separately anyway.
ChrisP.
Do any of the IP address range restrictions support blocking by
country?
Frank
-----Original Message-----
From: Surgemail Support [mailto:surgemail-support@netwinsite.com]
Sent: Thursday, November 20, 2014 3:34 AM
To: surgemail-list@netwinsite.com
Subject: [SurgeMail List] Re: Limit surgeweb login to IP range?
Hi again
You are right that that setting did not help. And after testing
the
various existing settings to limit surgeweb, as it stood, I'm
pretty
sure the answer was "no sorry you can't limit the surgeweb logins
to
a
particular ip range" at all other than the "all or none" options
you
already found.
However, I have added a surgeweb setting to do this. It is a
surgeweb
config_*.dat setting that will allow you to specify surgeweb
access
restrictions using ip ranges (specified the same way as all
surgemail
level settings that specify ip ranges). As this is a surgeweb
config_*.dat setting it can be applied at a global, domain or
access
group level, (it will probably even work at the per user level by
editing _user.dat directly).
This new setting can be used independently from the surgemail
g_access_group limits, but if you do restrict using the access
group
limits you still need to allow 127.0.0.1 for imap and smtp.
Further info:
http://netwinsite.com/surgeweb/help/updates.htm
latest mainstream specials builds (linux 32, linux64, windows)
available here:
ftp://netwinsite.com/pub/surgemail/specials
All you need to apply this tweak is the updated surgemail binary
version 6.8d-8+
Marijn
On Saturday 15/11/2014 at 7:35 am, WCTA Helpdesk wrote:
I've added this setting, then did a tellmail restart, then temp
removed 127.0.0.1 from the g_access_list, but this didn't work,
sorry.
With 127.0.0.1 removed, when trying to login to surgeweb:
Login failed
A000 NO login failed User login denied (user) : Account does
not
have
IMAP privileges from ip (127.0.0.1) g_access_group
We're on: SurgeMail Version 6.7f-2, Built Oct 16 2014 07:01:53,
Platform Linux_64
If this makes any difference.
-Troy
On 11/14/2014 1:32 AM, Surgemail Support (Marijn) wrote:
I've not actually tried using this for this purpose, but try
adding
the surgeweb setting:
use_imap_realip true
to surgeweb/custom/config_global.dat
This should make surgeweb register the real address of the
user
with
the imap connection. It should certainly work for logging
purposes,
and I'm hoping it may well get used for the access limits.
Let me
know
what you find, if that does not help I'll have to go and
manually
setup a config like that and run some tests.
Marijn
On Friday 14/11/2014 at 8:03 am, WCTA Helpdesk wrote:
Is there a way to only allow logins from a range of IP
addresses
for
surgeweb?
g_access_group works great for smtp and imap restrictions.
But
not
for surgeweb, because I have to add 127.0.0.1 for
access_imap
else
a
user trying to login to surgeweb gets an error that they
don't
have
access.
But when I add 127.0.0.1 they can login to surgeweb from
anywhere.
Here's my g_access_group, if this helps:
g_access_group group="Default"
access_pop="*" access_imap="*" access_smtp="*"
access_incoming="*"
g_access_group group="Restricted"
access_pop="*" access_imap="216.189.128.0/20,127.0.0.1"
access_smtp="216.189.128.0/20" access_incoming=""
g_access_group group="Pay"
access_pop="*" access_imap="*" access_smtp="*"
access_incoming="*"
g_access_group group="Employees"
access_pop="*" access_imap="*" access_smtp="*"
access_incoming="*"
g_access_group group="Pay_10G"
access_pop="*" access_imap="*" access_smtp="*"
access_incoming="*"
-Troy
