[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] neomail on RAQ02
- Subject: RE: [cobalt-security] neomail on RAQ02
- From: "Matthew Nuzum" <cobalt@xxxxxxxxxxxxx>
- Date: Tue, 27 Nov 2001 10:22:44 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> > The only issue I agree on, is that users could
> > login to other site's neomail and download their mail, and therefore
not
> get
> > charged the bandwidth. This is the only real valid issue.
>
> And I'll add that without major custom programming this is something
> we'll have to live with, and it's behavior that's NOT specific to the
> RaQs but pretty much to any linux implementation.
>
Well, I don't use neomail myself, but if you want to restrict access to
user's of a particular site, you should be able to use one of the auth
mod's cobalt has built into apache. For example:
# Access file
order allow,deny
allow from all
require group site1
Authname "www.site1.com email board"
Authtype Basic
This limits access to users from site1. I don't know how easy it would
be to patch neomail to support http auth, but I'll bet it wouldn't be
too difficult.
Then, all you need is a .htaccess in the neomail folder.
Hope this helps,
Matt Nuzum
Bearfruit.org