Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Feature Requests
  3. Limit IMAP access

Limit IMAP access

Scheduled Pinned Locked Moved Feature Requests
securityfirewallimap
19 Posts 4 Posters 2.7k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • potemkin_aiP Offline
      potemkin_aiP Offline
      potemkin_ai
      wrote on last edited by girish
      #1

      Hello! Is there any way to limit access to IMAP, to ensure that only limited IPs (from the office) can fetch the e-mail?

      Any approach would be fine, really 😃

      1 Reply Last reply
      0
      • girishG Offline
        girishG Offline
        girish
        Staff
        wrote on last edited by
        #2

        @potemkin_ai We don't have a way to do this out of the box but I am looking into various security stuff for the coming release 6.3 and hope to have an answer soon. I will move this to feature requests.

        potemkin_aiP 1 Reply Last reply
        2
        • girishG girish

          @potemkin_ai We don't have a way to do this out of the box but I am looking into various security stuff for the coming release 6.3 and hope to have an answer soon. I will move this to feature requests.

          potemkin_aiP Offline
          potemkin_aiP Offline
          potemkin_ai
          wrote on last edited by
          #3

          @girish got it, thank you! Any time estimate for 6.3?

          humptydumptyH girishG 2 Replies Last reply
          0
          • potemkin_aiP potemkin_ai

            @girish got it, thank you! Any time estimate for 6.3?

            humptydumptyH Offline
            humptydumptyH Offline
            humptydumpty
            wrote on last edited by
            #4

            @potemkin_ai There's another pit stop before 6.3. Please see this post for more details: https://forum.cloudron.io/topic/4721/cloudron-6-2-released/12

            1 Reply Last reply
            1
            • potemkin_aiP potemkin_ai

              @girish got it, thank you! Any time estimate for 6.3?

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #5

              @potemkin_ai We will have a better idea later this week or early next week for sure. I will post an update in the 6.3 thread - https://forum.cloudron.io/topic/4723/what-s-coming-in-cloudron-6-3

              potemkin_aiP 2 Replies Last reply
              0
              • girishG girish

                @potemkin_ai We will have a better idea later this week or early next week for sure. I will post an update in the 6.3 thread - https://forum.cloudron.io/topic/4723/what-s-coming-in-cloudron-6-3

                potemkin_aiP Offline
                potemkin_aiP Offline
                potemkin_ai
                wrote on last edited by
                #6

                @girish thank you, subscribed. Desperately looking forward for the mail access restriction in 6.3, wish you a nice smooth release! 😊

                1 Reply Last reply
                0
                • girishG girish

                  @potemkin_ai We will have a better idea later this week or early next week for sure. I will post an update in the 6.3 thread - https://forum.cloudron.io/topic/4723/what-s-coming-in-cloudron-6-3

                  potemkin_aiP Offline
                  potemkin_aiP Offline
                  potemkin_ai
                  wrote on last edited by
                  #7

                  @girish any updates here?

                  girishG 1 Reply Last reply
                  0
                  • potemkin_aiP potemkin_ai

                    @girish any updates here?

                    girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by girish
                    #8

                    @potemkin_ai Can you not block this currently in your cloud firewall? If you are hosting in the Cloud, pretty much all cloud providers have a way to block port 993 at IP level.

                    potemkin_aiP 1 Reply Last reply
                    0
                    • girishG girish

                      @potemkin_ai Can you not block this currently in your cloud firewall? If you are hosting in the Cloud, pretty much all cloud providers have a way to block port 993 at IP level.

                      potemkin_aiP Offline
                      potemkin_aiP Offline
                      potemkin_ai
                      wrote on last edited by
                      #9

                      @girish yep, we discussed that 🙂
                      I can't, unfortunately, not all of the cloud providers have that covered...

                      girishG 1 Reply Last reply
                      0
                      • potemkin_aiP potemkin_ai

                        @girish yep, we discussed that 🙂
                        I can't, unfortunately, not all of the cloud providers have that covered...

                        girishG Offline
                        girishG Offline
                        girish
                        Staff
                        wrote on last edited by
                        #10

                        @potemkin_ai ah, i see. I think developing a firewall to block specific ports+IP will have to wait for a future release. Atleast, not in the coming one.

                        potemkin_aiP 1 Reply Last reply
                        0
                        • girishG girish

                          @potemkin_ai ah, i see. I think developing a firewall to block specific ports+IP will have to wait for a future release. Atleast, not in the coming one.

                          potemkin_aiP Offline
                          potemkin_aiP Offline
                          potemkin_ai
                          wrote on last edited by
                          #11

                          @girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?

                          girishG fbartelsF 2 Replies Last reply
                          0
                          • potemkin_aiP potemkin_ai

                            @girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?

                            girishG Offline
                            girishG Offline
                            girish
                            Staff
                            wrote on last edited by
                            #12

                            @potemkin_ai that seems more doable. Will look into it.

                            potemkin_aiP 1 Reply Last reply
                            0
                            • potemkin_aiP potemkin_ai

                              @girish I'm not looking for a custom firewall rules, but an IMAP server level allowed IP range. That't usually a thing in most of the modern servers, isn't it the case here?

