Restrict mail user to login from specified IP addresses or networks

Since iRedMail-0.9.1, it's able to restrict mail users to login from specified IP addresses or networks.

Allowed IP/networks must be separated by comma. If the user tries to log in elsewhere, the authentication will fail the same way as if a wrong password was given.

Below sample usage shows how to restrict mail user to login from only IP address or network

SQL backends

sql> USE vmail;
sql> UPDATE mailbox SET allow_nets=',' WHERE username='';

To remove this restriction (allow to login from anywhere), just set value of SQL column mailbox.allow_nets to NULL. WARNING: It must be NULL, not empty string.

OpenLDAP backend

To allow user to login from IP and network, please add new attribute allowNets to this user:


To remove this restriction, just remove attribute allowNets for this user.