On Wed, May 10, 2000 at 11:55:50PM +0300, Ira Abramov wrote:
> > I want to have a pop3 server that will allow most users to only access
> > from the local network, but to allow a small group of users to also read
> > mail from all over the internet.
>
> using tcpserver from Dan Bernstein you can bind the pop server to one IP
> only or the other, or at least pass the IP address as an environment
> variable to the pop process or even set a flag in the environment
> according to the originating IP address. all you will have left to do is
> hack the process (or maybe PAM if the popd uses it?) to check for the
> environment flag and decide on the action.
Umm, unless I'm mistaken, tcpserver allows you to bind your server to
a specific *local* address (rather than 0.0.0.0); this does not have
the desired effect in this case. (What it means is that the server only
listens to one interface from then on.)
I could be wrong: last time I used tcpserver was about a year ago.
But it seems to me that what the original poster needs is a feature
akin to Check Point FW-1's "client authentication": a server that
listens on some unrelated port, against which you identify and
authenticate yourself; once this is done, the server dynamically
configures the firewall to open up a specific service to the IP from
which you authenticated. Naturally, there is a mechanism handling
timeouts and logging involved.
This could be scriptable, but to do it securely will take more than
a trivial effort.
Gaal
--
believing is seeing
[EMAIL PROTECTED]
http://www.forum2.org/gaal/
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
