I have updated the patch on the Bugs pages: http://www.dbmail.org/mantis/bug_view_advanced_page.php?bug_id=0000209
It contains the fixes outlined below. As part of the fixes, LDAP should be included as well as SQL now. I've moved the lowercasing of the names as an option to misc.c, get_fqun() function. Please note that this patch is only for the 2.0 trunk. Paul is kindly working on taking many of the ideas and adding the feature to 2.1. * Special Note * If any of you want to use my folders patch (allows [EMAIL PROTECTED]) and this domains patch at the same time. Please patch with the domains patch, then the folders patch, and you shouldn't get any errors, just warnings about fuzz. Or you can contact me for a master patch that I have for our company. -- David A. Niblett | email: [EMAIL PROTECTED] Network Administrator | Phone: (352) 334-3400 Gainesville Regional Utilities | Web: http://www.gru.net/ -----Original Message----- From: Niblett, David A [mailto:[EMAIL PROTECTED] Sent: Monday, June 06, 2005 8:21 AM To: 'DBMail mailinglist' Subject: RE: [Dbmail] Restricting Access - I'll fix the case sensitive and put it back to normal. I would like to point out that you do case insensitive matches on aliases. That is why I added case insensitive to the usernames. I'll plan on adding an option to the dbmail.conf file to OPT which way you would like it. That seems like it would be the best fix for everyone. - If I hard coded my domain in there, well then I'm just an idiot. I must have left it in there from testing. I'll get that fixed right away. - Don't get why the regex code isn't valid. It's used in the db.c file, so I just added the header to misc.h and used it. That's where I stole the idea from. - Yup, sorry, I don't do LDAP. I'd expect it to be pretty easy to add in there, but I have no way to test, so I'd rather not release a patch with my name on it that doesn't work. You are correct, I'm aiming for the 2.0 code as our policy is not to run non-stable releases. I looked at the 2.1 and I like the idea where you are going, but for now my patches will be for the 2.0 branch. You are certainly welcome to use any code or ideas that I do in the patches. In one comment you said I was only looking for 1 IP to name match (if I interpret you correctly). I think you may be confused. If you put in the dbmail_domains table: 10.0.0.1 xyz.com 10.0.0.2 xyz.com 10.0.0.3 abc.com 10.0.0.4 abc.com That will cover any connection to 10.0.0.1 and .2 to have xyz.com added to the end of the name. .3 and .4 connections will get abc.com. I cover any number of IP's to any domain. I'll look and verify that, but as it's running now on a couple of servers just fine, I'm not sure I understand the problem. -- David A. Niblett | email: [EMAIL PROTECTED] Network Administrator | Phone: (352) 334-3400 Gainesville Regional Utilities | Web: http://www.gru.net/ -----Original Message----- From: Paul J Stevens [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 6:34 AM To: DBMail mailinglist Subject: Re: [Dbmail] Restricting Access Niblett, David A wrote: > Oh for the love of God. Thanks Paul. > > I fixed my own problem WITH a patch that *I* wrote, and I didn't even > put it together. > > I have not heard back from you about that patch. Is there anything > you would like me to fix? Did I break anything? A couple of things: - you make the login case-insensitive. While I understand your requirement, such a change would require some further discussion. Some people may very well rely on case-sensitive usernames. We try to follow posix compliance here, so case-sensitive is probably a requirement. - you're using regexp code in get_fqun(). Regexp is no-go. Also your domain (gru.net) is hard-coded in there. - no authldap.c integration (which is logical given that your patch is aimed at 2.0). other than that, I like the idea very much. But like I said I will like it better if we can integrate in into the usermap feature, by expanding that new table with IP based mapping/acl fields. Very much a worthy addition to the 2.1 codebase. We need to store the client's sockaddr and pass it to the clienthandlers, and we will also need to fix the listen calls to support a list of addresses, rather than only one like is currently the case. If I can make some time I'll start working on this asap. But these last weeks before the summer holidays are always filled with production deadlines, and exhausted children that need some extra support :-) > > -- > David > > -----Original Message----- > From: Paul J Stevens > To: DBMail mailinglist > Sent: 6/3/2005 4:56 PM > Subject: Re: [Dbmail] Restricting Access > > Niblett, David A wrote: > >>I have an interesting situation and I wonder if any one else has >>something like this and how you deal with it. >> >>Basically we want to do a free Webmail service that has ad's on it. >>For these users I want to only allow them to use the webmail interface >>to view their email (ie. no POP or IMAP). > > > run a separate dbmail-pop3d or imapd process on a dedicated port say > localhost/10110 and connect to that port from your webmail > application. Or better yet, use the new unix-socket support for better > performance if webmail supports unix-sockets. > > >>We also have users that pay us for Internet access. For them I would >>like to allow POP and IMAP access to their box. > > > Run a seperate one on the usual port 110, publically accessible. > > If we now use your client-ip mapping idea in the usermap framework > recently added we get: > > login | sock_ok | sock_deny | userid > --------+--------------+-----------+---------------- > clientA | /unix-socket | *:143 | [EMAIL PROTECTED] > clientA | *:143 | | [EMAIL PROTECTED] > > > >>Another type of situation is that if a customer doesn't pay their bill >>we want to not allow them to POP/IMAP their account. > > > clientB | | *:143 | [EMAIL PROTECTED] > > -- ________________________________________________________________ Paul Stevens mailto:[EMAIL PROTECTED] NET FACILITIES GROUP PGP: finger [EMAIL PROTECTED] The Netherlands________________________________http://www.nfg.nl _______________________________________________ Dbmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail _______________________________________________ Dbmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
