How to restrict pop/imap access by user/group names

former03 | Baltasar Cevc baltasar.cevc at former03.de
Tue Aug 15 06:42:04 EDT 2006


Hi Kai,

On 14.08.2006, at 22:18, Kai Wang wrote:
> We want to restrict some users only to use pop and some users only to 
> use imap. Can anybody tell me how to do that?
the answer to that question heavily depends on your configuration. 
Because of that I can only give you a pointer to where to start.

You need several imapd.conf files (name them any way you think is 
appropriate), each of them having different authentication settings - 
e.g. if you use SASL SQL auxprops
sasl_sql_select: SELECT %p FROM mail_user WHERE user='%u' AND 
realm='%r' AND imap=1
or something similar.

In case you want people to be  able to use webmail, you will need a 
private imap service that's only available to the webmailer - e.g. on 
localhost. The config for that service must be set in a way that 
everybody can login.

Then create different services in cyrus.conf that specify your config 
files.
=== cyrus.conf
[...]
SERVICES {
   # add or remove based on preferences
   # services (INTRANET)
   imaps         cmd="/usr/local/bin/imapd -C /etc/imapd-imap.conf -s" 
listen="imaps" prefork=3
   imap          cmd="/usr/local/bin/imapd -C /etc/imapd-imap.conf" 
listen="exthostname:imap" prefork=1
   imap-webmail  cmd="/usr/local/bin/imapd -C /etc/imapd-webmail.conf" 
listen="localhost:imap" prefork=1
   pop3          cmd="/usr/local/bin/popd -C /etc/imapd-webmail.conf" 
listen="pop3" prefork=1
[...]

Hope that helps,
Baltasar

--
Baltasar Cevc

_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen

_____ http://www.former03.de



More information about the Info-cyrus mailing list