You can block most access via this setting on a country basis..
Do any of the IP address range restrictions support blocking by country?
Frank
-----Original Message-----
From: Surgemail Support [mailto:surgemailHIDDEN@t@netwinsite.com]
Sent: Thursday, November 20, 2014 3:34 AM
To: surgemailHIDDEN@etwinsite.com
Subject: [SurgeMail List] Re: Limit surgeweb login to IP range?
Hi again
You are right that that setting did not help. And after testing the
various existing settings to limit surgeweb, as it stood, I'm pretty
sure the answer was "no sorry you can't limit the surgeweb logins to a
particular ip range" at all other than the "all or none" options you
already found.
However, I have added a surgeweb setting to do this. It is a surgeweb
config_*.dat setting that will allow you to specify surgeweb access
restrictions using ip ranges (specified the same way as all surgemail
level settings that specify ip ranges). As this is a surgeweb
config_*.dat setting it can be applied at a global, domain or access
group level, (it will probably even work at the per user level by
editing _user.dat directly).
This new setting can be used independently from the surgemail
g_access_group limits, but if you do restrict using the access group
limits you still need to allow 127.0.0.1 for imap and smtp.
Further info:
latest mainstream specials builds (linux 32, linux64, windows)
available here:
All you need to apply this tweak is the updated surgemail binary
version 6.8d-8+
Marijn
On Saturday 15/11/2014 at 7:35 am, WCTA Helpdesk wrote:
I've added this setting, then did a tellmail restart, then temp
removed 127.0.0.1 from the g_access_list, but this didn't work, sorry.
With 127.0.0.1 removed, when trying to login to surgeweb:
Login failed
A000 NO login failed User login denied (user) : Account does not have
IMAP privileges from ip (127.0.0.1) g_access_group
We're on: SurgeMail Version 6.7f-2, Built Oct 16 2014 07:01:53,
Platform Linux_64
If this makes any difference.
-Troy
On 11/14/2014 1:32 AM, Surgemail Support (Marijn) wrote:
I've not actually tried using this for this purpose, but try adding
the surgeweb setting:
use_imap_realip true
to surgeweb/custom/config_global.dat
This should make surgeweb register the real address of the user with
the imap connection. It should certainly work for logging purposes,
and I'm hoping it may well get used for the access limits. Let me know
what you find, if that does not help I'll have to go and manually
setup a config like that and run some tests.
Marijn
On Friday 14/11/2014 at 8:03 am, WCTA Helpdesk wrote:
Is there a way to only allow logins from a range of IP addresses for
surgeweb?
g_access_group works great for smtp and imap restrictions. But not
for surgeweb, because I have to add 127.0.0.1 for access_imap else a
user trying to login to surgeweb gets an error that they don't have
access.
But when I add 127.0.0.1 they can login to surgeweb from anywhere.
Here's my g_access_group, if this helps:
g_access_group group="Default"
access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
g_access_group group="Restricted"
access_pop="*" access_imap="216.189.128.0/20,127.0.0.1"
access_smtp="216.189.128.0/20" access_incoming=""
g_access_group group="Pay"
access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
g_access_group group="Employees"
access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
g_access_group group="Pay_10G"
access_pop="*" access_imap="*" access_smtp="*" access_incoming="*"
-Troy
