Restrict IMAP usage to certain hosts

[Bart Boelaert]

Hello all,

Cyrus IMAP relies on Cyrus SASL for authentication purposes. I now want to
set-up the following configuration :
1) Certain users should be allowed IMAP access from any host, all other
users should use POP3
2) IMAP access should be allowed for all users, when they check their e-mail
via webmail (which retrieves the mail via IMAP). Webmail is installed on a
web server located near the mail server.

Currently saslauthd uses PAM and PAM connects to a MySQL database in order
to verify the login credentials. There's also a PAM listfile that
allows/denies access based on the service and username supplied by saslauthd
(so, condition 1 is met).

So far, I didn't succeed in meeting condition 2. I already discovered
(correct me if I'm wrong) that the saslauthd does not pass the remote host
to PAM. Filtering on the remote host via a listfile would otherwise have
solved my problem.

Can anyone give me an alternative for meeting both condition 1 and 2?


Thanks in advance!


Bart.