You can restrict access to VPOP3's services in two ways:
By setting the IP Address to Bind to entries on the VPOP3 Services Page.
By setting Access Restriction configurations as below, these are set in the configuration pages for the specific services, accessible from the VPOP3 Services page.
The preferred method is to use Access Restrictions as they are much more configurable, and allow finer adjustment of the restrictions.
If you use the IP Address to Bind to settings on the Services page, then VPOP3 will only 'bind' to the specific IP address. This means that when you connect to VPOP3, you can only use the specified IP address as the target IP address. So, if the VPOP3 computer has two or more IP addresses (eg 192.168.1.1, 127.0.0.1 and 201.127.64.31), only one of those will be usable.
If the specified IP address is not available on the VPOP3 computer, an error will occur.
The Access Restrictions settings have the format described below:
Any line beginning with '#' is ignored.
Each line defines a range of IP addresses which can are either allowed or prohibited.
If a line begins with a '!' then the following range of addresses will be prohibited, otherwise they are allowed.
After the optional '!' Each line contains either a single IP address or a range of IP addresses defined using:
Network address Subnet Mask
For instance, a line:
!192.168.17.0 255.255.255.0
Means that all addresses from 192.168.17.0 to 192.168.17.255 are prohibited
The DAT file is processed until either a matching address is found, or the end of the file is reached.
If no access restrictions are defined, all IP addresses are allowed, otherwise only the specified addresses are allowed. To specifically allow all IP addresses set the last line of the file to:
!0.0.0.0 0.0.0.0
With the Web Mail/Admin server, Old Web Admin server, POP3 server, IMAP4 server, and SMTP server, you can also put a list of user names after the subnet mask part of the line. For instance, the line
192.168.1.0 255.255.255.0 fred bob sarah
means that only Fred, Bob and Sarah can access VPOP3 from the address range 192.168.1.0 to 192.168.1.255
With the SMTP server, putting Noauth after the subnet mask part of the line tells VPOP3 that from the listed addresses, no authentication is needed. So, for instance
192.168.1.0 255.255.255.0 noauth
0.0.0.0 0.0.0.0
means that computers in the range 192.168.1.0 to 192.168.1.255 can send messages without needing to authenticate first, but addresses outside that range can still send messages, but only if they use whatever authentication methods have been specified on the SMTP Server Configuration window.
1) if the Anti-Relay method on the SMTP Server Configuration window is set to "Check Client IP address" then the SMTPALLOWED.DAT file determines who can send external mail or only local mail.