David, I've checked in the new IP-based virtual hosting and user-mapping feature in the trunk tree.
>From the added README.usermap: Rationale: 1) support 1-1 and 1-N mappings of login usernames to userids 2) support IP based virtual hosting The layout of the new dbmail_usermap table is as follows: --------------------------- login | varchar (100) sock_allow | varchar (100) sock_deny | varchar (100) userid | varchar (100) --------------------------- Consider the following settings: | login | sock_allow | sock_deny | userid --+------------+------------------+-----------------+------------- 1 |client | | | [EMAIL PROTECTED] 2 |client |inet:127.0.0.1:143| | [EMAIL PROTECTED] 3 |client |inet:10.1.1.1:143 |inet:10.1.1.1:110| [EMAIL PROTECTED] 4 |ANY |inet:10.1.1.2:143 | | [EMAIL PROTECTED] row 1 will give you a simple 1-1 mapping irrespective of the IP address connected to. row 2 will allow [EMAIL PROTECTED] to login on a single IP address with imap. row 3 will allow [EMAIL PROTECTED] to login on a single IP address with imap but will reject POP access. row 4 will map all logins on a single IP address to an expanded form. Niblett, David A wrote: > I have updated the patch on the Bugs pages: > http://www.dbmail.org/mantis/bug_view_advanced_page.php?bug_id=0000209 > > It contains the fixes outlined below. As part of the fixes, LDAP > should be included as well as SQL now. I've moved the lowercasing > of the names as an option to misc.c, get_fqun() function. > > Please note that this patch is only for the 2.0 trunk. Paul is kindly > working on taking many of the ideas and adding the feature to 2.1. > > * Special Note * > If any of you want to use my folders patch (allows [EMAIL PROTECTED]) > and this domains patch at the same time. Please patch with the domains > patch, then the folders patch, and you shouldn't get any errors, just > warnings about fuzz. Or you can contact me for a master patch that I > have for our company. > > -- > David A. Niblett | email: [EMAIL PROTECTED] > Network Administrator | Phone: (352) 334-3400 > Gainesville Regional Utilities | Web: http://www.gru.net/ > > > > -----Original Message----- > From: Niblett, David A [mailto:[EMAIL PROTECTED] > Sent: Monday, June 06, 2005 8:21 AM > To: 'DBMail mailinglist' > Subject: RE: [Dbmail] Restricting Access > > > - I'll fix the case sensitive and put it back to normal. I would like to > point out that you do case insensitive matches on aliases. That is why I > added case insensitive to the usernames. I'll plan on adding an option to > the dbmail.conf file to OPT which way you would like it. That seems like it > would be the best fix for everyone. > > - If I hard coded my domain in there, well then I'm just an idiot. I must > have left it in there from testing. I'll get that fixed right away. > > - Don't get why the regex code isn't valid. It's used in the db.c file, so > I just added the header to misc.h and used it. That's where I stole the > idea from. > > - Yup, sorry, I don't do LDAP. I'd expect it to be pretty easy to add in > there, but I have no way to test, so I'd rather not release a patch with my > name on it that doesn't work. > > You are correct, I'm aiming for the 2.0 code as our policy is not to run > non-stable releases. I looked at the 2.1 and I like the idea where you are > going, but for now my patches will be for the 2.0 branch. You are certainly > welcome to use any code or ideas that I do in the patches. > > In one comment you said I was only looking for 1 IP to name match (if I > interpret you correctly). I think you may be confused. If you put in the > dbmail_domains table: > > 10.0.0.1 xyz.com > 10.0.0.2 xyz.com > 10.0.0.3 abc.com > 10.0.0.4 abc.com > > That will cover any connection to 10.0.0.1 and .2 to have xyz.com added to > the end of the name. .3 and .4 connections will get abc.com. I cover any > number of IP's to any domain. I'll look and verify that, but as it's > running now on a couple of servers just fine, I'm not sure I understand the > problem. > > -- > David A. Niblett | email: [EMAIL PROTECTED] > Network Administrator | Phone: (352) 334-3400 > Gainesville Regional Utilities | Web: http://www.gru.net/ > > > > -----Original Message----- > From: Paul J Stevens [mailto:[EMAIL PROTECTED] > Sent: Saturday, June 04, 2005 6:34 AM > To: DBMail mailinglist > Subject: Re: [Dbmail] Restricting Access > > > Niblett, David A wrote: > >>Oh for the love of God. Thanks Paul. >> >>I fixed my own problem WITH a patch that *I* wrote, and I didn't even >>put it together. >> >>I have not heard back from you about that patch. Is there anything >>you would like me to fix? Did I break anything? > > > A couple of things: > - you make the login case-insensitive. While I understand your requirement, > such a change would require some further discussion. Some people may very > well rely on case-sensitive usernames. We try to follow posix compliance > here, so case-sensitive is probably a requirement. > - you're using regexp code in get_fqun(). Regexp is no-go. Also your domain > (gru.net) is hard-coded in there. > - no authldap.c integration (which is logical given that your patch is aimed > at 2.0). > > other than that, I like the idea very much. But like I said I will like it > better if we can integrate in into the usermap feature, by expanding that > new table with IP based mapping/acl fields. > > Very much a worthy addition to the 2.1 codebase. > > We need to store the client's sockaddr and pass it to the clienthandlers, > and we will also need to fix the listen calls to support a list of > addresses, rather than only one like is currently the case. > > If I can make some time I'll start working on this asap. But these last > weeks before the summer holidays are always filled with production > deadlines, and exhausted children that need some extra support :-) > > > >>-- >>David >> >>-----Original Message----- >>From: Paul J Stevens >>To: DBMail mailinglist >>Sent: 6/3/2005 4:56 PM >>Subject: Re: [Dbmail] Restricting Access >> >>Niblett, David A wrote: >> >> >>>I have an interesting situation and I wonder if any one else has >>>something like this and how you deal with it. >>> >>>Basically we want to do a free Webmail service that has ad's on it. >>>For these users I want to only allow them to use the webmail interface >>>to view their email (ie. no POP or IMAP). >> >> >>run a separate dbmail-pop3d or imapd process on a dedicated port say >>localhost/10110 and connect to that port from your webmail >>application. Or better yet, use the new unix-socket support for better >>performance if webmail supports unix-sockets. >> >> >> >>>We also have users that pay us for Internet access. For them I would >>>like to allow POP and IMAP access to their box. >> >> >>Run a seperate one on the usual port 110, publically accessible. >> >>If we now use your client-ip mapping idea in the usermap framework >>recently added we get: >> >>login | sock_ok | sock_deny | userid >>--------+--------------+-----------+---------------- >>clientA | /unix-socket | *:143 | [EMAIL PROTECTED] >>clientA | *:143 | | [EMAIL PROTECTED] >> >> >> >> >>>Another type of situation is that if a customer doesn't pay their bill >>>we want to not allow them to POP/IMAP their account. >> >> >>clientB | | *:143 | [EMAIL PROTECTED] >> >> > > > -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.nl
