Page 97 - Mercury Manual.book
P. 97
The MercuryI IMAP4rev1 server 92
Connection Control
Lingering mailboxes
One setting that has a significant impact on the behaviour and performance of MercuryI is the
Lingering mailboxes setting in the Core module configuration Files page. This option con-
trols when Mercury breaks down the memory image it creates for mailboxes, and thus im-
pacts on the time it takes MercuryI to establish new connections. Please see the Core Module
Configuration section for more information on this setting and how to use it.
Connection Control
The Connection Control page allows you to place restrictions on the hosts from which Mer-
curyI will accept connections. A connection control entry can apply to a single address, or to
a range of addresses. To add an entry to the list, click the Add restriction button; if you wish
to create a restriction for a single address, enter that address in the "From" (left-hand) address
field in normal dotted IP notation. To create a restriction for a range of addresses, enter the
lowest address in the range you want to restrict in the "From" field, and the highest address
you want to restrict in the "To" field. The addresses are inclusive, so both the addresses you
enter are considered part of the range.
If you check the Refuse connections radio control, Mercury will not accept incoming connec-
tions from this address. Use this to prevent unwanted IMAP connections from unauthorized
or hijacked hosts, or to prevent specific machines on your network (for instance, public Kiosk
machines) from accessing IMAP services.
Checking the Allow radio button marks the connection as “good”, and enables an extra option
for matching connections:
Allow plaintext logins even if they would otherwise be disabled This lets you allow certain
trusted systems to login to MercuryI without first establishing a secure SSL connection. This
option is primarily intended for the benefit of webmail servers or other trusted devices that
are behind the same firewall as Mercury.
To edit a connection control entry, highlight it in the list, then click the Change selection but-
ton.
How Mercury applies connection control entries
The list of connection control entries you create can contain entries that overlap (i.e, entries
that refer to addresses also covered by other entries). In the case of overlapping entries, Mer-
cury uses the following method to select the entry it should use for any given address: if there
is an entry that refers to the address on its own (not as part of a range), then Mercury will
automatically use that entry; otherwise, it looks for the range that most closely encompasses
the address and uses that.
Example: You have a Refuse entry covering the range from 198.2.5.1 to
198.2.5.128, and an Allow entry covering the range from 198.2.5.10 to
198.2.5.20: if a machine with the address 198.2.5.12 connects to Mercury, it will
select the Allow entry to cover the connection, because the allow entry most tightly
encompasses the connecting address (the range covers 11 addresses, where the Refuse
entry's range covers 128 addresses).
IMAP Login name aliasing
There may be occasions where you want a user to be able to login via IMAP using a username
that differs from his or her “real world” username on your network. As an example, many
