Re: restrict map-login by geoip?

[Bradley Giesbrecht]

>> On Sep 16, 2015, at 6:31 PM, Benny Pedersen  wrote:
>> 
>> Terry Barnum skrev den 2015-09-17 02:32:
>> 
>>> I've searched but haven't found how to accomplish this.
>> 
>> http://wiki2.dovecot.org/Authentication/RestrictAccess
>> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
>> 
>> took me 3 sec :=)
> 
> On Sep 16, 2015, at 6:56 PM, Terry Barnum  wrote:
> 
> Thanks Benny. I should've said I saw AllowNets but in researching it looked 
> like it expected a smaller comma separated list, not hundreds of IP blocks. 
> Is that what you are using to accomplish this?


You could use a geoip table [1] in your firewall or in dovecot with sql and 
variables [2].


[1] https://dev.maxmind.com/geoip/geoip2/geolite2/
[2] http://wiki2.dovecot.org/Variables


Regards,
Bradley Giesbrecht (pixilla)

Re: restrict map-login by geoip?

[Edgar Pettijohn]

I don't know if dovecot does, but your firewall should be able to.

On 09/16/2015 07:32 PM, Terry Barnum wrote:

Is there a way to restrict my user logins from a set of IPs? For example, all 
my users are in the US so there shouldn't be any logins from other countries. 
Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone 
point me to docs on how to set this up? I've searched but haven't found how to 
accomplish this.

Thanks,
-Terry

Terry Barnum
digital OutPost
http://www.dop.com

restrict map-login by geoip?

[Terry Barnum]

Is there a way to restrict my user logins from a set of IPs? For example, all 
my users are in the US so there shouldn't be any logins from other countries. 
Can I tell dovecot to restrict logins to a CIDR list of US IPs? Can someone 
point me to docs on how to set this up? I've searched but haven't found how to 
accomplish this.

Thanks,
-Terry

Terry Barnum
digital OutPost
http://www.dop.com

Re: restrict map-login by geoip?

[Benny Pedersen]

Terry Barnum skrev den 2015-09-17 02:32:


I've searched but haven't found how to accomplish this.


http://wiki2.dovecot.org/Authentication/RestrictAccess
http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets

took me 3 sec :=)

Re: restrict map-login by geoip?

[Terry Barnum]

Thanks Benny. I should've said I saw AllowNets but in researching it looked 
like it expected a smaller comma separated list, not hundreds of IP blocks. Is 
that what you are using to accomplish this?

Thanks,
-Terry

iPhone says Hello World!

> On Sep 16, 2015, at 6:31 PM, Benny Pedersen  wrote:
> 
> Terry Barnum skrev den 2015-09-17 02:32:
> 
>> I've searched but haven't found how to accomplish this.
> 
> http://wiki2.dovecot.org/Authentication/RestrictAccess
> http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
> 
> took me 3 sec :=)
> 

Re: restrict map-login by geoip?

[Benny Pedersen]

Terry Barnum skrev den 2015-09-17 03:56:

Thanks Benny. I should've said I saw AllowNets but in researching it
looked like it expected a smaller comma separated list, not hundreds
of IP blocks. Is that what you are using to accomplish this?


i did not write the wiki or dovecot c code, you asked how dovecot if it 
could doit, i searched the link for you, but i admit i du not understand 
the wiki self here :(


but basicly

127.0.0.0/8 is one cidr range with many ips
127.0.0.2/32 is a single ip cidr range

for ipv6 its possible aswell, but i dont know how to