[Dovecot] How to open only these dovecot ports?
Timothy White
dovecot.user at weirdo.bur.st
Thu Jun 15 02:05:14 EEST 2006
On 6/14/06, M. Fioretti <mfioretti at mclink.it> wrote:
> Hello,
>
> I have not clear, due to the new syntax, how to configure dovecot 1.0
> to listen only for the following combinations of ports and services:
>
> no pop3, from whatever host
Well, for a start
protocols = imap imaps pop3s
>
> accept imap connections only if coming from localhost (since I
> understand this is secure _and_ the only way to make
> squirrelmail talk to dovecot)
listen = 127.0.0.1
> listen on the internet only for imaps and pop3s connections, accept
> them only if DIGEST-MD5 authentication succeeds.
THEN, I think the following is what you want
# If you want to specify ports for each service, you will need to configure
# these settings inside the protocol imap/pop3 { ... } section, so you can
# specify different ports for IMAP/POP3. For example:
protocol imap {
listen = 127.0.0.1
ssl_listen = *
}
protocol pop3 {
ssl_listen = *
}
(I'm fairly sure the ssl_listen is the one for imaps and pop3s)
Not 100% sure the exact setup of the auth section, but you'll want
something along the lines of
auth default {
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
mechanisms = digest-md5
....
I THINK that you can have a auth imap and auth imaps section's, but
I'm not 100% sure. Someone else who knows better can probably let us
know. I couldn't find anything about it on the wiki, in my quick
looks. If you don't mind everything, including local imap, using
digest-md5, then what I've given will work. If you want local imap to
use plain, and everything else to use digest-md5, then you'll have to
play around.
Just a note, from what I have heard, there is nothing wrong with using
plain over SSL links, as SSL is fairly secure, and it's just a waste
of time using digest-md5 over ssl. Once again, someone else a bit more
in the know can hopefully give us more info on that.
Hope that helps
Tim
--
Linux Counter user #273956
More information about the dovecot
mailing list