Re: Access control by IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/09/11 17:47 -0300, Sandro Venezuela wrote:
Hello everyone.

I have an E-Mail service with Cyrus IMAP + Cyrus SASL and I want to controlthat only users of a particular network to access the mailbox.

This is possible with the Cyrus SASL?

If yes, how can I do?

I am not aware of a way to do IP based restrictions with Cyrus SASL.

One way to achieve restrictive access to a mailbox, within Cyrus IMAP, is
to reconfigure /etc/cyrus.conf with two imap entries, one for your trusted
network, and another for your untrusted network. You could then create a
userdeny_db which selectively denies access for certain users when
connecting from the untrusted network.

For example, given the following entry in /etc/cyrus.conf:

imap            cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100

change to:

imap            cmd="imapd -U 30" listen="<trusted.ip>:imap" prefork=0 maxchild=100
untrustedimap   cmd="imapd -U 30" listen="<untrusted.ip>:imap" prefork=0 maxchild=100

sudo -u cyrus touch /var/lib/imap/user_deny.db
sudo -u cyrus cyr_dbtool /var/lib/imap/user_deny.db flat set jsmith "2<ctrl-v><tab>untrustedimap<ctrl-v><tab>Login denied from untrusted network."

Where:
   jsmith is the user who's mailbox you want to restrict access to
   <ctrl-v><tab> is entered from a shell, such as bash, which will not convert a tab to spaces when preceded with a control-v.

See:

http://cyrusimap.org/docs/cyrus-imapd/2.4.10/internal/database-formats.php

for details on the user_deny database structure.

--
Dan White


[Index of Archives]     [Info Cyrus]     [Squirrel Mail]     [Linux Media]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux