Since iRedMail-0.9.1, it's able to restrict mail users to login from specified IP addresses or networks.
Allowed IP/networks must be separated by comma. If the user tries to log in elsewhere, the authentication will fail the same way as if a wrong password was given.
Below sample usage shows how to restrict mail user user@domaim.com
to login
from only IP address 172.16.244.1
or network 192.168.1.0/24
.
sql> USE vmail;
sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com';
To remove this restriction (allow to login from anywhere), just set
value of SQL column mailbox.allow_nets
to NULL. WARNING: It must be NULL,
not empty string.
To allow user user@domain.com
to login from IP 172.16.244.1
and network
192.168.1.0/24
, please add new attribute allowNets
to this user:
allowNets: 192.168.1.10,192.168.1.0/24
To remove this restriction, just remove attribute allowNets
for this user.
This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail upgrade tutorial for iRedMail-0.9.0
Dovecot document: AllowNets
All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.