[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: Restricting admin logins
From:       Bron Gondwana <brong () fastmail ! fm>
Date:       2007-11-29 23:25:38
Message-ID: 20071129232538.GA6087 () brong ! net
[Download RAW message or body]

On Thu, Nov 29, 2007 at 03:54:29PM +0100, Alain Spineux wrote:
> On Nov 29, 2007 3:15 PM, Andy Fiddaman <cyrus@fiddaman.net> wrote:
> >
> > At the moment we patch the Cyrus IMAP server source so that administrators
> > (admins in the config file) can only log in from certain IP addresses.
> >
> > I was wondering if there is a better way to do this or whether some means
> > of achieving this is planned for future releases?
> 
> Yes have 3 imapd.conf, all common option in one imapd_common.conf
> and @include this file in the two other with different admins options
> Then start two different port and some firewall rules to achieve your need.

Hey, that's a pretty funky idea :)

We use a nginx proxy with an authentication daemon which rejects all
login attempts as admin.  Our imap machines are firewalled so that
the only ways you can talk to them are imap or pop via the nginx proxy
or send incoming emails to our mxes which will inject them via lmtp to
the spam scanning machines which do the final delivery.

I do like the different configs for a simpler network layout in a
smaller system though.  Very clever!

Bron.
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[prev in list] [next in list] [prev in thread] [next in thread]