Limit IMAP access
-
@girish yep, we discussed that
I can't, unfortunately, not all of the cloud providers have that covered... -
@potemkin_ai ah, i see. I think developing a firewall to block specific ports+IP will have to wait for a future release. Atleast, not in the coming one.
@girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?
-
@girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?
-
@girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?
@potemkin_ai said in Limit IMAP access:
That't usually a thing in most of the modern servers, isn't it the case here?
Do you have an example for this claim?
-
@potemkin_ai that seems more doable. Will look into it.
@girish thank you!!
-
@potemkin_ai said in Limit IMAP access:
That't usually a thing in most of the modern servers, isn't it the case here?
Do you have an example for this claim?
-
@fbartels nginx, apache, ssh, etc?
@potemkin_ai said in Limit IMAP access:
nginx, apache, ssh, etc?
But these are not imap/mail servers. For webservers it kind of makes sense, since most website do not require authentication and you may want to host something that is only available "internally". ssh I can understand as well, allow some users access from the internet, but others (that have elevated privileges) only from known location.
Personally this just feels like a strange feature to me (in regards to a mail server). If you are afraid of password security, then there is a push towards "modern authentication" in the industry in the last years, this then uses tokens for login instead of passwords and the way to retrieve the initial token for the client could be locked behind 2fa for example.
To be fair there seems to be a feature around this in Dovecot:
https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -
@potemkin_ai said in Limit IMAP access:
nginx, apache, ssh, etc?
But these are not imap/mail servers. For webservers it kind of makes sense, since most website do not require authentication and you may want to host something that is only available "internally". ssh I can understand as well, allow some users access from the internet, but others (that have elevated privileges) only from known location.
Personally this just feels like a strange feature to me (in regards to a mail server). If you are afraid of password security, then there is a push towards "modern authentication" in the industry in the last years, this then uses tokens for login instead of passwords and the way to retrieve the initial token for the client could be locked behind 2fa for example.
To be fair there seems to be a feature around this in Dovecot:
https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets -
@fbartels I'm not exactly afraid of something; but limiting the IPs allowed to collect mail from is a valid business requirement for a cloud office.
@potemkin_ai believe it or not. My daytime job is building a "mail server" and I have not heard a single customer come up with such a requirement. Therefore I was curious of your intentions.
For us customers either put their system directly accessible to the internet, or if that is not desired make it only accessible over vpn. (with stuff like 2fa, or ssl client certificates for web access, but imap is quite backwards in that sense).
It also does not look like "client access rules" for Exchange Online cover imap connections: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules
-
@potemkin_ai believe it or not. My daytime job is building a "mail server" and I have not heard a single customer come up with such a requirement. Therefore I was curious of your intentions.
For us customers either put their system directly accessible to the internet, or if that is not desired make it only accessible over vpn. (with stuff like 2fa, or ssl client certificates for web access, but imap is quite backwards in that sense).
It also does not look like "client access rules" for Exchange Online cover imap connections: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules
@fbartels I do believe you.
