From owner-freebsd-security  Wed Oct 29 07:51:38 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id HAA23203
          for security-outgoing; Wed, 29 Oct 1997 07:51:38 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from dpi.dgtu.donetsk.ua (root@dipt-57.6K-dgtu-gw.dgtu.donetsk.ua [194.44.183.221])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA23186
          for <freebsd-security@freebsd.org>; Wed, 29 Oct 1997 07:51:11 -0800 (PST)
          (envelope-from yk@info.dgtu.donetsk.ua)
Received: from info.dgtu.donetsk.ua (root@info.dgtu.donetsk.ua [194.44.183.7])
	by dpi.dgtu.donetsk.ua (8.8.7/8.8.7) with ESMTP id RAA23888;
	Wed, 29 Oct 1997 17:48:11 +0200 (EET)
Received: (from yk@localhost)
	by info.dgtu.donetsk.ua (8.8.7/8.8.5) id RAA16604;
	Wed, 29 Oct 1997 17:48:06 +0200 (EET)
From: Yury Yaroshevsky <yk@info.dgtu.donetsk.ua>
Message-Id: <199710291548.RAA16604@info.dgtu.donetsk.ua>
Subject: Re: selective pop3
To: regnauld@deepo.prosa.dk (Philippe Regnauld)
Date: Wed, 29 Oct 1997 17:48:04 +0200 (EET)
Cc: freebsd-security@freebsd.org
In-Reply-To: <19971029130053.20797@deepo.prosa.dk> from "Philippe Regnauld" at Oct 29, 97 01:00:53 pm
X-Mailer: ELM [version 2.4 PL24 ME8a]
Content-Type: text
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

> 
> Piotr Szymanek writes:
> > Is it possible to grant access to the pop3 server to some users and 
> > reject for the rest?
Yes. Use for this Tcp wrappers.

> > 
> > If yes, then is it possible to restrict pop3 access based on clients 
> > address?
> 
> 	Tcp wrappers.  But you can only do IP level decisions, not user-level.
				^^^^^^^^^
				Only IP level???
	If uses ident , you can restrict pop3 access for some account.
	See  man hosts_options

USERNAME LOOKUP
       rfc931 [ timeout_in_seconds ]
              Look up the client user name with the RFC 931 (TAP,
              IDENT, RFC 1413) protocol.  This option is silently
              ignored  in  case  of  services based on transports
              other than TCP.  It requires that the client system
              runs  an  RFC  931 (IDENT, etc.) -compliant daemon,
              and may cause noticeable  delays  with  connections
              from  non-UNIX  clients.   The  timeout  period  is
              optional. If no timeout is specified a compile-time
              defined default value is taken.

-- 
Yury V. Yaroshevsky                   | 380 (622) 356455
Donetsk State Technical University    | yk@dgtu.donetsk.ua