Stefan Bertels wrote: > I want to setup some secure IMAP solution: > > 1. access IMAP via SSL from WAN (internet) > 2. access IMAP anyway from LAN > 3. do not allow IMAP access via plaintext password from WAN > 4. use another password for WAN access (for IMAP only) > 5. limit access to specific users (for WAN IMAP only) > 6. block IP addresses after multiple failed logins > > my guess so far: > ad 1: just open IMAP/SSL port in firewall
And add the required line to inetd.conf (the service is called imaps); > ad 2: no firewall in LAN, no problem > ad 3: where to configure (I hope this is not compile-time...) Read docs/imaprc.txt or its a compile time option; > ad 4: is there any solution but have another user? > ad 5: I have no idea how to do this. > ad 6: maybe some software like "denyhosts" has to be used DenyHosts or Fail2ban work fine, but you have to provide your own regular expression(s). > Is there anything, imap-uw can do for me to make this easier? > Is there any solution to (5) or a better solution to the others? Points (4) and (5) are done at the authentication level, imap server is out of the equation, depending on what you use (PAM, LDAP, SASL, ...) is the solution. I've never done anything like you describe, so your guess is as good as mine. -- René Berber _______________________________________________ Imap-uw mailing list Imap-uw@u.washington.edu http://mailman2.u.washington.edu/mailman/listinfo/imap-uw
