[Kolab-devel] Specify Kolab IP address

Gelpi Andrea liste at gelpi.it
Tue Apr 15 09:00:22 CEST 2008 

Andrew J. Kopciuch wrote:
> On April 14, 2008, Stuart McCulloch Anderson wrote:
>> Afternoon guys, I need a little advice for configuring Kolab.
>> It has recently come up that our network operator requires Kolab to only
>> listen for pop3(s) and imap(s) connection on one of our four IP addresses.
>> I cant seem to find a way to set it up.
>>
>> Can anyone please offer me any guidance or support?
>>
> 
> It appears this is not as trivial as one would expect.  :(
> 
> the proper configuration for this should go in cyrus.conf  
> (/kolab/etc/kolab/templates/cyrus.conf.template).  in the SERVICES {} 
> section.
> 
> however ... those services are written based on whether you have the service 
> turned on or off.   and the SERVICE entry seems to be hard coded within the 
> PERL Kolab::Conf library.  /kolab/lib/perl/vendor_perl/5.X.x/Kolab/Conf.pm
> 
> I did some experimenting, and adding additional options after the 
> @@@cyrus-pop3s@@@ seems to get left out.   I do not know the internals of 
> kolabconf overly well, so maybe someone with more experience there could 
> comment?
> 
> Currently the listen=143" option is written, and it listens on all IPs, and 
> what you seem to want is listen="my.single.ip.address:143" or something 
> similar.   You could permanently change the cyrus.conf template, and grab the 
> entire written config lines, and replace the @@@cyrus-*@@@ meta tags.
> 
> That would work, but you would loose control of turning those services on and 
> off through the LDAP options (used in the admin site, or kolabadmin etc.).
> 
> 
> I would hope that someday this would be configurable via the admin site, but 
> that would involve some work.   Changing the LDAP to hold binding addresses, 
> changing the admin site, changing kolabconf.   I know it would be nice, but 
> this is probably a rare requirement, and therefore lower priority on the TODO 
> list. 
> 
> Could you open an issue / wish for it in the tracker anyways?
> 
> 
> you can still do this by hand, editing the cyrus.conf.template though.
> 
> 
> 
> Andy

A patch solution could be to use two lines of iptables to leave IMAP(s) and 
POP3(s) service open only on one IP.

-- 
ing. Andrea Gelpi
***************************************************
La Terra non la abbiamo ereditata dai nostri avi,
ma la abbiamo presa in prestito dai nostri bambini.
***************************************************

More information about the devel mailing list