Page 84 - Mercury Manual.book
P. 84
79 The MercuryP POP3 Server Module
Connection Control
Each statement can be set to Y or N to enable or disable that setting. For example, to create
a POP3 profile for a user that marks all downloaded mail as read and where deletions survive
resets, you would add the following two lines to POP3.PRO:
Mark read : Y
delete is final : Y
Statements missing from the file will use the default value determined by the Global profile
setting controls (see above). Statements in POP3.PRO are not case sensitive
Connection Control
The Connection Control page allows you to place restrictions on the hosts from which Mer-
curyP will accept connections. A connection control entry can apply to a single address, or to
a range of addresses. To add an entry to the list, click the Add restriction button; if you wish
to create a restriction for a single address, enter that address in the "From" (left-hand) address
field in normal dotted IP notation. To create a restriction for a range of addresses, enter the
lowest address in the range you want to restrict in the "From" field, and the highest address
you want to restrict in the "To" field. The addresses are inclusive, so both the addresses you
enter are considered part of the range.
If you check the Refuse connections radio control, Mercury will not accept incoming connec-
tions from this address. Use this to prevent unwanted POP3 connections from unauthorized
or hijacked hosts, or to prevent specific machines on your network (for instance, public Kiosk
machines) from accessing POP3 services.
Checking the Allow radio button marks the connection as “good”, and enables an extra option
for matching connections:
Allow plaintext logins even if they would otherwise be disabled This lets you allow certain
trusted systems to login to Mercury without first establishing a secure SSL connection. This
option is primarily intended for the benefit of webmail servers or other trusted devices that
are behind the same firewall as Mercury.
To edit a connection control entry, highlight it in the list, then click the Change selection but-
ton.
How Mercury applies connection control entries
The list of connection control entries you create can contain entries that overlap (i.e, entries
that refer to addresses also covered by other entries). In the case of overlapping entries, Mer-
cury uses the following method to select the entry it should use for any given address: if there
is an entry that refers to the address on its own (not as part of a range), then Mercury will
automatically use that entry; otherwise, it looks for the range that most closely encompasses
the address and uses that.
Example: You have a Refuse entry covering the range from 198.2.5.1 to
198.2.5.128, and an Allow entry covering the range from 198.2.5.10 to
198.2.5.20: if a machine with the address 198.2.5.12 connects to Mercury, it will
select the Allow entry to cover the connection, because the allow entry most tightly
encompasses the connecting address (the range covers 11 addresses, where the Refuse
entry's range covers 128 addresses).
