2016-05-19 06:51:20 -05:00
<!DOCTYPE html>
2015-04-07 07:13:48 -05:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Restrict mail user to login from specified IP addresses or networks< / title >
2015-07-31 23:14:52 -05:00
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
2015-04-07 07:13:48 -05:00
< / head >
< body >
< div id = "navigation" >
2016-04-19 12:48:51 -05:00
< a href = "/index.html" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2016-02-29 02:15:19 -06:00
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "restrict-mail-user-to-login-from-specified-ip-addresses-or-networks" > Restrict mail user to login from specified IP addresses or networks< / h1 >
2015-04-07 07:13:48 -05:00
< p > Since iRedMail-0.9.1, it's able to restrict mail users to login from specified
IP addresses or networks.< / p >
2015-11-18 20:04:22 -06:00
< p > Allowed IP/networks must be separated by comma. If the user tries to log in
elsewhere, the authentication will fail the same way as if a wrong password
was given.< / p >
2015-04-07 07:13:48 -05:00
< p > Below sample usage shows how to restrict mail user < code > user@domaim.com< / code > to login
from only IP address < code > 172.16.244.1< / code > or network < code > 192.168.1.0/24< / code > .< / p >
< h2 id = "sql-backends" > SQL backends< / h2 >
< pre > < code > sql> USE vmail;
sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com';
< / code > < / pre >
< p > To remove this restriction (allow to login from anywhere), just set
value of SQL column < code > mailbox.allow_nets< / code > to NULL. WARNING: It must be NULL,
not empty string.< / p >
2015-04-07 07:18:58 -05:00
< h2 id = "openldap-backend" > OpenLDAP backend< / h2 >
2015-04-07 07:13:48 -05:00
< p > To allow user < code > user@domain.com< / code > to login from IP < code > 172.16.244.1< / code > and network
< code > 192.168.1.0/24< / code > , please add new attribute < code > allowNets< / code > to this user:< / p >
< pre > < code > allowNets: 192.168.1.10,192.168.1.0/24
< / code > < / pre >
< p > To remove this restriction, just remove attribute < code > allowNets< / code > for this user.< / p >
< h1 id = "references" > References< / h1 >
< ul >
< li >
< p > This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail
2015-11-18 20:05:27 -06:00
< a href = "./upgrade.iredmail.0.9.0-0.9.1.html" > upgrade tutorial for iRedMail-0.9.0< / a > < / p >
2015-04-07 07:13:48 -05:00
< / li >
< li >
< p > Dovecot document: < a href = "http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets" > AllowNets< / a > < / p >
< / li >
2016-05-19 06:51:20 -05:00
< / ul > < div class = "footer" >
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "http://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
< script type = "text/javascript" >
2015-04-07 07:13:48 -05:00
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
< / script >
< / body > < / html >