1

Topic: Webmail only / Client only - current status, pre-migration ?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): Planning migration to iRedMail
====

Hi everyone, I am currently running several domains on Mail-in-a-box. Works solid, but there's a specific task, which requires more flexibility. I'd spent a couple weeks researching more versatile server options, and decided to swith to iRedMail, because for my particular task it's either iRedMail or Exchange/Google Suite and I'm not coming back there.

Google brought me to this thread: https://forum.iredmail.org/topic5804-ho … -only.html This is very close to what we have to have in the offices, and if this works, I'll move to iRedMail.

Our situation - say we have 20 users.
6 of them should full access, e-mail on their mobiles, webmail etc.
10 should have web-mail only, no clients, no mobile access. Strict thin-client webmail.
Remaining 4 should have e-mail setup on their work laptops in clients, and on their mobile, but no webmail access.

My question is - has anything changed regarding the ability to restrict access to webmail only OR to client only? I mean both in the Admin and internally in the DB structure etc.? I've seen the advanced tab in the iRedAdmin-Pro demo, and services can be disabled, but there isn't "webmail" parameter. This thread https://forum.iredmail.org/topic5804-ho … -only.html had plans to implement this. Second page is especially interesting. But it's from 2014.
Should I go by the thread above and figure the queries that would work for me? There're awesome ideas there btw, thanks a lot to Zhang and other participants.

Also, Zhang, you've mentioned not many users need this. I can share that lots of companies need this, almost all that use thin clients or "kiosk" mode machines, field terminals, and have information security policies. I think if these features are implemented and marketed on your site, it would boost adoption of your product. The thread above is frankly the only discussion of an open source solution being able to restrict a particular user to webmail only!

I have also found this solution in the docs: https://docs.iredmail.org/restrict.mail … works.html
If I set this to the localhost only, can it work too?

Thank you.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Webmail only / Client only - current status, pre-migration ?

itworks wrote:

Should I go by the thread above and figure the queries that would work for me?

Do not follow that forum post. I think we have better way to implement this.

itworks wrote:

10 should have web-mail only, no clients, no mobile access. Strict thin-client webmail.

For these users, if webmail is running on same server, update SQL table "vmail.mailbox" like below, we use "user@example.com" as a sample user:

USE vmail;
UPDATE mailbox SET allow_nets='127.0.0.1' WHERE username='user@example.com';

i tested it on my local machine and it works fine.

itworks wrote:

Remaining 4 should have e-mail setup on their work laptops in clients, and on their mobile, but no webmail access.

Unfortunately, this is hard to restrict right now, because Dovecot doesn't support excluding an IP address. sad
For example, `allow_nets='!127.0.0.1'` (there's a "!" prefixed) doesn't work.

3

Re: Webmail only / Client only - current status, pre-migration ?

Makes total sense, thank you! I'll do it for sure.
I'll play around with the exclusion of the webmail and if there's a decent solution, I'll share it.

USE vmail;
UPDATE mailbox SET allow_nets='127.0.0.1' WHERE username='user@example.com';

Can this be done with the OpenLDAP backend?

4

Re: Webmail only / Client only - current status, pre-migration ?

itworks wrote:

Can this be done with the OpenLDAP backend?

Sure, use LDAP attribute "allowNets" in user object.

with iRedAdmin-Pro, you can manage this in user profile page.