> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot <dovecot@dovecot.org> wrote: > > On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot@dovecot.org> > wrote: >> Recently we need to allow some users to login from everywhere except some >> IP/networks, > > Can you use firewall rules for this?
I suppose not. We don't restrict ALL users this way, just few of them. And the client IP addresses may change frequently, not static IPs. >> how can we accomplish this with "allow_nets"? > > Allow_nets specifies allowed networks. Doesn't say anything else about any > other use. > > "The allow_nets field is a comma separated list of IP addresses and/or > networks where the user is allowed to log in from." I understand what "allow" means. But it will be very handy to support something like "!a.b.c.d" to allow all but just exclude few IPs/networks. Isn't it? :)