26 Aug
2009
26 Aug
'09
3:14 p.m.
Hi,
Often I'm asked to restrict access to some e-mail accounts based on the
client IP address (for example, some employees should not access e-mail
except from office to avoid overtime and other labor related lawsuits).
I'm thinking about implementing a flag to pass the client IP address
along with the username field to the database backend, so I can write a
custom backend to implement client IP based rules.
Any comments/advice?
TIA,
--
Paulo
26 Aug
26 Aug
5:13 p.m.
Hi,
Often I'm asked to restrict access to some e-mail accounts based on the
client IP address (for example, some employees should not access e-mail
except from office to avoid overtime and other labor related lawsuits).
This depends on the size of your user base, but launching perdition
via xinetd and using its access controls (IP, time period, etc) may work.
I'm thinking about implementing a flag to pass the
client IP address
along with the username field to the database backend, so I can write a
custom backend to implement client IP based rules.
Any comments/advice?
TIA,
--
Paulo
______________________________________________
Perdition-users mailing list
Perdition-users(a)vergenet.net
http://lists.vergenet.net/listinfo/perdition-users
--
scott hollatz net shollatz(a)d.UMn.eDu
information technology systems and services tel +1 218 726 8851
university of minnesota duluth mn usa fax +1 218 726 7674
--
"Asn aD ta zlAp em uT zt33rg"
27 Aug
27 Aug
12:24 a.m.
On Wed, Aug 26, 2009 at 12:14:09PM -0300, Paulo Scardine wrote:
Hi,
Often I'm asked to restrict access to some e-mail accounts based on the
client IP address (for example, some employees should not access e-mail
except from office to avoid overtime and other labor related lawsuits).
I'm thinking about implementing a flag to pass the client IP address
along with the username field to the database backend, so I can write a
custom backend to implement client IP based rules.
Any comments/advice?
On passing of the IP address side of things, I think that you should
be able to do this by using something like query_key=\u\D\i .
Which basically means pass '<user>@<ip>' as the key of the lookup.
On the back-end side of things, you can probably use this key with one of
the existing back-ends. If this doesn't meet your needs you may want to
consider the daemon back-end. I see that it isn't documented in
perditiondb.5, but briefly it allows you to create a (small?) daemon that
responds to lookup requests. The code for the client (the perdition side of
the code) and a sample server can be found in perdition/perdition/db/
5362
days inactive
5363
days old
2 comments
3 participants
participants (3)
-
Paulo Scardine -
scott hollatz -
Simon Horman