2016-05-19 06:51:20 -05:00
<!DOCTYPE html>
2015-04-07 07:13:48 -05:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Restrict mail user to login from specified IP addresses or networks< / title >
2015-07-31 23:14:52 -05:00
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
2015-04-07 07:13:48 -05:00
< / head >
< body >
2019-07-13 06:21:55 -05:00
2015-04-07 07:13:48 -05:00
< div id = "navigation" >
2017-11-16 21:48:44 -06:00
< a href = "https://www.iredmail.org" target = "_blank" >
2016-04-19 12:48:51 -05:00
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2016-02-29 02:15:19 -06:00
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "restrict-mail-user-to-login-from-specified-ip-addresses-or-networks" > Restrict mail user to login from specified IP addresses or networks< / h1 >
2018-05-26 01:43:34 -05:00
< div class = "toc" >
< ul >
< li > < a href = "#restrict-mail-user-to-login-from-specified-ip-addresses-or-networks" > Restrict mail user to login from specified IP addresses or networks< / a > < ul >
< li > < a href = "#manage-with-iredadmin-pro" > Manage with iRedAdmin-Pro< / a > < / li >
< li > < a href = "#manage-with-sql-command-line-for-sql-backends" > Manage with SQL command line for SQL backends< / a > < / li >
< li > < a href = "#manage-with-sql-command-line-for-ldap-backends" > Manage with SQL command line for LDAP backends< / a > < / li >
< / ul >
< / li >
< li > < a href = "#references" > References< / a > < / li >
< / ul >
< / div >
2015-04-07 07:13:48 -05:00
< p > Since iRedMail-0.9.1, it's able to restrict mail users to login from specified
IP addresses or networks.< / p >
2015-11-18 20:04:22 -06:00
< p > Allowed IP/networks must be separated by comma. If the user tries to log in
elsewhere, the authentication will fail the same way as if a wrong password
was given.< / p >
2015-04-07 07:13:48 -05:00
< p > Below sample usage shows how to restrict mail user < code > user@domaim.com< / code > to login
from only IP address < code > 172.16.244.1< / code > or network < code > 192.168.1.0/24< / code > .< / p >
2018-05-26 01:43:34 -05:00
< div class = "admonition warning" >
< p class = "admonition-title" > Warning< / p >
< p > If webmail is running on same server, and you want to allow user to login
from webmail, please allow IP < code > 127.0.0.1< / code > too.< / p >
< / div >
< h2 id = "manage-with-iredadmin-pro" > Manage with iRedAdmin-Pro< / h2 >
< p > With iRedAdmin-Pro, please go to user profile page, click tab < code > Advanced< / code > ,
you will find setting < code > Restrict to login from specified addresses< / code > like below:< / p >
< p > < img alt = "" src = "./images/iredadmin/user_profile_advanced.png" width = "1000px" / > < / p >
< h2 id = "manage-with-sql-command-line-for-sql-backends" > Manage with SQL command line for SQL backends< / h2 >
2015-04-07 07:13:48 -05:00
< pre > < code > sql> USE vmail;
sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com';
< / code > < / pre >
< p > To remove this restriction (allow to login from anywhere), just set
value of SQL column < code > mailbox.allow_nets< / code > to NULL. WARNING: It must be NULL,
not empty string.< / p >
2018-05-26 01:43:34 -05:00
< h2 id = "manage-with-sql-command-line-for-ldap-backends" > Manage with SQL command line for LDAP backends< / h2 >
2015-04-07 07:13:48 -05:00
< p > To allow user < code > user@domain.com< / code > to login from IP < code > 172.16.244.1< / code > and network
< code > 192.168.1.0/24< / code > , please add new attribute < code > allowNets< / code > to this user:< / p >
< pre > < code > allowNets: 192.168.1.10,192.168.1.0/24
< / code > < / pre >
< p > To remove this restriction, just remove attribute < code > allowNets< / code > for this user.< / p >
< h1 id = "references" > References< / h1 >
< ul >
< li >
< p > This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail
2015-11-18 20:05:27 -06:00
< a href = "./upgrade.iredmail.0.9.0-0.9.1.html" > upgrade tutorial for iRedMail-0.9.0< / a > < / p >
2015-04-07 07:13:48 -05:00
< / li >
< li >
< p > Dovecot document: < a href = "http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets" > AllowNets< / a > < / p >
< / li >
2016-05-19 06:51:20 -05:00
< / ul > < div class = "footer" >
2019-12-31 00:07:48 -06:00
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://github.com/iredmail/docs/" > GitHub repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://github.com/iredmail/docs/archive/master.zip" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "https://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
2016-05-19 06:51:20 -05:00
< / div >
2017-11-05 02:33:58 -06:00
<!-- Global site tag (gtag.js) - Google Analytics -->
< script async src = "https://www.googletagmanager.com/gtag/js?id=UA-3293801-21" > < / script >
< script >
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
2015-04-07 07:13:48 -05:00
2017-11-05 02:33:58 -06:00
gtag('config', 'UA-3293801-21');
2015-04-07 07:13:48 -05:00
< / script >
< / body > < / html >