|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Thursday, September 15, 2011 05:05:11 PM Sandro Venezuela wrote: > Hi, > > Let me explain the situation to a better understanding of the problem. > > The mailboxes are accessed only internally, but some users (directors, > managers, etc.) want to access mailboxes from their homes through the > Internet. > > I was thinking of using any IMAP Proxy solution to solve this problem, > but will now be studying the solutions submitted by Dan and omalleys. > > If you have a few more suggestions now that they know a little better > the problem, you might say. If they want to access from their home-PC/laptop, why not set up a VPN-access for them? Added bonus, they can then also access the files on other servers and all through a secure and encrypted connection (provided the VPN-software used uses encryption) -- Joost > > thanks > > Sandro > > Em 09-09-2011 15:54, Dan White escreveu: > > I am not aware of a way to do IP based restrictions with Cyrus SASL. > > > > One way to achieve restrictive access to a mailbox, within Cyrus IMAP, > > is > > to reconfigure /etc/cyrus.conf with two imap entries, one for your > > trusted > > network, and another for your untrusted network. You could then create a > > userdeny_db which selectively denies access for certain users when > > connecting from the untrusted network. > > > > For example, given the following entry in /etc/cyrus.conf: > > > > imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 > > > > change to: > > > > imap cmd="imapd -U 30" listen="<trusted.ip>:imap" prefork=0 > > maxchild=100 > > untrustedimap cmd="imapd -U 30" listen="<untrusted.ip>:imap" > > prefork=0 maxchild=100 > > > > sudo -u cyrus touch /var/lib/imap/user_deny.db > > sudo -u cyrus cyr_dbtool /var/lib/imap/user_deny.db flat set jsmith > > "2<ctrl-v><tab>untrustedimap<ctrl-v><tab>Login denied from untrusted > > network." > > > > Where: > > jsmith is the user who's mailbox you want to restrict access to > > > > <ctrl-v><tab> is entered from a shell, such as bash, which will not > > convert a tab to spaces when preceded with a control-v. > > > > See: > > > > http://cyrusimap.org/docs/cyrus-imapd/2.4.10/internal/database-formats.p > > hp > > > > > > for details on the user_deny database structure. > > Em 14-09-2011 17:13, omalleys@xxxxxxx escreveu: > > The easiest thing is if it is all users, to just firewall off the > > untrusted network. I don't think you can use tcp wrappers in this case. > > > > I did get sasl to restrict by using a pam module based on RHOST > > restrictions. > > But I don't know of any sasl abaility for the restriction, even though > > the information is there.