diff --git a/TODO.md b/TODO.md index 7ca62842..ef4833c8 100644 --- a/TODO.md +++ b/TODO.md @@ -1,7 +1,5 @@ # TODO -https://bitbucket.org/zhb/iredmail/commits/b721a9c376f67a4a11b4b1761386a266cfd11f96 - * How to install and configure SOGo groupware * How to install and configure Nginx * How to custom SpamAssassin scores diff --git a/howto/restrict.mail.user.to.login.from.specified.ip.or.networks.md b/howto/restrict.mail.user.to.login.from.specified.ip.or.networks.md new file mode 100644 index 00000000..abd3113a --- /dev/null +++ b/howto/restrict.mail.user.to.login.from.specified.ip.or.networks.md @@ -0,0 +1,36 @@ +# Restrict mail user to login from specified IP addresses or networks + +Since iRedMail-0.9.1, it's able to restrict mail users to login from specified +IP addresses or networks. + +Below sample usage shows how to restrict mail user `user@domaim.com` to login +from only IP address `172.16.244.1` or network `192.168.1.0/24`. + +## SQL backends + +``` +sql> USE vmail; +sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com'; +``` + +To remove this restriction (allow to login from anywhere), just set +value of SQL column `mailbox.allow_nets` to NULL. WARNING: It must be NULL, +not empty string. + +## How to restrict with OpenLDAP backend + +To allow user `user@domain.com` to login from IP `172.16.244.1` and network +`192.168.1.0/24`, please add new attribute `allowNets` to this user: + +``` +allowNets: 192.168.1.10,192.168.1.0/24 +``` + +To remove this restriction, just remove attribute `allowNets` for this user. + +# References + +* This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail + [upgrade tutorial for iRedMail-0.9.0](./upgrade.iredmail.0.9.0-0.9.1.html] + +* Dovecot document: [AllowNets](http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) diff --git a/html/index.html b/html/index.html index 3a3365fd..dddbedb2 100644 --- a/html/index.html +++ b/html/index.html @@ -72,6 +72,7 @@
Since iRedMail-0.9.1, it's able to restrict mail users to login from specified +IP addresses or networks.
+Below sample usage shows how to restrict mail user user@domaim.com
to login
+from only IP address 172.16.244.1
or network 192.168.1.0/24
.
sql> USE vmail;
+sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com';
+
+
+To remove this restriction (allow to login from anywhere), just set
+value of SQL column mailbox.allow_nets
to NULL. WARNING: It must be NULL,
+not empty string.
To allow user user@domain.com
to login from IP 172.16.244.1
and network
+192.168.1.0/24
, please add new attribute allowNets
to this user:
allowNets: 192.168.1.10,192.168.1.0/24
+
+
+To remove this restriction, just remove attribute allowNets
for this user.
This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail + [upgrade tutorial for iRedMail-0.9.0](./upgrade.iredmail.0.9.0-0.9.1.html]
+Dovecot document: AllowNets
+Document published under a CC BY-ND 3.0 license. If you found something wrong, please do contact us to fix it. +