Boy, do I wish and not just for surgeweb, but for anti-spam purposes as
well.
------ Original Message ------
From: "Frank Bulk" HIDDEN@mypremieronline.com>
To: "surgemailHIDDEN@etwinsite.com" <surgemail-list@netwinsite.com>
Sent: 11/20/2014 8:29:53 AM
Subject: RE: [SurgeMail List] Re: Limit surgeweb login to IP range?
>Do any of the IP address range restrictions support blocking by
>country?
>
>Frank
>
>-----Original Message-----
>From: Surgemail Support [mailto:surgemailHIDDEN@t@netwinsite.com]
>Sent: Thursday, November 20, 2014 3:34 AM
>To: surgemailHIDDEN@etwinsite.com
>Subject: [SurgeMail List] Re: Limit surgeweb login to IP range?
>
>
>Hi again
>
>You are right that that setting did not help. And after testing the
>various existing settings to limit surgeweb, as it stood, I'm pretty
>sure the answer was "no sorry you can't limit the surgeweb logins to a
>particular ip range" at all other than the "all or none" options you
>already found.
>
>However, I have added a surgeweb setting to do this. It is a surgeweb
>config_*.dat setting that will allow you to specify surgeweb access
>restrictions using ip ranges (specified the same way as all surgemail
>level settings that specify ip ranges). As this is a surgeweb
>config_*.dat setting it can be applied at a global, domain or access
>group level, (it will probably even work at the per user level by
>editing _user.dat directly).
>
>This new setting can be used independently from the surgemail
>g_access_group limits, but if you do restrict using the access group
>limits you still need to allow 127.0.0.1 for imap and smtp.
>
>Further info:
> http://netwinsite.com/surgeweb/help/updates.htm
>latest mainstream specials builds (linux 32, linux64, windows)
>available here:
> ftp://netwinsite.com/pub/surgemail/specials
>All you need to apply this tweak is the updated surgemail binary
>version 6.8d-8+
>
>
>Marijn
>
>
>On Saturday 15/11/2014 at 7:35 am, WCTA Helpdesk wrote:
>> I've added this setting, then did a tellmail restart, then temp
>> removed 127.0.0.1 from the g_access_list, but this didn't work,
>>sorry.
>> With 127.0.0.1 removed, when trying to login to surgeweb:
>>
>> Login failed
>> A000 NO login failed User login denied (user) : Account does not have
>> IMAP privileges from ip (127.0.0.1) g_access_group
>>
>> We're on: SurgeMail Version 6.7f-2, Built Oct 16 2014 07:01:53,
>> Platform Linux_64
>> If this makes any difference.
>>
>> -Troy
>>
>> On 11/14/2014 1:32 AM, Surgemail Support (Marijn) wrote:
>>>
>>>
>>> I've not actually tried using this for this purpose, but try adding
>>> the surgeweb setting:
>>> use_imap_realip true
>>> to surgeweb/custom/config_global.dat
>>>
>>> This should make surgeweb register the real address of the user with
>>> the imap connection. It should certainly work for logging purposes,
>>> and I'm hoping it may well get used for the access limits. Let me
>>>know
>>> what you find, if that does not help I'll have to go and manually
>>> setup a config like that and run some tests.
>>>
>>> Marijn
>>>
>>>
>>> On Friday 14/11/2014 at 8:03 am, WCTA Helpdesk wrote:
>>>>
>>>> Is there a way to only allow logins from a range of IP addresses
>>>>for
>>>> surgeweb?
>>>>
>>>> g_access_group works great for smtp and imap restrictions. But not
>>>> for surgeweb, because I have to add 127.0.0.1 for access_imap else
>>>>a
>>>> user trying to login to surgeweb gets an error that they don't have
>>>> access.
>>>>
>>>> But when I add 127.0.0.1 they can login to surgeweb from anywhere.
>>>>
>>>> Here's my g_access_group, if this helps:
>>>> g_access_group group="Default"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>> g_access_group
>>>>group="Restricted"
>>>> access_pop="*" access_imap="216.189.128.0/20,127.0.0.1"
>>>> access_smtp="216.189.128.0/20" access_incoming=""
>>>> g_access_group group="Pay"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>> g_access_group group="Employees"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>> g_access_group group="Pay_10G"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>>
>>>> -Troy
>>>>
>>>
>>>
>>>
>>
>
>
>
>
>
>
|
