1.2 KiB
Restrict mail user to login from specified IP addresses or networks
Since iRedMail-0.9.1, it's able to restrict mail users to login from specified IP addresses or networks.
Below sample usage shows how to restrict mail user user@domaim.com to login
from only IP address 172.16.244.1 or network 192.168.1.0/24.
SQL backends
sql> USE vmail;
sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com';
To remove this restriction (allow to login from anywhere), just set
value of SQL column mailbox.allow_nets to NULL. WARNING: It must be NULL,
not empty string.
OpenLDAP backend
To allow user user@domain.com to login from IP 172.16.244.1 and network
192.168.1.0/24, please add new attribute allowNets to this user:
allowNets: 192.168.1.10,192.168.1.0/24
To remove this restriction, just remove attribute allowNets for this user.
References
-
This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail [upgrade tutorial for iRedMail-0.9.0](./upgrade.iredmail.0.9.0-0.9.1.html]
-
Dovecot document: AllowNets