[Dovecot] disable plaintext auth ... only for some addresses
Phil Howard
ttiphil at gmail.com
Thu May 6 23:41:27 EEST 2010
I'd like to disable plaintext authentication (e.g. only allow authentication
that does STARTTLS or connects on SSL/TLS only ports) only for certain
(most) IP addresses. I want to exempt a few addresses (users coming over
known VPNs).
Fortunately, all this is coming in over a firewall (Sonicwall) in which I
can NAT traffic by IP address to go to specific port numbers. So, if I can
establish a different disable_plaintext_auth policy by port number (for
extra port numbers I'll choose later), that would let me accomplish this.
If I cannot do this, then my only alternative is making the SSL/TLS only
ports the only ones open to the internet, and use the non-SSL/TLS ports only
for the VPNs (with disable_plaintext_auth = no). But I read somewhere that
this is discouraged. What say ye?
More information about the dovecot
mailing list