How can I secure dovecot listening on port 143 to specific machines only? Squirrelmail suggests using non-ssl if the imap daemon is on the same host... Otherwise squirrelmail could use TLS but what about other clients wanting to use SSL on port 993? (sorry I don't know enough about TLS). Thanks, Roman. -- ______________________________________________________________________ Roman Bogoyev, I.T. Manager School of Mathematics and Statistics email: roman at maths.uwa.edu.au University of Western Australia tel: +61 8 6488 3379 35 Stirling Hwy, Crawley 6009 fax: +61 8 6488 1028 Western Australia
On Fri, 2004-06-11 at 11:13, Roman Bogoyev wrote:> How can I secure dovecot listening on port 143 to specific > machines only?imap_listen = 127.0.0.1 But it works only for one IP then.> Squirrelmail suggests using non-ssl if the imap daemon > is on the same host... > > Otherwise squirrelmail could use TLS but what about other > clients wanting to use SSL on port 993? (sorry I don't know enough about > TLS).Port 993 forces using TLS, but TLS can be used in 143 port as well, so I wouldn't recommend limiting that imap_listen. Better would be to just set disable_plaintext_auth = yes setting and Dovecot doesn't allow logins without SSL enabled. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20040612/4221a172/attachment-0001.bin>
dovecot-bounces at dovecot.org wrote:> How can I secure dovecot listening on port 143 to specific machines > only? > > Squirrelmail suggests using non-ssl if the imap daemon > is on the same host... > > Otherwise squirrelmail could use TLS but what about other > clients wanting to use SSL on port 993? (sorry I don't know enough > about TLS).I use iptables so that only 127.0.0.1 can access IMAP. Everyone else has to use IMAPS. John