[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cyrus-sasl
Subject:    Re: limit auth to IP
From:       Andreas Winkelmann <ml () awinkelmann ! de>
Date:       2006-10-14 20:55:35
Message-ID: 200610142255.35907.ml () awinkelmann ! de
[Download RAW message or body]

Am Wednesday 11 October 2006 13:51 schrieb Martin G.H. Minkler:

> Is it possible to make a decision whether to offer authentication to a
> user based on the querying source IP address?
>
> One of the customers is picking up all mail for ~70 users with an
> exchange server and plain text POP3 while using criminally simple
> passwords, so we would like to limit the logins for just those accounts
> to the IP address of that exchange server.
>
> Of course this cannot happen on a firewall level as other customers have
> to be able to log in from any arbitrary source IP and OTOH iptables
> can't look into the packets to parse the username :-)

Create two imapd/pop3d's with diffrent Configurations on two IP-Addresses or 
other Ports. And here comes iptables in the game. You can create 
iptables-Rules, where you redirect access from the IPs to these Ports. Or 
just let the Customers use these Ports and block other Traffic.

-- 
	Andreas
[prev in list] [next in list] [prev in thread] [next in thread]