Re: [vchkpw] Disable non webmail IMAP access
On Mar 5, 2008, at 6:58 PM, Patrick Grimm wrote: I am not restricting imap access to web client only but my understanding is courier CAN use vchkpw. Courier uses the vpopmail API to authenticate users instead of using the vchkpw command-line program. Since the authentication API doesn't include IP address or reason for authenticating (POP, IMAP, webmail, SMTP AUTH, QmailAdmin login, etc.) the courier authvchkpw module doesn't make use of the access- restriction flags. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/ !DSPAM:47d163e4120501677339429!
Re: [vchkpw] Disable non webmail IMAP access
Tom Collins wrote: On Mar 2, 2008, at 11:39 PM, Alessio Cecchi wrote: Il Friday 29 February 2008 18:46:37 Tom Collins ha scritto: There is someone who is able to disable access IMAP except for webmail (login via localhost) ? Recent versions (like the past year, at least) include a list of IPs for which IMAP connections are considered webmail and don't get rejected for users who don't have IMAP access. Look in vchkpw.c for a 127.0.0.1 -- that's where the list is. Thanks Tom, my webmail already uses 127.0.0.1 (localhost) as IMAP host. In my vchkpw.c 127.0.0.1 is already included this address, but vmoduser -i has no effect. Someone using this option with success? Thanks Ah, I think I know what the problem is. Courier-IMAP doesn't use vchkpw. Switch to dovecot (what many have switched to) or binc-imap. -- Tom Collins - [EMAIL PROTECTED] Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/ I am not restricting imap access to web client only but my understanding is courier CAN use vchkpw. Look for this part in courier's authdaemonrc ##NAME: authmodulelist:2 # # The authentication modules that are linked into authdaemond. The # default list is installed. You may selectively disable modules simply # by removing them from the following list. The available modules you # can use are: authuserdb authpam authshadow authcustom authvchkpw authpipe I have mine set toauthmodulelist=authvchkpw as described here http://www.gentoo.org/doc/en/qmail-howto.xml Section 4.2 Read more at http://www.inter7.com/courierimap/INSTALL.html#authmods !DSPAM:47cf5dfa120501763192180!
Re: [vchkpw] Disable non webmail IMAP access
Il Tuesday 04 March 2008 07:10:32 Tom Collins ha scritto: Ah, I think I know what the problem is. Courier-IMAP doesn't use vchkpw. Switch to dovecot (what many have switched to) or binc-imap. Ok Tom, I will try as soon as possible dovecot. Ciao -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it !DSPAM:47ccef98120502021218367!
Re: [vchkpw] Disable non webmail IMAP access
Il Friday 29 February 2008 18:46:37 Tom Collins ha scritto:
There is someone who is able to disable access IMAP except for
webmail (login
via localhost) ?
Recent versions (like the past year, at least) include a list of IPs
for which IMAP connections are considered webmail and don't get
rejected for users who don't have IMAP access.
Look in vchkpw.c for a 127.0.0.1 -- that's where the list is.
Thanks Tom,
my webmail already uses 127.0.0.1 (localhost) as IMAP host. In my vchkpw.c
127.0.0.1 is already included this address, but vmoduser -i has no effect.
An extract of my vchkpw.c:
#define POP_CONN 0
#define SMTP_CONN 1
#define IMAP_CONN 2
#define WEBMAIL_CONN 3
/* POP/IMAP connections from the following IPs will be classified as
* web mail instead of POP/IMAP. On single-server networks, this
* will typically be just 'localhost'. For clusters, add the IP
* addresses of all webmail servers.
*/
char *webmailips[] = { 127.0.0.1 };
int ConnType = 0;
int main( int argc, char **argv)
{
char *tmpstr;
if ( (IpAddr = get_remote_ip()) == NULL) IpAddr=;
if ( (tmpstr = getenv(TCPLOCALPORT)) == NULL) LocalPort = 0;
else LocalPort = atoi(tmpstr);
Someone using this option with success?
Thanks
--
Alessio Cecchi is:
@ ILS - http://www.linux.it/~alessice/
Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/
@ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
!DSPAM:47cbab37120501250358044!
[vchkpw] Disable non webmail IMAP access
Hello, i need, for a qmail+vpopmail server, to disable non webmail IMAP access only for some users. My Webmail is Horde and IMAP server is courier-imap (courier-authlib-0.60.2 and courier-imap-4.3.0). With vmoduser would seem simple: ~/vpopmail/bin/vmoduser -i [EMAIL PROTECTED] but but in reality does not work, in fact the command totally disables access to IMAP. There is someone who is able to disable access IMAP except for webmail (login via localhost) ? If necessary I can change my IMAP server. Thanks -- Alessio Cecchi is: @ ILS - http://www.linux.it/~alessice/ Assistenza Sistemi GNU/Linux - http://www.cecchi.biz/ @ PLUG - ex-Presidente, adesso senatore a vita, http://www.prato.linux.it !DSPAM:47c7c61e120508748717010!
Re: [vchkpw] Disable non webmail IMAP access
On Feb 29, 2008, at 12:45 AM, Alessio Cecchi wrote: With vmoduser would seem simple: ~/vpopmail/bin/vmoduser -i [EMAIL PROTECTED] but but in reality does not work, in fact the command totally disables access to IMAP. There is someone who is able to disable access IMAP except for webmail (login via localhost) ? Recent versions (like the past year, at least) include a list of IPs for which IMAP connections are considered webmail and don't get rejected for users who don't have IMAP access. Look in vchkpw.c for a 127.0.0.1 -- that's where the list is. -Tom !DSPAM:47c84501120506094020535!
