[Dovecot] allow_nets overridden by cache

[Timo Sirainen]

This bug is finally fixed:
http://hg.dovecot.org/dovecot-1.1/rev/e76f93b48187

On Tue, 2008-10-28 at 13:55 +0000, Guy wrote:
> Hi,
> 
> I've just started trying allow_nets on one of my servers. I have
> auth_debug and auth_verbose both enabled and the output is as follows:
> Oct 28 13:05:48 mink dovecot: auth-worker(default):
> auth(user at domain.net,x.x.x.x): allow_nets: Matching for network
> 127.0.0.1/8
> Oct 28 13:05:48 mink dovecot: auth-worker(default):
> auth(user at domain.net,x.x.x.x): allow_nets: Matching for network
> 10.0.7.176/28
> Oct 28 13:05:48 mink dovecot: auth-worker(default):
> passdb(user at domain.net,x.x.x.x): allow_nets check failed: IP not in
> allowed networks
> Oct 28 13:05:50 mink dovecot: auth(default): client out: FAIL   1265
>  user=username at aluminati.net
> Oct 28 13:05:50 mink dovecot: auth(default):
> cache(user at domain.net,x.x.x.x): hit: <hidden>
> user=user at domain.net
> Oct 28 13:05:50 mink dovecot: auth(default): client out: OK     1266
>  user=user at domain.net
> 
> auth_cache_ttl is set to 300. If I set it to 1 then the allow_nets
> successfully rejects. Once I set it back up to 300 the cache overrides
> the result from the allow_nets check and let's the account log in even
> though the allow_nets check fails.
> 
> I've tried waiting for longer than the 300 seconds and then logged in
> again, but I still get the same result as above.
> 
> Is there a gotcha that I'm unaware of or have I done something stupid
> (which seems the most likely :P)?
> 
> Thanks
> Guy
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090108/b367b557/attachment.bin