From owner-freebsd-isp  Fri Dec  5 06:28:26 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id GAA29834
          for isp-outgoing; Fri, 5 Dec 1997 06:28:26 -0800 (PST)
          (envelope-from owner-freebsd-isp)
Received: from ns3.harborcom.net (root@ns3.harborcom.net [206.158.4.7])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id GAA29829
          for <freebsd-isp@freebsd.org>; Fri, 5 Dec 1997 06:28:22 -0800 (PST)
          (envelope-from bradley@harborcom.net)
Received: from bradley by ns3.harborcom.net with smtp (Exim 1.73 #1)
	id 0xdyjl-0003kq-00; Fri, 5 Dec 1997 09:28:13 -0500
Date: Fri, 5 Dec 1997 09:28:13 -0500 (EST)
From: Bradley Dunn <bradley@dunn.org>
X-Sender: bradley@ns3.harborcom.net
To: Gaetan Feige <Gaetan@vsg.mobistar.be>
cc: freebsd-isp@freebsd.org
Subject: Re: User security
In-Reply-To: <3.0.32.19971205083748.00ae0640@vsg.mobistar.be>
Message-ID: <Pine.BSF.3.96.971205091912.10211A-100000@ns3.harborcom.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Fri, 5 Dec 1997, Gaetan Feige wrote:

> I am wondering what is the best way to give a user access to email on a bsd
> box and block him from anything else like telnet, ftp into his account...

Don't run telnetd, ftpd, etc. :)

Seriously, black box mail servers that only allow access via IMAP or POP
are the way to go if you can. You can use SSH for remote administration,
and with SSH's "AllowUsers" configuration option you can specify exactly
who can connect via SSH.

Bradley