Restrict mail user to login from specified IP addresses or networks


Check out the lightweight on-premises email archiving software developed by iRedMail team: Spider Email Archiver.

Since iRedMail-0.9.1, it's able to restrict mail users to login from specified IP addresses or networks.

Allowed IP/networks must be separated by comma. If the user tries to log in elsewhere, the authentication will fail the same way as if a wrong password was given.

Below sample usage shows how to restrict mail user to login from only IP address or network


If webmail is running on same server, and you want to allow user to login from webmail, please allow IP too.

Manage with iRedAdmin-Pro

With iRedAdmin-Pro, please go to user profile page, click tab Advanced, you will find setting Restrict to login from specified addresses like below:

Manage with SQL command line for SQL backends

sql> USE vmail;
sql> UPDATE mailbox SET allow_nets=',' WHERE username='';

To remove this restriction (allow to login from anywhere), just set value of SQL column mailbox.allow_nets to NULL. WARNING: It must be NULL, not empty string.

Manage with LDAP command line for LDAP backends

To allow user to login from IP and network, please add new attribute allowNets to this user:


To remove this restriction, just remove attribute allowNets for this user.