Turn on/off IMAP/POP access?
Anders Norrbring
lists at norrbring.se
Mon Oct 8 00:45:14 EDT 2007
Ken Murchison skrev:
> Jorey Bump wrote:
>> Anders Norrbring wrote, at 10/07/2007 07:06 AM:
>>> Is there a way to disable a specific user's access to POP and IMAP in
>>> Cyrus? I still want the mail to be delivered to the mailboxes (done
>>> via LMTP), but I would like to turn off the user from getting the mail.
>>>
>>> In case you wonder, it's for a pay system, so if they don't pay, the
>>> don't get access.
>>
>> I would imagine that the Cyrus way would be to change the ACL on the
>> user's mailbox, using cyradm (or Cyrus::IMAP::Shell, in a perl script):
>>
>> List ACLs:
>>
>> localhost> lam user.bob
>> bob lrswipkxtecda
>>
>> Delete ACLs:
>> localhost> dam user.bob bob read
>>
>> List again, to confirm ACLs:
>> localhost> lam user.bob
>>
>>
>> Now bob can't read his INBOX, and will get a message like the
>> following when he tries (this is from Thunderbird):
>
> This won't work since Cyrus implicitly gives user's at least 'lca'
> rights on their own mailboxes, regardless of the explicitly granted ACL.
>
> Disabling the authentication credentials is the best way to do this.
>
Actually, setting the ACL to just 'l' makes a pretty good job. The boxes
are there, you can see them, but not read them.
Nevertheless, it creates a rather unnecessary load on the server to set
and reset ACL's on all mailboxes.
For now, I solved it with a field in the MySQL user database, and then
check for that field as well when the user logs in. That just disables
access and doesn't force a new password for a user who forget to pay. ;)
Anders.
More information about the Info-cyrus
mailing list