On 27-05-2010 23:51, Sam Varshavchik wrote: > listas listas writes: > >> I do not want to do things for ip. I want to control access by >> user. Is it possible?. > > You want to do both. For a given userid allow access only from > selected IP addresses. You can do that by implementing my second > suggestion -- installing a wrapper for imapd that checks the logged in > user's identity, and the connecting IP address, from the environment > variables. > >
Another way (I have *almost* done that myself): Run two instances of imapd on the same computer but with different authentication settings. One handles logins from the internet, one from the intranet. Give the imap server two (intranet) IP addresses (say 10.0.1.1 and 10.0.1.2) and set each imapd to listen only to one of them. Set your firewall to forward outside imap traffic to 10.0.1.2. Set your internal DNS servers to map the name (say imap.example.com) that internet users use to reach the firewall for imap traffic to 10.0.1.1. Also install an SSL certificate for imap.example.com in both imapd instances. Now all the clients just set up their computers and laptops to contact imap.example.com. When they plug into the intranet they get the imapd instance that allows all the users to login, when they plug into the internet, they get the imapd instance that allows only some users to login, but they all share the same mail folders and mail status. You yourself can test the "internet" rules by pointing your test mail client to 10.0.1.2. ------------------------------------------------------------------------------ _______________________________________________ Courier-imap mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
