On Thu, 10 Jun 2004, RYAN vAN GINNEKEN wrote: >YAaaaaaaaaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >What i did was copy the imap.sample that came with the package to imap >had tried that once before but had to rm -R the existing dir first >It works so i guess back to square one got 127.0.0.1 143 to bind >correctly which is great better than great splendorific. Now i would >like to setup the imaps service to listen on the outside interface to >hostname computerking.ca and the inside interface to 192.168.0.1-100 is >this possible???
Booya! Thanks for your patience, Ryan. You can accomplish what you want by using tcprules and the -x argument to tcpserver. You can read about tcprules here: http://cr.yp.to/ucspi-tcp/tcprules.html Basically you create a rule file with lines like this: :deny 192.168.:allow tcpserver will read a cdb generated from this rule file, and reject and accept connections according to this. >Wait a minute if i am thinking clearly if port 143 is binded to >127.0.0.1 if someone tries to login on 143 from somewhere other than >localhost they will be unable to connect right???? and if i just leave You're right. >port 933 at 0 it will be open to all addresses which should be fine >right it is secured with ssl anyway?????? am i missing something usually >when something seems to easy it is. This seems to easy am i leavening a >security hole open somewhere????? Nope, this is a common secure way of setting up IMAP. Expose the 993 service to everyone, and the 143 service to only localhost for webmail servers and so on. >HUGE THANKS TO EVERYONE ON THIS LIST Any time, Ryan. Andy :-) -- Andreas Aardal Hanssen | http://www.andreas.hanssen.name/gpg Author of Binc IMAP | "It is better not to do something http://www.bincimap.org/ | than to do it poorly."
