Can you apply those country restrictions on a per service basis (i.e. port 25) rather than everything?
Frank
-----Original Message-----
From: David Collar [mailto:dcollar@net-xcellence.com]
Sent: Thursday, November 20, 2014 10:05 AM
To: surgemail-list@netwinsite.com
Subject: RE: Re[2]: [SurgeMail List] Re: Limit surgeweb login to IP range?
SonicWall firewalls can do that for you. It can be setup to refuse connections by country of all connections or by specific port or services. It works well except that now a lot of legitimate traffic comes from all over. I blocked RU only to find that Kaspersky AV updates sometimes gets blocked. I have a customer who does business with the Chinese so I can't block them either. (sigh)
Dave
-----Original Message-----
From: Eric Vey [mailto:junker@ericvey.com]
Sent: Thursday, November 20, 2014 8:46 AM
To: surgemail-list@netwinsite.com
Subject: Re[2]: [SurgeMail List] Re: Limit surgeweb login to IP range?
Boy, do I wish and not just for surgeweb, but for anti-spam purposes as well.
------ Original Message ------
From: "Frank Bulk" <fbulk@mypremieronline.com>
To: "surgemail-list@netwinsite.com" <surgemail-list@netwinsite.com>
Sent: 11/20/2014 8:29:53 AM
Subject: RE: [SurgeMail List] Re: Limit surgeweb login to IP range?
>Do any of the IP address range restrictions support blocking by
>country?
>
>Frank
>
>-----Original Message-----
>From: Surgemail Support [mailto:surgemail-support@netwinsite.com]
>Sent: Thursday, November 20, 2014 3:34 AM
>To: surgemail-list@netwinsite.com
>Subject: [SurgeMail List] Re: Limit surgeweb login to IP range?
>
>
>Hi again
>
>You are right that that setting did not help. And after testing the
>various existing settings to limit surgeweb, as it stood, I'm pretty
>sure the answer was "no sorry you can't limit the surgeweb logins to a
>particular ip range" at all other than the "all or none" options you
>already found.
>
>However, I have added a surgeweb setting to do this. It is a surgeweb
>config_*.dat setting that will allow you to specify surgeweb access
>restrictions using ip ranges (specified the same way as all surgemail
>level settings that specify ip ranges). As this is a surgeweb
>config_*.dat setting it can be applied at a global, domain or access
>group level, (it will probably even work at the per user level by
>editing _user.dat directly).
>
>This new setting can be used independently from the surgemail
>g_access_group limits, but if you do restrict using the access group
>limits you still need to allow 127.0.0.1 for imap and smtp.
>
>Further info:
> http://netwinsite.com/surgeweb/help/updates.htm
>latest mainstream specials builds (linux 32, linux64, windows)
>available here:
> ftp://netwinsite.com/pub/surgemail/specials
>All you need to apply this tweak is the updated surgemail binary
>version 6.8d-8+
>
>
>Marijn
>
>
>On Saturday 15/11/2014 at 7:35 am, WCTA Helpdesk wrote:
>> I've added this setting, then did a tellmail restart, then temp
>> removed 127.0.0.1 from the g_access_list, but this didn't work,
>>sorry.
>> With 127.0.0.1 removed, when trying to login to surgeweb:
>>
>> Login failed
>> A000 NO login failed User login denied (user) : Account does not
>> have IMAP privileges from ip (127.0.0.1) g_access_group
>>
>> We're on: SurgeMail Version 6.7f-2, Built Oct 16 2014 07:01:53,
>> Platform Linux_64 If this makes any difference.
>>
>> -Troy
>>
>> On 11/14/2014 1:32 AM, Surgemail Support (Marijn) wrote:
>>>
>>>
>>> I've not actually tried using this for this purpose, but try adding
>>> the surgeweb setting:
>>> use_imap_realip true
>>> to surgeweb/custom/config_global.dat
>>>
>>> This should make surgeweb register the real address of the user
>>>with
>>> the imap connection. It should certainly work for logging purposes,
>>> and I'm hoping it may well get used for the access limits. Let me
>>>know
>>> what you find, if that does not help I'll have to go and manually
>>> setup a config like that and run some tests.
>>>
>>> Marijn
>>>
>>>
>>> On Friday 14/11/2014 at 8:03 am, WCTA Helpdesk wrote:
>>>>
>>>> Is there a way to only allow logins from a range of IP addresses
>>>>for
>>>> surgeweb?
>>>>
>>>> g_access_group works great for smtp and imap restrictions. But not
>>>> for surgeweb, because I have to add 127.0.0.1 for access_imap else
>>>>a
>>>> user trying to login to surgeweb gets an error that they don't
>>>>have
>>>> access.
>>>>
>>>> But when I add 127.0.0.1 they can login to surgeweb from anywhere.
>>>>
>>>> Here's my g_access_group, if this helps:
>>>> g_access_group group="Default"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>> g_access_group
>>>>group="Restricted"
>>>> access_pop="*" access_imap="216.189.128.0/20,127.0.0.1"
>>>> access_smtp="216.189.128.0/20" access_incoming=""
>>>> g_access_group group="Pay"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>> g_access_group group="Employees"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>> g_access_group group="Pay_10G"
>>>> access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
>>>>
>>>> -Troy
>>>>
>>>
>>>
>>>
>>
>
>
>
>
>
>
|
