1

Topic: iRedMail restrict user login by IP address

==== Required information ====
- iRedMail version: iRedMail-0.8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS
- Related log if you're reporting an issue:
====
Hi,

I would like to restrict users by IP address. This will allow only select users to be able to read their email via round cube or Outlook or a cell phone offsite.

Seems like something  a lot of corporate IT departments might want to do this. For example:

In a telemarketing room, the agents might have email and they would only be allowed to read it via the local network, but executives and managers need their email all the time from home, or iPhones or iPads.

Help appreciated.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: iRedMail restrict user login by IP address

You can implement this with Dovecot post-login script. Reference: http://wiki2.dovecot.org/PostLoginScripting

Another way: Add addition columns in SQL table "vmail.mailbox" to store allowed IP addresses for users, then update /etc/dovecot/dovecot-mysql.conf to query these new columns.

3

Re: iRedMail restrict user login by IP address

ZhangHuangbin wrote:

You can implement this with Dovecot post-login script. Reference: http://wiki2.dovecot.org/PostLoginScripting

Another way: Add addition columns in SQL table "vmail.mailbox" to store allowed IP addresses for users, then update /etc/dovecot/dovecot-mysql.conf to query these new columns.

OH I like the second choice!  I can do the following.

1.) add field to mail.mailbox to include allowed IP addresses or 0.0.0.0 for All, from the command line
2.) I know how to change the script in /etc/dovecot/dovecot-mysql.conf

I don't know how to:
1.) find the variable for the IP address
2.) detect which IP address they logged into round cube from, since the access from round cube will be 127.0.0.0
3.) Add the field to the User edit screen. I can get input field on the screen but not save it.

I think this would be a good addition to the PRO version.

4

Re: iRedMail restrict user login by IP address

jpforte wrote:

1.) find the variable for the IP address

According to Dovecot tutorial, you can use '%r' for remote IP address:
http://wiki2.dovecot.org/Variables

jpforte wrote:

2.) detect which IP address they logged into round cube from, since the access from round cube will be 127.0.0.0

Oh, didn't realize this issue, sorry, my bad. You can do some research with Google.

jpforte wrote:

3.) Add the field to the User edit screen. I can get input field on the screen but not save it.

Once you populated initial setting, do you frequently change the IP address?