1

I have 50 email users (virtual users) using Dovecot, Postfix and Squirrelmail with CentOS 6.0. I want to allow some users to have access to POP and IMAP globally, and for the remaining users from my LAN only.

I have tried using Dovecot's allow_nets features, but this does not fulfill my requirements.

If I allow 127.0.0.1 in allow_nets, the restricted user can access webmail globally. If I disable 127.0.0.1 in allow_nets, the restricted user can not access webmail from my LAN too. Below is my configuration.

restricted virtual email user (/etc/dovecot/passwd file)
xyz@abc.com:{CRAM-MD5}encrypted pass::::::allow_nets=127.0.0.1,192.168.1.55/32

global virtual email user (/etc/dovecot/passwd-file)
xxx@xxx.xxx.xxx:{CRAM-MD5}encrypted pass
mgorven
  • 30,036
  • 7
  • 76
  • 121
rajiv
  • 9
  • 3

2 Answers2

3

When accessing mail using webmail, the connections to Dovecot are made directly from SquirrelMail running on the same machine, and so always come from 127.0.0.1 regardless of where the user is. Dovecot has no way of knowing where the user is accessing SquirrelMail from. You therefore need to implement the restriction for webmail in SquirrelMail itself (or in front of SquirrelMail with iptables for example).

mgorven
  • 30,036
  • 7
  • 76
  • 121
0

I found a squirrelmail plugin named ip_restriction which helps to restrict IP based authentication.

Wesley
  • 32,320
  • 9
  • 80
  • 116
rajiv
  • 9
  • 3