Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: pleonazm on May 10, 2011, 10:40:16 AM

Title: Imap some users
Post by: pleonazm on May 10, 2011, 10:40:16 AM

Hello,
Is possible to permit IMAP only for some users?
I have a lot of users that configure himself email client with imap, and I don't want this, but for some users with phones email, I want to have access.
Thank you.

Title: Re: Imap some users
Post by: Stefano on May 10, 2011, 10:42:11 AM

Quote from: pleonazm on May 10, 2011, 10:40:16 AM

I have a lot of users that configure himself email client with imap, and I don't want this

why?

Title: Re: Imap some users
Post by: pleonazm on May 10, 2011, 10:46:34 AM

security reason (important emails), space on server, etc.

Title: Re: Imap some users
Post by: mmccarn on May 10, 2011, 01:01:40 PM

You could give the POP3-only users very small disk quotas, and/or change the ports used by IMAP and only tell the new ports to the authorized IMAP users.

I don't see any way to restrict access by user in the docs for imapfront-auth (http://untroubled.org/mailfront/imapfront.html)

Title: Re: Imap some users
Post by: pleonazm on May 10, 2011, 01:19:30 PM

Quote from: mmccarn on May 10, 2011, 01:01:40 PM

.. change the ports used by IMAP and only tell the new ports to the authorized IMAP users.

Great ideea, how to change port?,...and keep after restart?

Title: Re: Imap some users
Post by: mmccarn on May 13, 2011, 01:24:55 PM

Hmmm -- I see your point.  /var/service/imaps/run is not templated.

What happens if you do this:

Code: [Select]

config setprop imaps status disabled
config set imaps-alt service TCPPort 1993 access public status enabled
db portforward_tcp set 1993 forward DestHost localhost DestPort 993
expand-template /etc/rc.d/init.d/masq
/etc/rc.d/init.d/masq restart
signal-event remoteaccess-update

This should do the following:
* disable any firewall rule for port 993 (which will prevent WAN traffic but not LAN traffic)
* create a new "service" (as far as the firewall is concerned) named imaps-alt allowing traffic on port 1993
* create a port forwarding rule from port 1993 to 993.
* rebuild /etc/rc.d/init.d/masq
* reset remote access rules.

If you're trying to restrict access for LAN users, you might need to use 'AllowHosts' or 'DenyHosts' instead of "status disabled" for the imaps service.  Learn more about configuring the firewall by clicking on the link below, then scrolling down to the table showing relevant db variables:
http://wiki.contribs.org/DB_Variables_Configuration#IPTables_firewall_.28masq.29

Undo these changes with:

Code: [Select]

config delete imaps-alt
db portforward_tcp delete 1993
config setprop imaps status enabled
expand-template /etc/rc.d/init.d/masq
/etc/rc.d/init.d/masq restart
signal-event remoteaccess-update