2015-04-07 07:13:48 -05:00
|
|
|
# Restrict mail user to login from specified IP addresses or networks
|
|
|
|
|
2018-05-26 01:43:34 -05:00
|
|
|
[TOC]
|
|
|
|
|
2015-04-07 07:13:48 -05:00
|
|
|
Since iRedMail-0.9.1, it's able to restrict mail users to login from specified
|
|
|
|
IP addresses or networks.
|
|
|
|
|
2015-11-18 20:04:22 -06:00
|
|
|
Allowed IP/networks must be separated by comma. If the user tries to log in
|
|
|
|
elsewhere, the authentication will fail the same way as if a wrong password
|
|
|
|
was given.
|
|
|
|
|
2015-04-07 07:13:48 -05:00
|
|
|
Below sample usage shows how to restrict mail user `user@domaim.com` to login
|
|
|
|
from only IP address `172.16.244.1` or network `192.168.1.0/24`.
|
|
|
|
|
2018-05-26 01:43:34 -05:00
|
|
|
!!! warning
|
|
|
|
|
|
|
|
If webmail is running on same server, and you want to allow user to login
|
|
|
|
from webmail, please allow IP `127.0.0.1` too.
|
|
|
|
|
|
|
|
## Manage with iRedAdmin-Pro
|
|
|
|
|
|
|
|
With iRedAdmin-Pro, please go to user profile page, click tab `Advanced`,
|
|
|
|
you will find setting `Restrict to login from specified addresses` like below:
|
|
|
|
|
|
|
|
![](./images/iredadmin/user_profile_advanced.png){: width=1000px }
|
|
|
|
|
|
|
|
## Manage with SQL command line for SQL backends
|
2015-04-07 07:13:48 -05:00
|
|
|
|
|
|
|
```
|
|
|
|
sql> USE vmail;
|
|
|
|
sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com';
|
|
|
|
```
|
|
|
|
|
|
|
|
To remove this restriction (allow to login from anywhere), just set
|
|
|
|
value of SQL column `mailbox.allow_nets` to NULL. WARNING: It must be NULL,
|
|
|
|
not empty string.
|
|
|
|
|
2018-05-26 01:43:34 -05:00
|
|
|
## Manage with SQL command line for LDAP backends
|
2015-04-07 07:13:48 -05:00
|
|
|
|
|
|
|
To allow user `user@domain.com` to login from IP `172.16.244.1` and network
|
|
|
|
`192.168.1.0/24`, please add new attribute `allowNets` to this user:
|
|
|
|
|
|
|
|
```
|
|
|
|
allowNets: 192.168.1.10,192.168.1.0/24
|
|
|
|
```
|
|
|
|
|
|
|
|
To remove this restriction, just remove attribute `allowNets` for this user.
|
|
|
|
|
|
|
|
# References
|
|
|
|
|
|
|
|
* This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail
|
2015-11-18 20:05:27 -06:00
|
|
|
[upgrade tutorial for iRedMail-0.9.0](./upgrade.iredmail.0.9.0-0.9.1.html)
|
2015-04-07 07:13:48 -05:00
|
|
|
|
|
|
|
* Dovecot document: [AllowNets](http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
|