On Wed, Aug 26, 2009 at 12:14:09PM -0300, Paulo Scardine wrote:
Hi,
Often I'm asked to restrict access to some e-mail accounts based on the
client IP address (for example, some employees should not access e-mail
except from office to avoid overtime and other labor related lawsuits).
I'm thinking about implementing a flag to pass the client IP address
along with the username field to the database backend, so I can write a
custom backend to implement client IP based rules.
Any comments/advice?
On passing of the IP address side of things, I think that you should
be able to do this by using something like query_key=\u\D\i .
Which basically means pass '<user>@<ip>' as the key of the lookup.
On the back-end side of things, you can probably use this key with one of
the existing back-ends. If this doesn't meet your needs you may want to
consider the daemon back-end. I see that it isn't documented in
perditiondb.5, but briefly it allows you to create a (small?) daemon that
responds to lookup requests. The code for the client (the perdition side of
the code) and a sample server can be found in perdition/perdition/db/