Hello,
I've been running dovecot for over 3 years now and it works
with no problems. I have it setup so that it authenticates users against
Active Directory via LDAP and so far no problems.
What I would like to know is if there is any way that I
could deny access for users trying to access email via cellphones or email
clients outside the company. I can close everything since there are a few
users that need to get emails from outside the company via cell phone of
email clients.
I was thinking if there was a way to lets say create a group
in AD named: "remote-email" that will allow connection and
authentication
from any network, any user not in that group will only be able to
authenticate if the source is 192.168.xx.xx/24.
Is this possible?
Maybe not with Dovecot, but maybe someone else has any ideas..?
Thanks
--------
Romer Ventura
> What I would like to know is if there is any way that I > could deny access for users trying to access email via cellphones or email > clients outside the company. I can close everything since there are a few > users that need to get emails from outside the company via cell phone of > email clients. > > > > I was thinking if there was a way to lets say create a group > in AD named: "remote-email" that will allow connection and authentication > from any network, any user not in that group will only be able to > authenticate if the source is 192.168.xx.xx/24. > > > > Is this possible?Read this: http://wiki1.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -- Simone Caruso IT Consultant p.iva: 03045250838
-----Original Message----- From: dovecot-bounces+rventura=h-st.com at dovecot.org [mailto:dovecot-bounces+rventura=h-st.com at dovecot.org] On Behalf Of Simone Caruso Sent: Tuesday, January 11, 2011 12:18 PM To: dovecot at dovecot.org Subject: Re: [Dovecot] Denying authentication> What I would like to know is if there is any way that > I could deny access for users trying to access email via cellphones or > email clients outside the company. I can close everything since there > are a few users that need to get emails from outside the company via > cell phone of email clients. > > > > I was thinking if there was a way to lets say create > a group in AD named: "remote-email" that will allow connection and > authentication from any network, any user not in that group will only > be able to authenticate if the source is 192.168.xx.xx/24. > > > > Is this possible?Read this: http://wiki1.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -- Simone Caruso IT Consultant p.iva: 03045250838 Yeah, but again. There are certain users that will need to access their email from outside our local networks. This would work for half of what I would like to accomplish, the other half: "allow authentication for remote users as long as they belong to certain LDAP group" or something similar is what I am more interested on. Any thoughts? Thanks
On 11/01/2011 20:10, Romer Ventura wrote:> > -----Original Message----- > From: dovecot-bounces+rventura=h-st.com at dovecot.org > [mailto:dovecot-bounces+rventura=h-st.com at dovecot.org] On Behalf Of Simone > Caruso > Sent: Tuesday, January 11, 2011 12:18 PM > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Denying authentication > >> What I would like to know is if there is any way that >> I could deny access for users trying to access email via cellphones or >> email clients outside the company. I can close everything since there >> are a few users that need to get emails from outside the company via >> cell phone of email clients. >> >> >> >> I was thinking if there was a way to lets say create >> a group in AD named: "remote-email" that will allow connection and >> authentication from any network, any user not in that group will only >> be able to authenticate if the source is 192.168.xx.xx/24. >> >> >> >> Is this possible? > > Read this: > http://wiki1.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > -- > Simone Caruso > IT Consultant > p.iva: 03045250838 > > > Yeah, but again. There are certain users that will need to access their > email from outside our local networks. This would work for half of what I > would like to accomplish, the other half: "allow authentication for remote > users as long as they belong to certain LDAP group" or something similar is > what I am more interested on. >You can try using two userdb with different LDAP queries for each ldap group(see MultipleDatabases wiki page), but i never tried something like this. -- Simone Caruso IT Consultant +39 349 65 90 805 p.iva: 03045250838
On Tue, Jan 11, 2011 at 01:10:54PM -0600, Romer Ventura wrote:> > -----Original Message----- > From: dovecot-bounces+rventura=h-st.com at dovecot.org > [mailto:dovecot-bounces+rventura=h-st.com at dovecot.org] On Behalf Of Simone > Caruso > Sent: Tuesday, January 11, 2011 12:18 PM > To: dovecot at dovecot.org > Subject: Re: [Dovecot] Denying authentication > > > What I would like to know is if there is any way that > > I could deny access for users trying to access email via cellphones or > > email clients outside the company. I can close everything since there > > are a few users that need to get emails from outside the company via > > cell phone of email clients. > > > > > > > > I was thinking if there was a way to lets say create > > a group in AD named: "remote-email" that will allow connection and > > authentication from any network, any user not in that group will only > > be able to authenticate if the source is 192.168.xx.xx/24. > > > > > > > > Is this possible? > > Read this: > http://wiki1.dovecot.org/PasswordDatabase/ExtraFields/AllowNets > > -- > Simone Caruso > IT Consultant > p.iva: 03045250838 > > > Yeah, but again. There are certain users that will need to access their > email from outside our local networks. This would work for half of what I > would like to accomplish, the other half: "allow authentication for remote > users as long as they belong to certain LDAP group" or something similar is > what I am more interested on.You can give any extra field on a per user basis. Also read here: http://wiki1.dovecot.org/PasswordDatabase/ExtraFields Dennis