Skip to main content

IMAP for some users only

Rogerio
Hello, I have a cPanel server with 68 accounts. Since all plans are cheap, there is no IMAP for users, they only use POP3. I've blocked TCP ports 143 and 993 using iptables (no changes on cPanel installation). Now I need to let only 2 of them to use IMAP. I'm looking for a way to achieve this without changing the default IMAP ports, to avoid problems. I cannot have a secondary IP (Digital Ocean droplet), that would the simple to resolve this situation. I saw that cPanel has a protection to SMTP ports on iptables: Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 owner GID match 992 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 owner GID match 12 ACCEPT tcp -- 0.0.0.0/0 127.0.0.1 multiport dports 25,465,587 owner UID match 202 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 25,465,587 owner UID match 0
Can I do this on INPUT chain for the GID/UID of each user that I want to use IMAP? Or... any better idea? Thank you.

Comments

4 comments

Date Votes
  • cPanelMichael
    Hello, One alternative is to use "WHM >> Host Access Control" to restrict access to IMAP based on IP addresses: Host Access Control - Version 68 Documentation - cPanel Documentation Thank you.
    0
  • Rogerio
    Ok, but I only have one IP address and cannot have a secondary one. If I do this, will let all users to access, I need to let just 2 of 68.
    0
  • cPanelMichael
    Hello, While you can restrict or allow access based on the username with "WHM >> Host Access Control", you can restrict access with the user's IP address, not just your server's IP address. For example, let's say you wanted to block all IP addresses except for the IP addresses of two clients: Client 1 IP: 10.1.2.3 Client 2 IP: 10.2.3.4 In this case, you'd setup the following host access rules: imap : 10.1.2.3 : allow imap : 10.2.3.4 : allow imap : ALL : deny This would allow those two IP addresses to successfully authenticate with the IMAP service, and deny authentication attempts from all other IP addresses. Would this type of setup help? Thank you.
    0
  • Rogerio
    Hello, nice idea, but I cant use because users have dynamic IPs. Thanks anyway. Probably I'll need another small server and do a XINET gateway between the servers, so, I can use iptables to allow only the other server's IP, and users will connect in the other server, with ports 143 and 993 open.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post