How to restrict pop/imap access by user/group names

former03 | Baltasar Cevc baltasar.cevc at
Tue Aug 15 06:42:04 EDT 2006

Hi Kai,

On 14.08.2006, at 22:18, Kai Wang wrote:
> We want to restrict some users only to use pop and some users only to 
> use imap. Can anybody tell me how to do that?
the answer to that question heavily depends on your configuration. 
Because of that I can only give you a pointer to where to start.

You need several imapd.conf files (name them any way you think is 
appropriate), each of them having different authentication settings - 
e.g. if you use SASL SQL auxprops
sasl_sql_select: SELECT %p FROM mail_user WHERE user='%u' AND 
realm='%r' AND imap=1
or something similar.

In case you want people to be  able to use webmail, you will need a 
private imap service that's only available to the webmailer - e.g. on 
localhost. The config for that service must be set in a way that 
everybody can login.

Then create different services in cyrus.conf that specify your config 
=== cyrus.conf
   # add or remove based on preferences
   # services (INTRANET)
   imaps         cmd="/usr/local/bin/imapd -C /etc/imapd-imap.conf -s" 
listen="imaps" prefork=3
   imap          cmd="/usr/local/bin/imapd -C /etc/imapd-imap.conf" 
listen="exthostname:imap" prefork=1
   imap-webmail  cmd="/usr/local/bin/imapd -C /etc/imapd-webmail.conf" 
listen="localhost:imap" prefork=1
   pop3          cmd="/usr/local/bin/popd -C /etc/imapd-webmail.conf" 
listen="pop3" prefork=1

Hope that helps,

Baltasar Cevc

_____ former 03 gmbh
_____ infanteriestraße 19 haus 6 eg
_____ D-80797 muenchen


More information about the Info-cyrus mailing list