Restricting admin logins
brong at fastmail.fm
Thu Nov 29 18:25:38 EST 2007
On Thu, Nov 29, 2007 at 03:54:29PM +0100, Alain Spineux wrote:
> On Nov 29, 2007 3:15 PM, Andy Fiddaman <cyrus at fiddaman.net> wrote:
> > At the moment we patch the Cyrus IMAP server source so that administrators
> > (admins in the config file) can only log in from certain IP addresses.
> > I was wondering if there is a better way to do this or whether some means
> > of achieving this is planned for future releases?
> Yes have 3 imapd.conf, all common option in one imapd_common.conf
> and @include this file in the two other with different admins options
> Then start two different port and some firewall rules to achieve your need.
Hey, that's a pretty funky idea :)
We use a nginx proxy with an authentication daemon which rejects all
login attempts as admin. Our imap machines are firewalled so that
the only ways you can talk to them are imap or pop via the nginx proxy
or send incoming emails to our mxes which will inject them via lmtp to
the spam scanning machines which do the final delivery.
I do like the different configs for a simpler network layout in a
smaller system though. Very clever!
More information about the Info-cyrus