Tuesday, July 14, 2009

Block POP access by IP addresses

I am still in the American bank today. They ask for a way to block POP access by IP addresses. Well, Sun Messaging Server has this feature in place - service.pop.domainallowed.

Not too hard to implement. Use configutil command will do.

However, the IP list is pretty long.

bash-3.00# ./configutil -o service.pop.domainallowed -v 
pop:127.0.0.1 1 129.14.58.143 169.165.200.156 169.165.200.155 169.165.191.19 169.165.191.16 169.175.161.34 169.175.163.34 169.175.161.65 169.175.187.5 169.178.115.83 169.175.160.81 169.175.190.36 169.178.22.21 169.165.191.46 1
ERROR: too many arguments

What to do? Well, this is the workaround:

1. Create a file domainallowed.txt and add the following in 1 single line.

service.pop.domainallowed=pop:127.0.0.1 1 129.14.58.143 169.165.200.156 169.165.200.155 169.165.191.19 169.165.191.16 169.175.161.34 169.175.163.34 169.175.161.65 169.175.187.5 169.178.115.83 169.175.160.81 169.175.190.36 169.178.22.21 169.165.191.46 169.178.22.21 169.165.191.46 169.175.161.65 169.175.161.79 129.14.45.29 169.187.71.74 169.187.70.184

2. bash-3.00# ./configutil -i domainallowed.txt

3. bash-3.00# ./stop-msg; ./start-msg


Test
cheechongs-macbook:~ cheechong$ telnet 192.168.131.188 110
Trying 192.168.131.188...
Connected to bank.sg.sun.
Escape character is '^]'.
-ERR Access denied


Done. Nice!


Added @ 18:00hr:

Job completed. Will be back for production cut-over next week.

Here's the view I have for the past few days ...



Full view of Singapore Flyer.


No comments:

Post a Comment