Documentation

Security

Access Control
Enterprise Security

Laneful provides comprehensive security measures to protect your email infrastructure and ensure secure access to both web interface and API endpoints.

Access Logging

Complete audit trail of all API and web access

IP Restrictions

Granular IP-based access control

Learn More →

On this page

Access Control
Enterprise Security

Overview

Security is a top priority at Laneful. We provide multiple layers of protection to ensure your email infrastructure remains secure and accessible only to authorized users and systems.

Our security measures include comprehensive access logging, IP-based restrictions for both web interface and API access, and role-based access control to ensure proper authorization across your organization.

Security Features

Access Monitoring

  • • Complete API and web access logs
  • • Real-time access monitoring
  • • Detailed audit trails

Access Control

  • • IP-based web interface restrictions
  • • Per-API key IP allowlisting

Access Logging

Comprehensive Access Monitoring

To view detailed access logs for your organization, navigate to:

Analytics → Access Log

This section provides a complete audit trail of all web API calls and web interface access made by users in your organization.

Log Information

Each access log entry contains comprehensive information about the request and response:

Request Details

IP Address:Source IP of the request
User Email:Authenticated user making the request
Access Type:Web interface or API call
API Call:Specific API endpoint (if applicable)

Response & Timing

Response Status:Allowed or rejected
First Seen:Initial access timestamp
Last Seen:Most recent access timestamp
Role Access:User role and permissions

Advanced Filtering & Search

The access log provides powerful filtering and search capabilities to help you quickly find specific access patterns:

Filter Options

  • • Filter by date range
  • • Filter by specific API call
  • • Filter by access type (Web/API)
  • • Filter by response status

Search Capabilities

  • • Full text search by email
  • • Search by IP address
  • • Search by API key

Role-Based Access Tracking

The access log tracks role-based permissions, showing which calls and pages are available to different user roles. This helps you monitor access patterns and ensure users are only accessing resources they're authorized to use.

Web Interface IP Restrictions

Restricting Web Access

To configure IP restrictions for the web interface, navigate to:

Organization Settings → Security

This allows you to restrict access to the web interface to specific IP addresses or IP ranges for enhanced security.

Web Interface Security

By configuring IP restrictions for the web interface, you can:

Access Control

  • • Limit web access to office IPs
  • • Restrict access to VPN ranges
  • • Block access from unknown locations
  • • Prevent unauthorized web interface access

Security Benefits

  • • Reduce attack surface
  • • Prevent credential-based attacks
  • • Control administrative access
  • • Comply with security policies

Configuration Options

You can configure IP restrictions using various formats:

Supported Formats

192.168.1.100 - Single IP address
192.168.1.0/24 - IP range (CIDR notation)

API IP Restrictions

Per-API Key IP Restrictions

When creating or updating an API key, you can set a range of allowed IP addresses for that specific key. This provides granular control over API access on a per-key basis.

API Key Security

API IP restrictions allow you to:

Granular Control

  • • Restrict API keys to specific servers
  • • Limit access to development environments
  • • Control production API access
  • • Prevent unauthorized API usage

Use Cases

  • • Production server restrictions
  • • Development environment isolation
  • • Third-party integration control
  • • Security incident containment

Implementation

API IP restrictions are configured when creating or updating API keys:

Configuration Process

  1. 1. Navigate to Organization Settings → API Keys
  2. 2. Create a new API key or edit an existing one
  3. 3. Set the allowed IP range for the key
  4. 4. Save the configuration
  5. 5. The key will only work from the specified IP addresses

Security Benefits

Per-API key IP restrictions provide several security advantages:

  • Compartmentalization: Different keys for different environments
  • Risk Mitigation: Limit the impact of compromised keys
  • Compliance: Meet security requirements for API access
  • Monitoring: Track API usage by source IP
  • Incident Response: Quickly revoke access from specific locations

Security Best Practices

✓ Do

  • • Regularly review access logs for suspicious activity
  • • Use specific IP ranges rather than broad ranges
  • • Create separate API keys for different environments
  • • Monitor failed access attempts
  • • Keep IP allowlists updated
  • • Use VPNs for remote access
  • • Implement least-privilege access
  • • Regularly rotate API keys

✗ Don't

  • • Use overly broad IP ranges (0.0.0.0/0)
  • • Share API keys between environments
  • • Ignore access log alerts
  • • Use the same key for multiple services
  • • Allow access from public/unsecured networks
  • • Forget to update IP lists when infrastructure changes
  • • Use weak authentication methods
  • • Store API keys in client-side code

Monitoring & Alerting

Set up regular monitoring of your access logs and configure alerts for unusual access patterns, failed authentication attempts, or access from unexpected IP addresses. This helps you quickly identify and respond to potential security incidents.

Regular Security Reviews

Conduct regular security reviews of your IP allowlists, API key permissions, and access patterns. Remove unused or outdated access rules and ensure that all current access is necessary and properly secured.