"j.emerlik" j.emerlik@gmail.com writes:
I would like to prepare postlogin a script that allow imap connection to roundcube for all but restrict imap access for selected users.
"from" roundcube?
Is possible in condition IF use IP addresses as range or with mask (because I've more than one web servers) ?
Of course -- many ways to skin this cat.
If you have only a handful of IPs
case "$IP" in
12.34.56.78) exec "$@";;
23.45.67.89) exec "$@";;
...
esac
If you have CIDR that align neatly on octet boundaries
case "$IP" in
12.34.56.*) exec "$@";;
23.45.67.*) exec "$@";;
...
esac
The toughest situation (using script techniques) is for CIDR ranges just shy of a full octet boundary e.g. /25. You can use "cut -d .", "IFS=." or "expr" to break the IP into octets, then test the components. e.g. 12.34.56.0/25
# Example 1
PART1=`echo $IP | cut -d. -f1,2,3`
PART2=`echo $IP | cut -d. -f4`
[ "$PART1" = "12.34.56" -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && exec "$@"
# Example 2
PART2=`expr "$IP" : '.*\.\([0-9]*\)'
expr "$IP" : "12.34.56." && [ "$PART2" -ge 0 -a "$PART2" -le 127 ] && exec "$@"
# Example 3 (dodgy, I haven't fully thought this through)
`echo "$IP" | { IFS=. read a b c PART2; [ "$a.$b.$c" = "12.34.56" -a "$PART2" -ge 0 -a "$PART2" -le 127 ] && echo "exec $@"; }`
If you have a busy IMAP server, you'll probably want to use Aki's passdb solution instead, rather than incurring the execution overhead for each and every authentication.
Joseph Tam jtam.home@gmail.com