Re: [Dovecot] Problem with allow_nets passdb parameter and Postfix
Oh. I actually checked v2.7 code before replying, but I was stupidly searching only for a full "rip" word, while the code had "\trip" :) On Thu, 2010-02-18 at 18:41 +0300, Неворотин Вадим wrote: > Well, I've asked this question in Postfix mail list and after discussion as > I understand Postfix 2.7 send all necessary client information to Dovecot > socket. But I haven't try this solution yet. > > 2010/2/18 Timo Sirainen > > > On Mon, 2010-02-15 at 14:00 +0300, Неворотин Вадим wrote: > > > allow_nets check failed: Remote IP not known > > > > > Problem is clear: smtpd don't send client IP to dovecot authentication > > > socket. > > > > Yep. The only way you can get Postfix to send IP to Dovecot is by > > patching Postfix sources. > > > > > But I need to limit the ability of connection to users only from > > > specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot > > 1.0.15 > > > and Postfix 2.5.5 on Debian Lenny. > > > > Do you mean all users must connect from only specific IP, or is it a > > per-user configuration? If all users, maybe you can do this on Postfix > > side some other way. Or require clients to use submission port or a > > different IP and use a firewall. > > signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Problem with allow_nets passdb parameter and Postfix
Well, I've asked this question in Postfix mail list and after discussion as I understand Postfix 2.7 send all necessary client information to Dovecot socket. But I haven't try this solution yet. 2010/2/18 Timo Sirainen > On Mon, 2010-02-15 at 14:00 +0300, Неворотин Вадим wrote: > > allow_nets check failed: Remote IP not known > > > Problem is clear: smtpd don't send client IP to dovecot authentication > > socket. > > Yep. The only way you can get Postfix to send IP to Dovecot is by > patching Postfix sources. > > > But I need to limit the ability of connection to users only from > > specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot > 1.0.15 > > and Postfix 2.5.5 on Debian Lenny. > > Do you mean all users must connect from only specific IP, or is it a > per-user configuration? If all users, maybe you can do this on Postfix > side some other way. Or require clients to use submission port or a > different IP and use a firewall. >
Re: [Dovecot] Problem with allow_nets passdb parameter and Postfix
On Mon, 2010-02-15 at 14:00 +0300, Неворотин Вадим wrote: > allow_nets check failed: Remote IP not known > Problem is clear: smtpd don't send client IP to dovecot authentication > socket. Yep. The only way you can get Postfix to send IP to Dovecot is by patching Postfix sources. > But I need to limit the ability of connection to users only from > specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15 > and Postfix 2.5.5 on Debian Lenny. Do you mean all users must connect from only specific IP, or is it a per-user configuration? If all users, maybe you can do this on Postfix side some other way. Or require clients to use submission port or a different IP and use a firewall. signature.asc Description: This is a digitally signed message part
[Dovecot] Problem with allow_nets passdb parameter and Postfix
I use Dovecot for SASL authentication from Postfix. In Postfix main.cf I have: smtpd_sasl_type = dovecot It works good, but now I need to allow users to connect by IMAP only from given IP adresses. I've added extra field allow_nets to passdb in Dovecot, and IMAP authentication works fine. But now I can't connect to my SMTP server because when smtpd ask dovecot about user authentification, dovecot always denied it. Even if I try to connect to SMTP from correct IP, listed in allow_nets for user. In dovecot log I have messages about incorrect ip like this: dovecot: 2010-02-15 13:28:51 Info: auth(default): passwd-file(malamut): lookup: user=malamut file=/etc/dovecot/temp.users dovecot: 2010-02-15 13:28:51 Info: auth(default): passdb(malamut): allow_nets check failed: Remote IP not known dovecot: 2010-02-15 13:28:53 Info: auth(default): client out: FAIL 7 user=malamut Problem is clear: smtpd don't send client IP to dovecot authentication socket. But I need to limit the ability of connection to users only from specific IP. Both for SMTP and IMAP. How can I do that? I use dovecot 1.0.15 and Postfix 2.5.5 on Debian Lenny.
