[Dovecot] How to open only these dovecot ports?

Timothy White dovecot.user at weirdo.bur.st
Thu Jun 15 02:05:14 EEST 2006


On 6/14/06, M. Fioretti <mfioretti at mclink.it> wrote:
> Hello,
>
> I have not clear, due to the new syntax, how to configure dovecot 1.0
> to listen only for the following combinations of ports and services:
>
> no pop3, from whatever host

Well, for a start
protocols = imap imaps pop3s
>
> accept imap connections only if coming from localhost (since I
>         understand this is secure _and_ the only way to make
>         squirrelmail talk to dovecot)

listen = 127.0.0.1

> listen on the internet only for imaps and pop3s connections, accept
> them only if DIGEST-MD5 authentication succeeds.

THEN, I think the following is what you want

# If you want to specify ports for each service, you will need to configure
# these settings inside the protocol imap/pop3 { ... } section, so you can
# specify different ports for IMAP/POP3. For example:
   protocol imap {
     listen = 127.0.0.1
     ssl_listen = *
   }
   protocol pop3 {
     ssl_listen = *
   }

(I'm fairly sure the ssl_listen is the one for imaps and pop3s)

Not 100% sure the exact setup of the auth section, but you'll want
something along the lines of

auth default {
  # Space separated list of wanted authentication mechanisms:
  #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
  mechanisms = digest-md5
....
I THINK that you can have a auth imap and auth imaps section's, but
I'm not 100% sure. Someone else who knows better can probably let us
know. I couldn't find anything about it on the wiki, in my quick
looks. If you don't mind everything, including local imap, using
digest-md5, then what I've given will work. If you want local imap to
use plain, and everything else to use digest-md5, then you'll have to
play around.

Just a note, from what I have heard, there is nothing wrong with using
plain over SSL links, as SSL is fairly secure, and it's just a waste
of time using digest-md5 over ssl. Once again, someone else a bit more
in the know can hopefully give us more info on that.

Hope that helps

Tim

-- 
Linux Counter user #273956


More information about the dovecot mailing list