In certain circumstances, is necessary that some users to not have access to email through webmail (any webmail client/app: SOGO, WebTop, …) but only through desktop apps (Outlook, Thunderbird, …).
For example:
John DOE, john.doe@mycompany.tld, may have access to email only through TB installed on his workstation, only when he is inside company (he can send and receive emails, inside or outside company).
Jane DOE, jane.doe@mycompany.tld, may have access to email through TB installed on her workstation when she is inside company (she can send and receive emails, inside or outside company) and when she is outside company, she may use webmail (any webmail client/app: SOGO, WebTop, …).
In my opinion, this can be done in the following ways:
by user email address (Management -> Email addresses -> User mailboxes: Access to webmail (check box: enabled / disabled, enabled by default)
or
by groups (by adding the user to one of the groups - mandatory choice):
a) Access to webmail (any webmail client/app: SOGO, WebTop, …)
b) No access to webmail (any webmail client/app: SOGO, WebTop, …)
or
by group (the access to webmail is granted by default):
a) No access to webmail (any webmail client/app: SOGO, WebTop, …), by adding the user to this group.
QUESTION: how hard is to implement this feature in one of the ways from above?
From what I understand GG_jr wants some users to access the mail both via webmail(*) and via client (**) while others can access the mail only through a client, so without the possibility of access via webmail.
(*) SOGo/Webtop/Roundcube/etc…
(**) Thunderbird/Outlook/Apps that connect via IMAP/POP3/SMTP to mail server.
Yes, you are absolutely right!
I saw some email servers which can restrict access to webmail and how I said, under specific circumstances (security reasons), this is a very useful feature.
This is something that in the MS world would be handled through GPO, wouldn’t it?
Depending on what webclient(s) you have installed, you could do it either at application level or by restricting webaccess to the webclient…
I am not sure what would be thje most convenient (read: least intrusive for the admin)
Thanks everyone for replies!
Please look at the screenshot from below.
It’s an example for how this feature is implemented.
When “Enable Web Access” is unchecked, the user can reach the login page of the webmail, can enter the username and password, but after clicking on the sign-in button, a message warns the user that this feature (webmail) is not available to him.
Sincerely, I have no idea! AFAIK, is developed by them.
Long time ago I have used an old version, for many years. I still use that version at a customer …
If want more info, please visit their site. It’s for Windows.
Create /etc/e-smith/templates-custom/etc/dovecot/ipaccess.conf/90customblock with following content:
nowebmail@domain.local = 192.168.0.0/24
This worked perfectly for roundcube as it uses imap login. It works for SoGo as you don’t see the mailbox but login works and for webtop but there are errors about connecting to IMAP. For webtop you may disable the user as webtop admin to restrict access.
This way you could turn on/off webmail and local/www clients by group like:
Another (additional) method is the ldap filter method tough it does not work for roundcube. SoGo and webtop use the ldap filter so you may exclude users by group as @stephdl suggested.
