> On 21 March 2018 at 18:31 mj <[email protected]> wrote: > > > Hi AKi, > > Thanks for the quick answer! > > On 03/21/2018 05:24 PM, Aki Tuomi wrote: > > This is what 'nopassword=y' does. I'm guessing this is an attempt to allow > > logging in from localhost without password, but I'd use master password > > (for applications or webmails), or > > Yes, the config is taken from the SOGo configuration guide, which can be > seen here: > https://sogo.nu/files/docs/v2/SOGoNativeOutlookConfigurationGuide.html > > Yes, but we have args = nopassword=y allow_nets=127.0.0.1/32 > so it should only allow passwordless logins from localhost, right..? > > And in "Debug: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): Allowing any > password" 1.2.3.4 is NOT localhost... > > (obviously 1.2.3.4 is not the *real* ip, bit it's a *real* ip from the > internet, NOT localhost... > > MJ
Looking at the code for v2.2.13, it would seem that a) when using nopassword, it will log the debug row in any case b) allow_nets will fail the authentication by setting request failed Mar 21 07:13:48 mail dovecot: auth: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets check failed: IP not in allowed networks this indicates that the request is marked failed. I would, still, recommend using doveadm exec imap -u instead of the static passdb. Aki
