrote: >> >> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot@dovecot.org> >> wrote: >>> Recently we need to allow some users to login from everywhere except some >>> IP/networks, >> >> Can you use firewall rules for this? > > I suppose not. We don't restrict ALL users this way, just few of them.
This iOS sounding odder and odder. > And the client IP addresses may change frequently, not static IPs. And? How is that an issue? Either way you are going to have to change a configuration. At least with a fireball, you don't have to reload dovecot each time. >>> how can we accomplish this with "allow_nets"? >> >> Allow_nets specifies allowed networks. Doesn't say anything else about any >> other use. >> >> "The allow_nets field is a comma separated list of IP addresses and/or >> networks where the user is allowed to log in from." > > I understand what "allow" means. But it will be very handy to support > something like "!a.b.c.d" to allow all but just exclude few IPs/networks. > Isn't it? :) I cannot imagine a case where I would find this useful, no. -- "You never really understand a person until you see things from his point of view, until you climb inside of his skin and walk around in it."