Ban some users from accessing IMAP

Jason L Tibbitts III tibbs at math.uh.edu
Mon Apr 28 12:18:30 EDT 2014


I have a pretty simple cyrus setup; I have a long-running 2.3.16 install
on RHEL5 (one day I'll update), with authentication handled by
cyrus-sasl 2.1.22 and everything authenticating to a kerberos server.

What I would like to do is ban some valid users from accessing IMAP.
We've had a rash of users falling victim to phishing attacks and would
like to simply prevent those users from any remote access.  So they need
a valid kerberos principal in order to access desktops here, but would
lose IMAP access.  (Need to ban remote SSH access as well, but that's
trivial with DenyGroups).

I know this probably isn't strictly a Cyrus IMAPd thing, but I figure
some folks must have run into this kind of requirement before.  I
realize I also need to restrict SMTP logins as well, but that goes
through SASL and the Kerberos server as well so if the solution involves
either of those then perhaps I get it for free.

 - J<


More information about the Info-cyrus mailing list