[Dovecot] Force STARTTLS on port 143 for !internalnetwork
Timo Sirainen
tss at iki.fi
Wed Feb 9 17:12:04 EET 2011
On 9.2.2011, at 15.09, Nick Rosier wrote:
>> How can I force users which are connecting from OUTSIDE our newtworks
>> to user STARTTLS on Port 143?
>>
>> Right now we resort to IMAPS on port 993, but an additional STARTTLS
>> enabled login on the default port would make things easier!
>>
> You can probably add login_trusted_networks = localnet
>
> IIRC this allows for unsecure login from your localnet but forces all other networks to use a secure authentication method (e.g. SSL, STARTTLS, CRAM or DIGEST).
I think that'll work, yes, but it has the additional feature of allowing clients from localnet to fake their IP address.
In v2.0 you can do:
disable_plaintext_auth = yes
local 10.0.0.0/24 {
disable_plaintext_auth = no
}
More information about the dovecot
mailing list