On Sunday, June 29, 2008 10:13 PM Brian Candler wrote: > On Sat, Jun 28, 2008 at 11:38:19PM +0100, John1 wrote: >>> There have been patches posted to this list several times in the >>> past which pass the source IP address to courier-authdaemon, and >>> therefore allow the auth module to apply the authorisation policy >>> you require. This may be more acceptable, if you don't mind moving >>> away from the standard courier source tree. >>> >> Of the 3 options I prefer the idea of a patch if I am able to get my >> head around how to convert an existing patch to allow me to add a >> source_ip column to my MySQL postfix_users table. >> >> I don't expect you to do the digging for me, but if you are able to >> track it down then I would appreciate a link. I have spent the last >> hour searching through the mail archives and although I can find >> another post from you that refers to a patch I can't for the life of >> me find the previous patches submitted. > > I don't have a reference stored I'm afraid. However, try adding > TCPREMOTEIP to your search query, as that's the environment variable > which needs to be passed through. > Thanks I'll have another look
>> Any chance of this functionality being incorporated into the official >> source tree anytime soon? > > Only MrSam can make that call. I was one of the people who asked for > it before, so I can't speak for him :-) > MrSam, please would you consider again the possibility of incorporating this into the official source tree. I have read some of the archive topics on this subject and can see that you weren't a fan of any access rules based around IP addresses. I only skim read the archived posts, but if I understood correctly I think your main reasoning was because any security based around IP addresses would be somewhat lame. Whilst I accept that access controls that incorporate IP address rules are relatively weak and open to spoofing, I do think that the ability to use the source IP address in conjunction with userid/password for finer grain access control would be a valuable feature in various scenarios. Even if someone did spoof an IP address, they would still need to know a correct user id and password, so allowing the use of IP address for "finer grain access restriction" just allows more flexibility without weakening the security model. I feel that even though only a handful of people have requested this feature on this mailing list this may not be representative of the number of people who would find this feature useful. I only wish to put my case forward for this feature (and don't wish to cause an argument over whether it's a good or bad feature). If the development team (MrSam?) think it is inappropriate or it simply isn't high enough on the list of priorities at the moment then I accept that decision. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
