Permits the access of mail/groupware services related protocols only from trusted network


(Saito Benkei) #1

I would like to have the possibility for some users to resrtict the access at mail services (imap/pop3/smtp/webmail/nethtop) only from trusted network (Green network and Trusted Networks).

Some ideas/implementation?

TIA

Edit:

the request is valid for all email/groupware related protocols (CalDAV/CardDAV/ActiveSync/etc…)


IP-based IMAP access restriction
(Michael Kicks) #2

If users are have strong-enough passwords, there should not be any kind of problem publishing services to internet…
Anyway: if firewall package is installed, you can define rules for access to services (only if NethServer is configured as gateway with two network adapters)


(Saito Benkei) #3

I explain better:

There are some companies where some users have the permission to access to their mailbox in the company network and via internet (with smartphones/webmail/etc), but other users have permission to access only when they are at work, so they can’t access to their mailbox via internet.

I need to implement this.


(Michael Kicks) #4

I don’t know if there’s a way to allow the specific user login only from a zone…
@dev_team?


(Saito Benkei) #5

There’s something here for pop3/imap:

https://wiki.dovecot.org/PostLoginScripting


(Saito Benkei) #6

For Webtop/Nethtop someone has opened an issue 3 days ago:

https://redmine.sonicle.com/issues/296


(Davide Principi) #7

Filed an issue here too

https://github.com/NethServer/dev/issues/5395


(Davide Principi) #8

This is now available from nethserver-testing repo /cc @quality_team

yum --enablerepo=nethserver-testing update nethserver-mail-server

Implemented a new prop, dovecot/RestrictedAccessGroup. The value is a long group name. Members of the given group have IMAP access restricted to trusted networks.

In a next iteration an UI field can be added under Email > Mailboxes tab.


(Davide Principi) #9

I’ve updated the testing package. Now this new feature is available from a “subpackage”

yum --enablerepo=nethserver-testing update nethserver-mail-server
yum --enablerepo=nethserver-testing install nethserver-mail-server-ipaccess

The test case has been modified accordingly /cc @quality_team