Thanks. If my dbmail IMAP server is behind a dovecot IMAP proxy, will the usermap deny/allow IP addresses work? Or, will dbmail see the IP address of the dovecot proxy and not be able to see the clientip?
If this is a problem, should I enforce the IP restrictions in dovecot proxy and not use dbmail usermaps? On Jan 31, 2014, at 4:48 PM, Paul J Stevens <[email protected]> wrote: > On 31-01-14 16:45, KT Walrus wrote: >> I only have one domain for my mail addresses, e.g. >> [email protected]. >> >> When I create a new account, should the userid be set to username and >> a single alias created for [email protected] for this userid? Is >> this the best way to set up new accounts? > > The userid is the login handle. Choose whatever you prefer. Users will > generally expect to be able to login with their address. If the address > equals the login, you don't need to add the alias. That would be redundant. > >> >> I see the aliases table has a column called client_idnr. What is >> this column used for? > > That field is in the users table. It's an archaeological anachronism > that was never used, except by third-party users. > >> >> I also want to set up IMAP/POP3 access to allow only IMAP/POP3 for a >> certain group of users, and deny IMAP/POP3 access to all others >> except from a Roundcube Mail installation on my website. I assume I >> can do this using Usermaps feature, but I’m having a little >> difficulty understanding the best way to set this up. >> >> What rows should I have in my usermaps table to implement this? Do I >> need 4 rows per user to allow IMAP/POP3 access from the web or >> Roundcube Mail servers or can I set things up such that there is a >> group for the users and only add a couple of rows to grant access to >> all users in the group? > > > First set your default policy: > > login=ANY, sock_allow='inet:10.0.0.1:143' > > to allow any connection on a non-routed address - i.e. from roundcube. > > Block anyone else: > > login=ANY, sock_deny='inet:1.2.3.4:0' > > on the external public address > > Next set specific access for designated users: > > login='[email protected]', sock_allow='inet:1.2.3.4:0' > login='[email protected]', sock_allow='inet:1.2.3.4.0' > > The match on ANY takes a lower precedence than the full login match. > More specific CIDR blocks also take precedence over less specific ones. > > >> Lastly, I want to have an admin IMAP user that can login (only from >> localhost) and access/update/create/delete mailboxes for any existing >> user using IMAP. What is the best way to set this up? I’ve been >> assuming I need to set up an ACL for each user mailbox to allow the >> admin user access, but I don’t think this will allow the admin user >> to create/delete mailboxes (and autosubscribe the user to them). Is >> there a way to set up a wildcard ACL (mailbox id 0?) to allow access >> to the admin user to all mailboxes? > > Don't do that! Bad Idea! Don't use IMAP to casually grant access to > other people's mailboxes. Integrity alert. Bad karma. Bad business. Just > plain creepy, imo. And *very* bad security from someone who is worried > about compute cycles in password cracks. > > You must have us confused with exchange. > > > > -- > ________________________________________________________________ > Paul J Stevens pjstevns @ gmail, twitter, github, linkedin > > * Premium Hosting Services and Web Application Consultancy * > > www.nfg.nl/[email protected]/+31.85.877.99.97 > ________________________________________________________________ > _______________________________________________ > DBmail mailing list > [email protected] > http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
_______________________________________________ DBmail mailing list [email protected] http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
