Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Limit IMAP access

Limit IMAP access

Scheduled Pinned Locked Moved Feature Requests
securityfirewallimap
19 Posts 4 Posters 3.0k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • potemkin_aiP potemkin_ai

    @girish yep, we discussed that 🙂
    I can't, unfortunately, not all of the cloud providers have that covered...

    girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by
    #10

    @potemkin_ai ah, i see. I think developing a firewall to block specific ports+IP will have to wait for a future release. Atleast, not in the coming one.

    potemkin_aiP 1 Reply Last reply
    0
    • girishG girish

      @potemkin_ai ah, i see. I think developing a firewall to block specific ports+IP will have to wait for a future release. Atleast, not in the coming one.

      potemkin_aiP Offline
      potemkin_aiP Offline
      potemkin_ai
      wrote on last edited by
      #11

      @girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?

      girishG fbartelsF 2 Replies Last reply
      0
      • potemkin_aiP potemkin_ai

        @girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?

        girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #12

        @potemkin_ai that seems more doable. Will look into it.

        potemkin_aiP 1 Reply Last reply
        0
        • potemkin_aiP potemkin_ai

          @girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?

          fbartelsF Offline
          fbartelsF Offline
          fbartels
          App Dev
          wrote on last edited by
          #13

          @potemkin_ai said in Limit IMAP access:

          That't usually a thing in most of the modern servers, isn't it the case here?

          Do you have an example for this claim?

          potemkin_aiP 1 Reply Last reply
          1
          • girishG girish

            @potemkin_ai that seems more doable. Will look into it.

            potemkin_aiP Offline
            potemkin_aiP Offline
            potemkin_ai
            wrote on last edited by
            #14

            @girish thank you!!

            1 Reply Last reply
            0
            • fbartelsF fbartels

              @potemkin_ai said in Limit IMAP access:

              That't usually a thing in most of the modern servers, isn't it the case here?

              Do you have an example for this claim?

              potemkin_aiP Offline
              potemkin_aiP Offline
              potemkin_ai
              wrote on last edited by
              #15

              @fbartels nginx, apache, ssh, etc?

              fbartelsF 1 Reply Last reply
              1
              • potemkin_aiP potemkin_ai

                @fbartels nginx, apache, ssh, etc?

                fbartelsF Offline
                fbartelsF Offline
                fbartels
                App Dev
                wrote on last edited by
                #16

                @potemkin_ai said in Limit IMAP access:

                nginx, apache, ssh, etc?

                But these are not imap/mail servers. For webservers it kind of makes sense, since most website do not require authentication and you may want to host something that is only available "internally". ssh I can understand as well, allow some users access from the internet, but others (that have elevated privileges) only from known location.

                Personally this just feels like a strange feature to me (in regards to a mail server). If you are afraid of password security, then there is a push towards "modern authentication" in the industry in the last years, this then uses tokens for login instead of passwords and the way to retrieve the initial token for the client could be locked behind 2fa for example.

                To be fair there seems to be a feature around this in Dovecot:
                https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets

                potemkin_aiP 1 Reply Last reply
                1
                • fbartelsF fbartels

                  @potemkin_ai said in Limit IMAP access:

                  nginx, apache, ssh, etc?

                  But these are not imap/mail servers. For webservers it kind of makes sense, since most website do not require authentication and you may want to host something that is only available "internally". ssh I can understand as well, allow some users access from the internet, but others (that have elevated privileges) only from known location.

                  Personally this just feels like a strange feature to me (in regards to a mail server). If you are afraid of password security, then there is a push towards "modern authentication" in the industry in the last years, this then uses tokens for login instead of passwords and the way to retrieve the initial token for the client could be locked behind 2fa for example.

                  To be fair there seems to be a feature around this in Dovecot:
                  https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets

                  potemkin_aiP Offline
                  potemkin_aiP Offline
                  potemkin_ai
                  wrote on last edited by
                  #17

                  @fbartels I'm not exactly afraid of something; but limiting the IPs allowed to collect mail from is a valid business requirement for a cloud office.

                  fbartelsF 1 Reply Last reply
                  0
                  • potemkin_aiP potemkin_ai

                    @fbartels I'm not exactly afraid of something; but limiting the IPs allowed to collect mail from is a valid business requirement for a cloud office.

                    fbartelsF Offline
                    fbartelsF Offline
                    fbartels
                    App Dev
                    wrote on last edited by
                    #18

                    @potemkin_ai believe it or not. My daytime job is building a "mail server" and I have not heard a single customer come up with such a requirement. Therefore I was curious of your intentions.

                    For us customers either put their system directly accessible to the internet, or if that is not desired make it only accessible over vpn. (with stuff like 2fa, or ssl client certificates for web access, but imap is quite backwards in that sense).

                    It also does not look like "client access rules" for Exchange Online cover imap connections: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules

                    potemkin_aiP 1 Reply Last reply
                    0
                    • fbartelsF fbartels

                      @potemkin_ai believe it or not. My daytime job is building a "mail server" and I have not heard a single customer come up with such a requirement. Therefore I was curious of your intentions.

                      For us customers either put their system directly accessible to the internet, or if that is not desired make it only accessible over vpn. (with stuff like 2fa, or ssl client certificates for web access, but imap is quite backwards in that sense).

                      It also does not look like "client access rules" for Exchange Online cover imap connections: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules

                      potemkin_aiP Offline
                      potemkin_aiP Offline
                      potemkin_ai
                      wrote on last edited by
                      #19

                      @fbartels I do believe you.

                      1 Reply Last reply
                      0
                      Reply
                      • Reply as topic
                      Log in to reply
                      • Oldest to Newest
                      • Newest to Oldest
                      • Most Votes


                      • Login

                      • Don't have an account? Register

                      • Login or register to search.
                      • First post
                        Last post
                      0
                      • Categories
                      • Recent
                      • Tags
                      • Popular
                      • Bookmarks
                      • Search