Turn on/off IMAP/POP access?
Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. Anders. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
On Sun, Oct 07, 2007 at 01:06:42PM +0200, Anders Norrbring wrote: Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. disable their password? mk Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
Martin Kraus skrev: On Sun, Oct 07, 2007 at 01:06:42PM +0200, Anders Norrbring wrote: Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. disable their password? mk Yeah.. ;) That's one way.. I guess it was just too obvious to be thought of.. heh Thanks! Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
On Sun, 07 Oct 2007, Anders Norrbring might have said: Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. Change the password? Mike Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
On Oct 7, 2007, at 07:06:42, Anders Norrbring wrote: Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. Manages users from mysql with options to enable/disable partial/full account access. Cyrus can do this. Anders. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
Anders Norrbring wrote, at 10/07/2007 07:06 AM: Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. I would imagine that the Cyrus way would be to change the ACL on the user's mailbox, using cyradm (or Cyrus::IMAP::Shell, in a perl script): List ACLs: localhost lam user.bob bob lrswipkxtecda Delete ACLs: localhost dam user.bob bob read List again, to confirm ACLs: localhost lam user.bob Now bob can't read his INBOX, and will get a message like the following when he tries (this is from Thunderbird): The current command did not succeed. The mail server responded: Mailbox does not exist. Note that subfolders are still available. Denying access to the INBOX could be enough of an inconvenience to get the user's attention. To restore access to the INBOX: localhost sam user.bob bob all You can also apply the ACL to all subfolders, so they can't access anything: localhost dam user.bob.* bob read To restore access to all subfolders: localhost sam user.bob.* bob read This approach seems preferable to deleting the password, so you or the user won't have to reset it. For information on setting ACLs, see the cyradm man page. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
Jorey Bump wrote: Anders Norrbring wrote, at 10/07/2007 07:06 AM: Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. I would imagine that the Cyrus way would be to change the ACL on the user's mailbox, using cyradm (or Cyrus::IMAP::Shell, in a perl script): List ACLs: localhost lam user.bob bob lrswipkxtecda Delete ACLs: localhost dam user.bob bob read List again, to confirm ACLs: localhost lam user.bob Now bob can't read his INBOX, and will get a message like the following when he tries (this is from Thunderbird): This won't work since Cyrus implicitly gives user's at least 'lca' rights on their own mailboxes, regardless of the explicitly granted ACL. Disabling the authentication credentials is the best way to do this. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
Ken Murchison wrote, at 10/07/2007 07:51 PM: Jorey Bump wrote: Delete ACLs: localhost dam user.bob bob read Now bob can't read his INBOX, and will get a message like the following when he tries (this is from Thunderbird): This won't work since Cyrus implicitly gives user's at least 'lca' rights on their own mailboxes, regardless of the explicitly granted ACL. Interesting. I tested this only with Thunderbird, and it seemed to be effective enough (I didn't test delivery, however). Is the average user able to restore the necessary ACLs, or does it require special knowledge or client features? Also, what is the 'c' ACL? It's not listed on the man page (for my version). Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
Jorey Bump wrote: Ken Murchison wrote, at 10/07/2007 07:51 PM: Jorey Bump wrote: Delete ACLs: localhost dam user.bob bob read Now bob can't read his INBOX, and will get a message like the following when he tries (this is from Thunderbird): This won't work since Cyrus implicitly gives user's at least 'lca' rights on their own mailboxes, regardless of the explicitly granted ACL. Interesting. I tested this only with Thunderbird, and it seemed to be effective enough (I didn't test delivery, however). Is the average user able to restore the necessary ACLs, or does it require special knowledge or client features? Very few clients allow manipulation of ACLs, and my guess is that most users would end up screwing themselves. Also, what is the 'c' ACL? It's not listed on the man page (for my version). The old CREATE/DELETE right, which is now a macro for 'kx' -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Turn on/off IMAP/POP access?
Ken Murchison skrev: Jorey Bump wrote: Anders Norrbring wrote, at 10/07/2007 07:06 AM: Is there a way to disable a specific user's access to POP and IMAP in Cyrus? I still want the mail to be delivered to the mailboxes (done via LMTP), but I would like to turn off the user from getting the mail. In case you wonder, it's for a pay system, so if they don't pay, the don't get access. I would imagine that the Cyrus way would be to change the ACL on the user's mailbox, using cyradm (or Cyrus::IMAP::Shell, in a perl script): List ACLs: localhost lam user.bob bob lrswipkxtecda Delete ACLs: localhost dam user.bob bob read List again, to confirm ACLs: localhost lam user.bob Now bob can't read his INBOX, and will get a message like the following when he tries (this is from Thunderbird): This won't work since Cyrus implicitly gives user's at least 'lca' rights on their own mailboxes, regardless of the explicitly granted ACL. Disabling the authentication credentials is the best way to do this. Actually, setting the ACL to just 'l' makes a pretty good job. The boxes are there, you can see them, but not read them. Nevertheless, it creates a rather unnecessary load on the server to set and reset ACL's on all mailboxes. For now, I solved it with a field in the MySQL user database, and then check for that field as well when the user logs in. That just disables access and doesn't force a new password for a user who forget to pay. ;) Anders. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html