Hello again,
I am afraid that I must come back with this issue. Following advice from
the Debian package maintainers, I installed a backported 1.0.13 version
which keeps behaving wrongly. To be more specific:
My software version is now:
prisni:/# dovecot --version
1.0.13
My debian packages, just to be redundant:
prisni:/# dpkg -l dovecot*
ii dovecot-common 1.0.13-1~bpo40+1 secure mail
server that supports mbox and maildir mailboxes
ii dovecot-imapd 1.0.13-1~bpo40+1 secure IMAP
server that supports mbox and maildir mailboxes
ii dovecot-pop3d 1.0.13-1~bpo40+1 secure POP3
server that supports mbox and maildir mailboxes
A login attempt from one IP in the allowed network...
prisni:/etc/postfix# telnet 10.34.133.64 143
Trying 10.34.133.64...
Connected to prisni.tiscali.red.
Escape character is '^]'.
* OK Bienvenido a prisni.inicia.es.
001 login [EMAIL PROTECTED] password
001 NO Authentication failed.
002 logout
* BYE Logging out
002 OK Logout completed.
Connection closed by foreign host.
... fails :-(
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default):
sql([EMAIL PROTECTED],10.34.133.64): query: select pd.contrasena as password,
pd.allow_nets from v_permisos_direcciones pd where ( pd.imap = 1 ) and
pd.correo = '[EMAIL PROTECTED]'
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default):
auth([EMAIL PROTECTED],10.34.133.64): allow_nets: Matching for network
10.34.133.0/24
dovecot: 2008-05-07 17:58:34 Info: auth-worker(default):
passdb([EMAIL PROTECTED],10.34.133.64): allow_nets check failed: IP not in
allowed networks
dovecot: 2008-05-07 17:58:35 Info: auth(default): client out: FAIL
1 [EMAIL PROTECTED]
dovecot: 2008-05-07 17:58:37 Info: imap-login: user=<[EMAIL PROTECTED]>,
method=PLAIN, rip=10.34.133.64, lip=10.34.133.64, secured: Aborted login
(1 authentication attempts)
I wonder if this option is rare enough to this issue have remained
undiscovered through versions... Is there anyone out there using
allow_nets in the same way as I am trying to do? Note that using a list
single IPs has always worked in my environment.
Thanks in advance,
Javier
Javier García escribió:
Hello,
Thanks Timo for the response. I will then ask the Debian package
maintainers on this specific issue.
Regards,
Javier
Timo Sirainen escribió:
On Mon, 2008-03-31 at 12:56 +0200, Javier García wrote:
Hello all,
I am testing my dovecot installation in order to restrict access via
POP3 for IPs outside my network. I have read and understood the
instructions in the wiki and I have reached a configuration that
works ONLY when single IPs are listed in allow_nets but not when
ranges in the notation x.x.x.x/y are listed. Some examples should be
more explanatory. I am using 1.0.rc15 patched as for last week as
distributed in Debian etch.
I don't see any obvious entries in ChangeLog related to this, but it
seems to work correctly in v1.0.13 and v1.1.rc4, so maybe it was just
broken in rc15.
