> > The only issue I agree on, is that users could > > login to other site's neomail and download their mail, and therefore not > get > > charged the bandwidth. This is the only real valid issue. > > And I'll add that without major custom programming this is something > we'll have to live with, and it's behavior that's NOT specific to the > RaQs but pretty much to any linux implementation. >
Well, I don't use neomail myself, but if you want to restrict access to user's of a particular site, you should be able to use one of the auth mod's cobalt has built into apache. For example: # Access file order allow,deny allow from all require group site1 Authname "www.site1.com email board" Authtype Basic This limits access to users from site1. I don't know how easy it would be to patch neomail to support http auth, but I'll bet it wouldn't be too difficult. Then, all you need is a .htaccess in the neomail folder. Hope this helps, Matt Nuzum Bearfruit.org _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
