Am Wednesday 11 October 2006 13:51 schrieb Martin G.H. Minkler: > Is it possible to make a decision whether to offer authentication to a > user based on the querying source IP address? > > One of the customers is picking up all mail for ~70 users with an > exchange server and plain text POP3 while using criminally simple > passwords, so we would like to limit the logins for just those accounts > to the IP address of that exchange server. > > Of course this cannot happen on a firewall level as other customers have > to be able to log in from any arbitrary source IP and OTOH iptables > can't look into the packets to parse the username :-) Create two imapd/pop3d's with diffrent Configurations on two IP-Addresses or other Ports. And here comes iptables in the game. You can create iptables-Rules, where you redirect access from the IPs to these Ports. Or just let the Customers use these Ports and block other Traffic. -- Andreas
