dovecot - Jan 2005 - Feature-request: ip based access control (libwrap)

Is there plans to use libwrap
Or is there already some kind of access control i have missed??
What i really want is a mechanism so i can say:
If The request comes from "123.121.212.0" dont offer ssl and accept
plain
else demand ssl and no plain

I now have this  (almost) in another imap server by  xinetd and two ip
addresses.
I could solve this by iptables or access list on the router but i would prefer
to have it in the software itself.
(Sorry if this is a faq i have tried to check before i posted this)

-- 
Bengt-Arne Fjellner
Lule? technical university

On Thu, 2005-01-06 at 23:49 +0100, Bengt-Arne Fjellner
wrote:
> Is there plans to use libwrap
> Or is there already some kind of access control i have missed??
> What i really want is a mechanism so i can say:
> If The request comes from "123.121.212.0" dont offer ssl and
accept plain
> else demand ssl and no plain
Does this mean you also want to disable STARTTLS or just reject the SSL
port?
> I now have this  (almost) in another imap server by  xinetd and two ip
addresses.
> I could solve this by iptables or access list on the router but i would
prefer
> to have it in the software itself.
xinetd is the only possibility for now, you can use it with Dovecot as
well (see Wiki). For disabling STARTTLS you can use
http://dovecot.org/patches/1.0/no-tls-networks.diff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20050107/3bf7a5a2/attachment-0001.bin>

Timo Sirainen skrev:
> On Thu, 2005-01-06 at 23:49 +0100, Bengt-Arne Fjellner wrote:
>> Is there plans to use libwrap
>> Or is there already some kind of access control i have missed??
>> What i really want is a mechanism so i can say:
>> If The request comes from "123.121.212.0" dont offer ssl and
accept plain
>> else demand ssl and no plain
>
> Does this mean you also want to disable STARTTLS or just reject the SSL
> port?
Yes i want to disable starttls.
>
>> I now have this  (almost) in another imap server by  xinetd and two ip
addresses.
>> I could solve this by iptables or access list on the router but i would
prefer
>> to have it in the software itself.
>
> xinetd is the only possibility for now, you can use it with Dovecot as
> well (see Wiki). For disabling STARTTLS you can use
> http://dovecot.org/patches/1.0/no-tls-networks.diff
>
>

-- 
Bengt-Arne Fjellner
0910-58 53 69