[SOLVED] block pop3 for external IPs

[leo de punk]

Hi specialists,

we have two types of users in our company,they are

advanced users- they have both internal and external email facility.
normal user- only have an internal email. (no access to the outside from compny)

we are using one domain for both internal mails and external mails. Only certain people have external mail accounts (advanced users). those who do not have external email facility (normal user) shouldn't be able to access their emails over web mail or outlook express from the outside in our company.
I have configured mailscanner to block smtp of normal users and they are not able to send emails over web mail or outlook express from the outside of our compny (apart from our internal IP range).
but advanced users can send or receive emails from both sides.(internal/external any IP range)
But im struggling to block receiving emails (pop3) by normal users and I need to stop pop3 for normal users when they trying to get emails from the outside of company.
simply if they try to access emails from a different IP other than our internal IP range, that messages should not be received. But when they are in our internal IP range they should able to send and receive emails.
think our internal IP range - 192.168.0.0/16
if normal user try to get email from a different IP range (eg:- 124.43.50.10) it needs to be blocked.

I can do this easily by using 2 domains like 1 domain for internal access and other one for external access. but I need to do this by using only a one domain.

request you kind help to solve this problem.

thanks in advanced

leo

[Krishopper]

If you can't turn POP3 off completely for the users, then I would suggest setting up a second Zimbra mailbox server within the domain, and put those users specifically on that one. From there you can use firewalls to block POP3 access to that server from external IP's.

As far as Zimbra goes, you can block POP3 access to an account on an all-or-nothing basis, and not by IP.

[leo de punk]

thanks for the reply Krishopper, I will try that out and let you know how it works
cheers
leo

[leo de punk]

Quote:

Originally Posted by Krishopper

If you can't turn POP3 off completely for the users, then I would suggest setting up a second Zimbra mailbox server within the domain, and put those users specifically on that one. From there you can use firewalls to block POP3 access to that server from external IP's.

As far as Zimbra goes, you can block POP3 access to an account on an all-or-nothing basis, and not by IP.

Hi,
I just tried to do what you have mentioned in your feedback. I have created a another server in same box by using

zmprov cs newserver.com

the server has created but it is taking such a long time to enable it features and giving me an error like unknown error. Do you have any idea about this?. If I can create the 2nd server successfully within the same box, I can setup the other firewall configurations easily.
please anybody give me a feedback

thanks

[leo de punk]

I solved my problem and thanks for who have given the feedbacks.

I enable IMAP and pop3 for the ones who have external mails and disable IMAP for internal mail holders. further I block pop3 from the firewall for external IPs. now my server working so nicely

marking this thread as solved.
thanks