On Saturday, June 28, 2008 9:12 PM Brian Candler wrote: > On Sat, Jun 28, 2008 at 11:54:40AM +0100, John1 wrote: >> I would like to set up *some* user ids/passwords to *only* be able to >> connect from a given static IP address. > ... >> There will still be other user ids and passwords that will be able to >> connect from any IP address i.e. to allow remote access to >> potentially the same mailbox, but these user ids will only be known >> to those users requiring remote access. > Thanks for your informative reply Brian, and your 3 suggestions:
1) run 2 instances of imapd 2) proxy server http://www.vergenet.net/linux/perdition/ 3) Patching to pass source IP address to courier-authdaemon... > There have been patches posted to this list several times in the past > which pass the source IP address to courier-authdaemon, and therefore > allow the auth module to apply the authorisation policy you require. > This may be more acceptable, if you don't mind moving away from the > standard courier source tree. > If the 3 options I prefer the idea of a patch if I am able to get my head around how to convert an existing patch to allow me to add a source_ip column to my MySQL postfix_users table. I don't expect you to do the digging for me, but if you are able to track it down then I would appreciate a link. I have spent the last hour searching through the mail archives and although I can find another post from you that refers to a patch I can't for the life of me find the previous patches submitted. Any chance of this functionality being incorporated into the official source tree anytime soon? Although only a handful of people may have raised this requirement on this mailing list I can't help but feel it would be useful to many implementations. I appreciate that the information passed to authdaemon is no doubt kept to a mininimum to reduce the risk of introducing security holes, but I do think this would be a useful patch to the official source tree. Whilst I accept that access controls that incorporate IP address rules may be relatively weak and open to spoofing, I do think that the ability to use source IP address in conjunction with userid/password for finer grain access control would be a valuable feature. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
