37 lines
1.2 KiB
Markdown
37 lines
1.2 KiB
Markdown
# Restrict mail user to login from specified IP addresses or networks
|
|
|
|
Since iRedMail-0.9.1, it's able to restrict mail users to login from specified
|
|
IP addresses or networks.
|
|
|
|
Below sample usage shows how to restrict mail user `user@domaim.com` to login
|
|
from only IP address `172.16.244.1` or network `192.168.1.0/24`.
|
|
|
|
## SQL backends
|
|
|
|
```
|
|
sql> USE vmail;
|
|
sql> UPDATE mailbox SET allow_nets='172.16.244.1,192.168.1.0/24' WHERE username='user@domain.com';
|
|
```
|
|
|
|
To remove this restriction (allow to login from anywhere), just set
|
|
value of SQL column `mailbox.allow_nets` to NULL. WARNING: It must be NULL,
|
|
not empty string.
|
|
|
|
## OpenLDAP backend
|
|
|
|
To allow user `user@domain.com` to login from IP `172.16.244.1` and network
|
|
`192.168.1.0/24`, please add new attribute `allowNets` to this user:
|
|
|
|
```
|
|
allowNets: 192.168.1.10,192.168.1.0/24
|
|
```
|
|
|
|
To remove this restriction, just remove attribute `allowNets` for this user.
|
|
|
|
# References
|
|
|
|
* This feature is implemented in iRedMail-0.9.1, and mentioned in iRedMail
|
|
[upgrade tutorial for iRedMail-0.9.0](./upgrade.iredmail.0.9.0-0.9.1.html]
|
|
|
|
* Dovecot document: [AllowNets](http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
|