On Wed, 2011-02-09 at 11:57 +0100, Thomas Hummel wrote:
> My understanding is that I cannot use some negative form of "allow_nets". The
> only mechanism I can think of is tcp_wrappers. However, dovecot documentation
> mention it only in the dovecot-1 section. Does it work the same way with
> dovecot-2 ?
> Is it a bad idea (I'm thinking of the induced overhead) ?
> Can you see another way to blacklist (at dovecot application level) some
> sources ?
If tcpwrappers supports it, then it should be pretty easy with v2.0, as
long as Dovecot was compiled with support for it:
login_access_sockets = tcpwrap
There is of course some extra overhead, mainly from doing a reverse DNS
lookup for all connections, but since that's what you want it can't be
avoided.. Or if you have some known good IP ranges, you can add e.g.:
remote 192.168.0.0/24 {
login_access_sockets =
}
