Restrict access to a single client device

Dale J Chatham dale.chatham at gmail.com
Fri Feb 1 08:11:40 EST 2013


You can restrict by user.  You can restrict by IP.  You can restrict by 
SSL credentials (either VPN or certificates with mail).

You cannot restrict by a MAC address, or at least off the top of my head 
I can't come up with one.

Unless they need access to the network from outside, I strongly advise 
against VPN access.  It gives too much access to too much unless they 
need it.

SSL certs are probably the best way to go, but even then there is 
nothing to keep them from copying the cert to another machine and using 
it.  I'm not sure why you want to restrict access to one machine/user 
pair rather than just one user.

On 02/01/2013 03:01 AM, Ram wrote:
> On 02/01/2013 01:20 AM, Dale J Chatham wrote:
>> You use SMTP authentication through postfix or sendmail.  Google [ mail
>> authentication relay   ] and you should find lots of howtos.
>>
>> I'm setting it up to use a sasldb to authenticate external users in
>> order to keep them apart from UNIX users.  Be very certain that you use
>> STARTTLS or some form of authentication for email.  Also, if you're
>> allowing internet access to e-mail, you'll want to use imaps or https.
> The idea is that end users configure their email  on Desktop, Laptop ,
> Phone , tablet, Ipad ... ( The list is getting longer every day )
> So copies of the mail are floating everywhere.
>
> This raises a security concern
>
> I cant block access totally from outside.
> Employees should be allowed access from outside office , but only from
> the designated Laptop.
> One way would be to ask everyone to VPN to the office for mails , Is
> there anyway else.
>
>
> Thanks
> Ram
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-- 
There is a greater darkness than the one we fight. It is the darkness of 
the soul that has lost its way. The war we fight is not against powers 
and principalities, it is against chaos and despair. Greater than the 
death of flesh is the death of hope, the death of dreams. Against this 
peril we can never surrender. The future is all around us, waiting in 
moments of transition, to be born in moments of revelation. No one knows 
the shape of that future, or where it will take us. We know only that it 
is always born in pain. G'Kar


More information about the Info-cyrus mailing list