                              fbartelsF Offline
                              fbartelsF Offline
                              fbartels
                              App Dev
                              wrote on last edited by
                              #13

                              @potemkin_ai said in Limit IMAP access:

                              That't usually a thing in most of the modern servers, isn't it the case here?

                              Do you have an example for this claim?

                              potemkin_aiP 1 Reply Last reply
                              1
                              • girishG girish

                                @potemkin_ai that seems more doable. Will look into it.

                                potemkin_aiP Offline
                                potemkin_aiP Offline
                                potemkin_ai
                                wrote on last edited by
                                #14

                                @girish thank you!!

                                1 Reply Last reply
                                0
                                • fbartelsF fbartels

                                  @potemkin_ai said in Limit IMAP access:

                                  That't usually a thing in most of the modern servers, isn't it the case here?

                                  Do you have an example for this claim?

                                  potemkin_aiP Offline
                                  potemkin_aiP Offline
                                  potemkin_ai
                                  wrote on last edited by
                                  #15

                                  @fbartels nginx, apache, ssh, etc?

                                  fbartelsF 1 Reply Last reply
                                  1
                                  • potemkin_aiP potemkin_ai

                                    @fbartels nginx, apache, ssh, etc?

                                    fbartelsF Offline
                                    fbartelsF Offline
                                    fbartels
                                    App Dev
                                    wrote on last edited by
                                    #16

                                    @potemkin_ai said in Limit IMAP access:

                                    nginx, apache, ssh, etc?

                                    But these are not imap/mail servers. For webservers it kind of makes sense, since most website do not require authentication and you may want to host something that is only available "internally". ssh I can understand as well, allow some users access from the internet, but others (that have elevated privileges) only from known location.

                                    Personally this just feels like a strange feature to me (in regards to a mail server). If you are afraid of password security, then there is a push towards "modern authentication" in the industry in the last years, this then uses tokens for login instead of passwords and the way to retrieve the initial token for the client could be locked behind 2fa for example.

                                    To be fair there seems to be a feature around this in Dovecot:
                                    https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets

                                    potemkin_aiP 1 Reply Last reply
                                    1
                                    • fbartelsF fbartels

                                      @potemkin_ai said in Limit IMAP access:

                                      nginx, apache, ssh, etc?

                                      But these are not imap/mail servers. For webservers it kind of makes sense, since most website do not require authentication and you may want to host something that is only available "internally". ssh I can understand as well, allow some users access from the internet, but others (that have elevated privileges) only from known location.

                                      Personally this just feels like a strange feature to me (in regards to a mail server). If you are afraid of password security, then there is a push towards "modern authentication" in the industry in the last years, this then uses tokens for login instead of passwords and the way to retrieve the initial token for the client could be locked behind 2fa for example.

                                      To be fair there seems to be a feature around this in Dovecot:
                                      https://wiki.dovecot.org/PasswordDatabase/ExtraFields/AllowNets

                                      potemkin_aiP Offline
                                      potemkin_aiP Offline
                                      potemkin_ai
                                      wrote on last edited by
                                      #17

                                      @fbartels I'm not exactly afraid of something; but limiting the IPs allowed to collect mail from is a valid business requirement for a cloud office.

                                      fbartelsF 1 Reply Last reply
                                      0
                                      • potemkin_aiP potemkin_ai

                                        @fbartels I'm not exactly afraid of something; but limiting the IPs allowed to collect mail from is a valid business requirement for a cloud office.

                                        fbartelsF Offline
                                        fbartelsF Offline
                                        fbartels
                                        App Dev
                                        wrote on last edited by
                                        #18

                                        @potemkin_ai believe it or not. My daytime job is building a "mail server" and I have not heard a single customer come up with such a requirement. Therefore I was curious of your intentions.

                                        For us customers either put their system directly accessible to the internet, or if that is not desired make it only accessible over vpn. (with stuff like 2fa, or ssl client certificates for web access, but imap is quite backwards in that sense).

                                        It also does not look like "client access rules" for Exchange Online cover imap connections: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules

                                        potemkin_aiP 1 Reply Last reply
                                        0
                                        • fbartelsF fbartels

                                          @potemkin_ai believe it or not. My daytime job is building a "mail server" and I have not heard a single customer come up with such a requirement. Therefore I was curious of your intentions.

                                          For us customers either put their system directly accessible to the internet, or if that is not desired make it only accessible over vpn. (with stuff like 2fa, or ssl client certificates for web access, but imap is quite backwards in that sense).

                                          It also does not look like "client access rules" for Exchange Online cover imap connections: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules

                                          potemkin_aiP Offline
                                          potemkin_aiP Offline
                                          potemkin_ai
                                          wrote on last edited by
                                          #19

                                          @fbartels I do believe you.

                                          1 Reply Last reply
                                          0
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                            • Login

                                            • Don't have an account? Register

                                            • Login or register to search.
                                            • First post
                                              Last post
                                            0
                                            • Categories
                                            • Recent
                                            • Tags
                                            • Popular
                                            • Bookmarks
                                            • Search