On Sat, Jun 28, 2008 at 11:54:40AM +0100, John1 wrote: > I would like to set up *some* user ids/passwords to *only* be able to > connect from a given static IP address. ... > There will still be other user ids and passwords that will be able to > connect from any IP address i.e. to allow remote access to potentially the > same mailbox, but these user ids will only be known to those users > requiring remote access.
If all you need is to divide your users into two groups: (1) those which can connect from specific IP address x.x.x.x (2) those which can connect from any IP address then you can run two separate instances of courier-imap + courier-authlib, with courier-imap bound to different IP addresses or ports, and one instance set up so that it only accepts connections from x.x.x.x (which you can do using the couriertcpd -access option, or using firewall rules) Then the two different courier-authlib instances have different SQL queries configured to check whether access is allowed for a particular account. It's messy, and doesn't scale to N different policies, but it may just about be workable. I'm not sure, but I think courier-imap can't be configured at runtime with the path of the courier-authdaemon socket, only at compile time. So you'll end up compiling and installing courier-imap twice with two different sets of options, and hence in two different directories. That's what makes it really messy. There have been patches posted to this list several times in the past which pass the source IP address to courier-authdaemon, and therefore allow the auth module to apply the authorisation policy you require. This may be more acceptable, if you don't mind moving away from the standard courier source tree. Another option might be to put a proxy in front of courier-imap which implements the access control policy. Have a look at http://www.vergenet.net/linux/perdition/ and see if it can be configured to do what you want. Regards, Brian. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
