Hello. I'm facing a problem, I need to give access to internal mailserer for some people only, but can't figure out how to do it. Opening the 993 port for whole word gives access to everyone who have account. Can Dovecot act as login filter or etc for that purpose. Or does anybody have idea how to do it? -- Sysadmin
I dont know if Dovecot could handle this itself, but it shouldn't be a huge problem creating some iptable rules to handle what you need. Check this link for ideas and examples. http://hacks.oreilly.com/pub/h/45 Hope that helps. Joe Sysadmin wrote:> Hello. > > I'm facing a problem, I need to give access to internal mailserer for some people > only, but can't figure out how to do it. Opening the 993 port for whole word gives > access to everyone who have account. > > Can Dovecot act as login filter or etc for that purpose. Or does anybody have idea > how to do it? >-- The information in this e-mail and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). This information may be subject to legal, professional, or other privilege, or may otherwise be protected by work product, immunity or other legal rules. It must not be disclosed to any person without the sender's authority. If you are not the intended recipient, or are not authorized to receive it for the intended recipient, you are not authorized to, and must not, disclose, copy, distribute, or retain this message or any part of it. Thank you very much. HostPC Internet Services
Tere.> > If you're using PAM authentication then just use pam_group to restrict > it to a specific group. > >I'm using pam, but how to use this pam_group to allow connect all users from my networks a'la 192.168.0.0/24 and only some users from other network a'la 0.0.0.0 to connect to the port 993? -- Sysadmin
Tere.> Actually I do not know wheter Dovecot can do it by itself. > On my server I use a customized PAM-Module to authenticate and authorize > my users. The module also performs a check on the host where the users > comes from and checks wheter there is a rule to allow/deny access from > this host. > > I know this setup sounds an bit exotic, but it works quite nice for me > with the advantage to use this feature within other services than dovecot. > >It's sounds wonderful. Can You kindly share this customized pam module for me? -- Sysadmin
On Mon, 2006-04-10 at 11:44 +0300, Sysadmin wrote:> Hello. > > I'm facing a problem, I need to give access to internal mailserer for some people > only, but can't figure out how to do it. Opening the 993 port for whole word gives > access to everyone who have account. > > Can Dovecot act as login filter or etc for that purpose. Or does anybody have idea > how to do it?Dovecot 1.0beta4 and newer support "allow_nets" field userdb. So with SQL you'd do eg.: select uid, gid, home, allow_nets from users where username = '%u' where allow_nets contains something like: 192.168.0.0/24,10.0.0.0/8 Or the same is possible with passwd-file, etc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060410/a5300b4c/attachment.bin>