[Dovecot] restrict webmail access
Hi
I'm using dovecot imap with ldap accounts. User management interface is phamm. Internal clients connect directly using imap client. External clients must use webmail (squirrelmail). But not everyone is supposed to use webmail. Is there any way to control who is allowed to log in from a specific IP (webmail ip)?
Thanx for suggestions
Jan
On Aug 12, 2008, at 10:35 AM, Jan wrote:
I'm using dovecot imap with ldap accounts. User management interface
is phamm. Internal clients connect directly using imap client.
External clients must use webmail (squirrelmail). But not everyone
is supposed to use webmail. Is there any way to control who is
allowed to log in from a specific IP (webmail ip)?
So you want to deny webmail access to some users but still allow them
to log in directly via IMAP? You could do that with SQL passdb or
checkpassword script, but there's really no way to do it with LDAP.
Well, or one last possibility would be to allow the user to log in but
immediately disconnect him by checking the access in post-login
script: http://wiki.dovecot.org/PostLoginScripting
Am 12.08.2008 16:35 schrieb Jan:
Hi
I'm using dovecot imap with ldap accounts. User management interface is phamm. Internal clients connect directly using imap client. External clients must use webmail (squirrelmail). But not everyone is supposed to use webmail. Is there any way to control who is allowed to log in from a specific IP (webmail ip)?
Hi Jan,
yes, it's possible to restrict the access for some/all users to a given network range. More information: http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
Regards, Pascal
On Aug 12, 2008, at 2:40 PM, Pascal Volk wrote:
Am 12.08.2008 16:35 schrieb Jan:
Hi
I'm using dovecot imap with ldap accounts. User management
interface is phamm. Internal clients connect directly using imap client. External clients must use webmail (squirrelmail). But not everyone is
supposed to use webmail. Is there any way to control who is allowed to log in
from a specific IP (webmail ip)?Hi Jan,
yes, it's possible to restrict the access for some/all users to a
given network range. More information: http://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets
There's no negative though, so it's not possible to deny access from
given network range.. Well, except using an extra passdb with deny=yes.
participants (3)
-
Jan
-
Pascal Volk
-
Timo Sirainen