|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Hi, Let me explain the situation to a better understanding of the problem.The mailboxes are accessed only internally, but some users (directors, managers, etc.) want to access mailboxes from their homes through the Internet.
I was thinking of using any IMAP Proxy solution to solve this problem, but will now be studying the solutions submitted by Dan and omalleys.
If you have a few more suggestions now that they know a little better the problem, you might say.
thanks Sandro Em 09-09-2011 15:54, Dan White escreveu:
I am not aware of a way to do IP based restrictions with Cyrus SASL. One way to achieve restrictive access to a mailbox, within Cyrus IMAP, isto reconfigure /etc/cyrus.conf with two imap entries, one for your trustednetwork, and another for your untrusted network. You could then create a userdeny_db which selectively denies access for certain users when connecting from the untrusted network. For example, given the following entry in /etc/cyrus.conf: imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 change to:imap cmd="imapd -U 30" listen="<trusted.ip>:imap" prefork=0 maxchild=100 untrustedimap cmd="imapd -U 30" listen="<untrusted.ip>:imap" prefork=0 maxchild=100sudo -u cyrus touch /var/lib/imap/user_deny.dbsudo -u cyrus cyr_dbtool /var/lib/imap/user_deny.db flat set jsmith "2<ctrl-v><tab>untrustedimap<ctrl-v><tab>Login denied from untrusted network."Where: jsmith is the user who's mailbox you want to restrict access to<ctrl-v><tab> is entered from a shell, such as bash, which will not convert a tab to spaces when preceded with a control-v.See:http://cyrusimap.org/docs/cyrus-imapd/2.4.10/internal/database-formats.phpfor details on the user_deny database structure.
Em 14-09-2011 17:13, omalleys@xxxxxxx escreveu:
The easiest thing is if it is all users, to just firewall off the untrusted network. I don't think you can use tcp wrappers in this case.I did get sasl to restrict by using a pam module based on RHOST restrictions. But I don't know of any sasl abaility for the restriction, even though the information is there.
-- Sandro Venezuela _____________________________________________ Linux2Business www.linux2business.com.br _____________________________________________