Ángel González writes:

There are several things that the remote address would make possible,
easier or have it as a prerequisite:

* The authdaemon could be centrally logging who is requesting which
account (not so interesting by itself)

This is already logged.

Feb 23 21:13:46 monster imapd: LOGIN, user=mr...@courier-mta.com, ip=[::1], port=[60939], protocol=SMAP1

* The authdaemon could throttle abusing ips (something the services
can't do, as they don't have such memory)

couriertcpd already supports per /24 and per IP address limits.

* Differenciating remote accesses and internal services (ie. webmail)...
even if the webmail uses an imap backend.

Which has always been a poor way to implement webmail.

* Geographically limit access to the accounts (do you really access your
account from several countries/continents?).

Why not?

PS: It indeed looked like a X Y problem request! I have answered enough
misdirected questions to hope not to be completely off, though.

Well, the per-IP address differention is mostly related to the maximum number of simultaneous connections that are accepted, and that's handled by couriertcpd, not authdaemon.

couriertcpd is the best place to implement throttling, hence the controls. This is already actually implemented, but I keep forgetting to document it. So, now I documented it.

Attachment: pgp4xDSIBEDuy.pgp
Description: PGP signature

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to