Restricting admin logins

Andy Fiddaman cyrus at
Thu Nov 29 09:15:06 EST 2007

At the moment we patch the Cyrus IMAP server source so that administrators
(admins in the config file) can only log in from certain IP addresses.

I was wondering if there is a better way to do this or whether some means
of achieving this is planned for future releases?

We have two patches we currently use:

1/ adds a new flag to imapd which means 'do not allow administrative
logins' and we use this flag on the instance on port 143 but not on
another instance on port 144. Port 144 can then be firewalled to everyone
apart from our administrative clients.

2/ adds a new config file option 'admins_ip' which is a list of subnets
from which administrative logins are permitted.

If it would be of benefit I would be happy to clean up either of these and
submit it to the developers.



More information about the Info-cyrus mailing list