Example

This example shows a single rule with multiple services and a single wild card for the client list.

mailAllowedServiceAccess: +imap,pop,http:*

This example shows multiple rules, but each rule is simplified to have only one service name and uses wild cards for the client list. (This is the most commonly used method of specifying access control in LDIF files.)

mailAllowedServiceAccess: +imap:ALL$+pop:ALL$+http:ALL

An example of how to disallow all services for a user is:

mailAllowedServiceAccess: -imap:*$-pop:*$-http:*

An example of a rule with an EXCEPT operator is:

mailAllowedServiceAccess: -ALL:ALL EXCEPT server1.sesta.com

This example denies access to all services for all clients except those on the host machine server1.sesta.com.

The following example shows how to restrict user access to SSL-encrypted POP and IMAP access only:

mailAllowedServiceAccess: +imaps,pops:*$+imap,pop:MMP IP address

In the preceding example, note that the back-end servers do not recognize the pops and imaps service names, so it is necessary to grant the MMP IP address(es) pop and imap service access. Otherwise, connections for that user between the MMP and the back-end servers will be rejected.