Problem with multiple webmail proxy
We need four different installations of messaging server for our webmail proxy needs. (With and without PAB and with and without folders management). Soon these webmail proxies will have to be redundant... 8 installations on 2 machines (4 each). I tried to use the mailallowedserviceaccess attribute to restrict the access to a specific webmail for a specific user. Let's say that user1@globetrotter.net should access only the webmail webmailgt.commerciel.com (142.169.xx.94). I don't want this user to access the webmail webmailtq.commerciel.com (142.169.xx.96). I configured a proxy authentification on the mailhost that host the mailbox of this user on another machine (142.169.xx.72). When the user will use the webmail two auths will be made on the Ldap, one from the proxy and one from the deposit.
The two installations of the webmail proxies are on the same machine (The interfaces 142.169.xx.94 and 142.169.xx.96 are configured on the machine that have the IP adress 142.169.xx.31)
The value that I wanted to set at the mailallowedserviceaccess attribute was "-http:142.169.xx.96". That mean that user1 could use the webmail if the request is not coming from 142.169.xx.96. The problem is that it doesn't work because the first Bind works fine because the client acces the proxy from is PC, but the second Bind (the one on the store server) works too, because it is initiated from the 142.169.xx.31 machine. (Not the interface 142.169.xx.96). How can I restrict the access to a webmail proxy if many proxies are installed on the same server? I tried some other things with the console (in the HTTP Access and Proxy tabs) without success.
[1675 byte] By [
701447] at [2007-11-25 10:46:10]
I'm sorry for the confusion. I'll try to resume the situation.
We are an ISP and we offer four classes of service of webmail to our customers depending on there domain name. With and without Corporate Adresse Book and with and without Folder management. To do this, we have installed four webmail proxies and customized these installations to respond to our needs.
Let's say that a platinum user have acces to a Corporate adress book (with all the entries of the users in his domain name) and have the possibility to manage his folders. A gold user don't have access to his Corporate Adress Book but can manage his folders, etc.... The Platinum user use the url webmail.platinum.com, the gold user use the url webmail.gold.com, etc...
Here is my problem. What can I do, to restrict the access to the webmail proxy level platinum to platinum users only. If a 'wood' user (without Corporate address book and without folders management)) log in at the url webmail.platinum.com, he will have the same templates that a platinum user. So he will access to the informations about the users in the same domain name and he will be able to create folders. (We don't want this!)
What I tried, is to restrict the access using the mailallowedaerviceaccess. But, it doesn't work, because the address validation used the adress of the machine, not the one of the interface. I remind you that the four webmail proxies installation are on the same machine, on different interface.
I hope that I clarified the situation. Sorry, for my poor english!
I think you're very far out on the customization edge. This isn't likely something I'm going to be able to be much help with.The brute force method would be to have a different store for each level, and use the "mailhost" setting to filter the users. . .
